I have a mail server on my network but I'm not too familiar with reverse dns lookups. I guess you get the desired level of security by simply doing the following:
1) Placing your mail server on the DMZ.
2) Configuring conduit to the server's ip only for port 25.
3) Using the default fixup protocol smtp 25, thus letting 'mailguard' restrict the commands alllowed to the seven listed in rfc 821.
From my viewpoint, opening port 53 is not a good idea due to the known vulnerabilities of DNS.