> 2016-01-12 16:50:35 H=121-73-98-209.cable.telstraclear.net (ylmf-pc)
> [121.73.98.209] rejected EHLO or HELO ylmf-pc: SPAM remote host has
> blacklisted HELO.
>
> I guess it's time to feed these IPs to fail2ban.
My experience is that you might as well immediately fail2ban anything
that HELOs with 'ylmf-pc'. The software behind this HELO will bang away
like mad basically regardless of what you say and what you do to it.
(I believe it's not even trying to send mail, but instead is trying
a brute force SMTP AUTH attack.)
- cks
