It appears that the effectiveness of filtering out known-bad HELO/EHLO
has dropped somewhat in the past few months:
http://people.spodhuis.org/phil.pennock/img/exim-reject.2007-09-19.png
http://people.spodhuis.org/phil.pennock/img/exim-reject.2007-09-19.ylog.png
Of course, this is in absolute numbers rather than a rate of HELOs
received so it could be a lull in the connection attempts overall, but I
doubt it, especially given the recent issues people have seen with
parallel connections for major pumping.
The y-axis is how many SMTP connections have been rejected, per day,
based on this HELO/EHLO string; the normal IP in the legend is my
system's IPv4 address -- I don't like remote people sending me my own IP
address in HELO.
This system is for a private colocation host handling a few personal
domains with a very few non-local users (local user count is 2).
Between 130 and 400 mails per day are actually delivered, mostly spam
into spam-folders.
-Phil