Strict RDNS Check seems not to work correctly

Question

I am using Sophos UTM 9.352-6 and i recently had activated strict RDNS checks in email protection feature. 
 So far this seems to work great and i pulls out lots of spam, but it seems not to work in each case. 
 As for my unterstanding strict rdns check means that if a remote Mailhost connects to my utm with helo mail.example.com ip adress 1.2.3.4, a reverse dns lookup of 1.2.3.4 should resolve back to mail.example.com, otherwise the smtp connection should be aborted. Is this correct or am i getting this wrong? 
 What i did to verify this, was the following: 
 i used telnet port 25 on my notebook over an iphone hotspot to connect to my utm from external mobilenetwork. when i do this, i can use any helo bla.example.com and use whatever mail from i want and the email goes straight to my mailbox. 
 why is this possible?

BAlfson · Accepted Answer

Actually, Simon, Forward Confirmed reverse DNS works the other way around. 
 First a reverse lookup is done on the IP of the sending device - standard rDNS. If there is no record for the IP, the SMTP connection is closed by the receiver. 
 Next, the receiver asks for name resolution of the FQDN returned by the rDNS lookup. If that is not the same as the IP of the sender, the SMTP connection is closed by the receiver. 
 Cheers - Bob