reject_invalid_helo_hostnamemay be of some use but
reject_unknown_helo_hostnameis a huge risk for rejecting legitimate messages.
For example even spamcop.net confirmation emails are rejected due to their servers configuration. If, by any chance, the helo name does not match a valid IP address then a legitimate message is very well rejected. Last week I had this issue even with Apple Cloud - legitimate messages beeing rejected!
I advise change
warn_if_reject reject_unknown_helo_hostnamethen watch the logs for some time see the results.
Please don't jump right in and operate changes without rigorous testing. Or it may affect all of us without even knowing it.