" ***.***.***.** is listed in the PBL, in the following records:
"It is the policy of * that unauthenticated email sent from this IP address should be sent out only via the designated outbound mail server allocated to * customers."
Indeed PBL is the guidance list I mentioned.
And its a very good thing that home users are blocked from sending email from their own servers...... for the very reason you've just demonstrated to us, such users are prone to exploits making spam sending zombies out of their computers.
I have to clean false-positives from them roughly once every quarter.
Is that on sites where you take an Rsync feed from Spamhaus ?
If you're using their public DNS service, then you may be inadvertently caching somewhere along the lines .... either in your DNS resolvers or your anti-spam software.
Rsync users get updates every 60 seconds, so even modest caching of their public DNS service could be what's causing your false-positives.