Hi,
I know it’s an RFC violation, but I see no email that is delivered with a bare IP helo that is legitimate.
That might be your experience, but RFC 2821 (3.6) and RFC 5321 (2.3.5 and 4.1.4) explicitly state that an address literal can be used after HELO/EHLO. So it's a RFC violation to reject mail for that sole reason.
How much legitimate mail do you get with an IP helo?
Two other users replied to your question. For real-world mail servers, my experience is that the only safe restriction (safe = no false positives) is "reject_unknown_reverse_client_hostname". With other restrictions, your users will never receive emails from administrations, schools, hospitals, etc., not even in their spam box. Rejecting mail is an extreme measure, see RFC 5321 (7.9): "considerable care should be taken and balance maintained if a site decides to be selective about the traffic it will accept and process."
Gregory
