Are HELO and/or EHLO necessary with qmail?

In short, no. Neither are necessary as they can't be trusted.

HELO serves no purpose in the protocol, and therefore qmail-smtpd considers it optional. There are no security implications for using or leaving them out; you can't trust what the client sends you.

Some admins block email that does not arrive in a SMTP thread with a "valid" HELO or EHLO statement. This is a very outdated way to stop spam which is now obsolete.