The error message tells you what the issue is although the IP address of the server resolves back to vmx.spamcop.com - That's not the identity given in the HELO
The identity in the HELO is prod-sc-www03.spamcop.net
I added a rule in my postfix file /etc/postfix/helo_access.pcre to whitelist the hostname so it didn't go through the checks on the HELO identity - I removed it once I'd completed the Spamcap mail host configuration.
Here's a dig on the HELO identity.
% dig prod-sc-www03.spamcop.net
; <<>> DiG 9.10.6 <<>> prod-sc-www03.spamcop.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3536
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;prod-sc-www03.spamcop.net. IN A
;; AUTHORITY SECTION:
spamcop.net. 300 IN SOA ns1-93.akam.net. hostmaster.akamai.com. 2023052201 300 300 300 300
;; Query time: 43 msec
;; SERVER: fe80::c206:c3ff:fe3b:cc8d%12#53(fe80::c206:c3ff:fe3b:cc8d%12)
;; WHEN: Sun Jul 09 11:56:02 BST 2023
;; MSG SIZE rcvd: 123
A sending server delivering to a mail exchanger should identify itself properly with its FQDN. The FQDN Should resolve back to the IP address, and the ideal configuration is for the reverse IP to resolve back to the FQDN given in the HELO identity.
Really surprised to see this behaviour from Spamcaops setup.