An interesting Bot style attack, if you see this in your logs.
Normally originating from DUL/Dynamic addressing ranges, this is a high impact attack, which simply connects to a mail server, issues a HELO/EHLO of ylmf-pc, and then exits the connections.
While not actually generating any email or spam, it can consume mail processes, or even be a DOS if enough connections come in.
Interestingly, it is not exclusive to DUL networks, we also see it originating from certain hosting/co-location facilities. In one case, a company operating as ‘webexxpurts.com’ (No contact ability on webpage) which advertises being co-location and hosting cPanel is also generating these attacks.
126.96.36.199 : Host 188.8.131.52.in-addr.arpa. not found: 3(NXDOMAIN)
184.108.40.206 : Host 220.127.116.11.in-addr.arpa. not found: 3(NXDOMAIN)
18.104.22.168 : Host 22.214.171.124.in-addr.arpa. not found: 3(NXDOMAIN)
126.96.36.199 : Host 188.8.131.52.in-addr.arpa. not found: 3(NXDOMAIN)
184.108.40.206 : Host 220.127.116.11.in-addr.arpa. not found: 3(NXDOMAIN)
18.104.22.168 : 22.214.171.124.in-addr.arpa domain name pointer ptr180.greenourlives.com.
126.96.36.199 : Host 188.8.131.52.in-addr.arpa. not found: 3(NXDOMAIN)
184.108.40.206 : Host 220.127.116.11.in-addr.arpa. not found: 3(NXDOMAIN)
Either way, using certain blocking techniques before spawning SMTP connections can help you, and should be safe from those IP(s)