An interesting Bot style attack, if you see this in your logs.
Normally originating from DUL/Dynamic addressing ranges, this is a high impact attack, which simply connects to a mail server, issues a HELO/EHLO of ylmf-pc, and then exits the connections.
While not actually generating any email or spam, it can consume mail processes, or even be a DOS if enough connections come in.
Interestingly, it is not exclusive to DUL networks, we also see it originating from certain hosting/co-location facilities. In one case, a company operating as ‘webexxpurts.com’ (No contact ability on webpage) which advertises being co-location and hosting cPanel is also generating these attacks.
220.127.116.11 : Host 18.104.22.168.in-addr.arpa. not found: 3(NXDOMAIN)
22.214.171.124 : Host 126.96.36.199.in-addr.arpa. not found: 3(NXDOMAIN)
188.8.131.52 : Host 184.108.40.206.in-addr.arpa. not found: 3(NXDOMAIN)
220.127.116.11 : Host 18.104.22.168.in-addr.arpa. not found: 3(NXDOMAIN)
22.214.171.124 : Host 126.96.36.199.in-addr.arpa. not found: 3(NXDOMAIN)
188.8.131.52 : 184.108.40.206.in-addr.arpa domain name pointer ptr180.greenourlives.com.
220.127.116.11 : Host 18.104.22.168.in-addr.arpa. not found: 3(NXDOMAIN)
22.214.171.124 : Host 126.96.36.199.in-addr.arpa. not found: 3(NXDOMAIN)
Either way, using certain blocking techniques before spawning SMTP connections can help you, and should be safe from those IP(s)