With the changes deployed to the mail servers following the LDAP rework within ITS, these should no longer be needed.
To validate nothing else is hitting these, I'll still tcpdump incoming queries for a while, but eventually we should be able to decom the VMs and retire the related puppet code.