This may sound a daft question and I am pretty certain the answer is yes, but i thought i have all the experts on here so I will ask anyway.
We route all of our incoming mail to one of the security vendors to scan, and then forward onto us as long as no policy triggers are popped. I currently have 2 mx records, one pointing to the security vendor and another pointing to our firewall. Now the firewall will only accept mail from the security vendors ip address range and so i am guessing this record is pointless! is it okay to just have one mx record pointing to the security vendor.
The reason I had this record, which is probably wrong, is because if anyone did reverse lookups for some sort of spam filtering then it would be an issue. however, thinking about it, I guess the mail will be received from the security vendors IP range and so this will probably never be an issue anyway?
All outbound mail is routed via the security vendor too which is set as a smart host on Exchange