I don't see that sort of probing on our MXs, except on rare occasions, and
we haven't seen it recently.
FWIW, my logs on mrochek.com (my home domain) show around 35,000 relay attempts
during the past 6 months. This number is almost certainly much too low, in that
I have various other blocks in place that may stop relay attempts before they
get to the "don't allow relaying" rule.
A cursory examination of the logs shows that most of the destination addresses
are ones I've never heard of. But there are also a fair number of addresses I
recognize as IETF people. Sure looks like somebody is tracking sender-recipient
pairs off of mailing list mail.
Mrochek.com probably qualifies as an obscure domain.
What sort of mail volume to you handle? 2000-4000 attempts isn't a lot
for large volume domain handling millions of messages per day.
Overall traffic is about 500 legit messages a day and a highly variable amount
of spam, but rarely less than a thousand spams and viruses a day.
I don't think I'll be making my home system an open relay any time soon...
Ietf mailing list