You configured it to present different HELO names for each served domain? That's really a bad idea. That is why Spamhaus is angry to you.
- Your server should have certain FQDN, at least for the mail service, let's say
mail.example.org;
- set up that FQDN name as the single constant HELO name, which is always presented by the MTA, no matter which domain's mail it is delivering now;
- that name should have A or AAAA records that resolve to the server IP address, for example,
mail.example.org. A 192.0.2.1;
- the server uses this or some other IP address when makes outgoing connections. The reverse DNS lookup of that outgoing IP address should point to this same FQDN, for example,
1.2.0.192.in-addr.arpa. PTR mail.example.org.;
- ideally, enable STARTTLS and use SSL certificate that is valid for this FQDN, e.g.
CN=mail.example.org or SAN field contains DNS:mail.example.org or DNS:*.example.org.
And then you specify this FQDN in the MX record of served domains, like this: example.com. MX 10 mail.example.org. (don't forget to set up SPF, DKIM, DMARC records too).
Notice, you can not have multiple PTR records for a single IP address; technically you can, but that won't work as you might expect. Some DNS servers check these three items (HELO, forward DNS query for the HELO name and reverse DNS query for your IP) to match and block messages if they don't. This partially answers why you shouldn't change HELO name for each message.
(It's essentially the same as this answer in the linked "Canonical question")
