Hello again!
To say the truth, we can't use RBL feature with other providers (spamhaus). Because of many false positive. At least one setting doesn't work properly: "Maximum number of verified addresses from Received: headers"
"You can limit the number of IP addresses that are checked by Antispam. This concerns the IP addresses written in Received: from headers. The default value is 0, which means that only the last identified sender's IP address is checked."
Copied from online help: https://help.eset.com/emsx/10.0/en-US/idh_antispam_engine.html
For some reason EMSX parse more IP addresses from header (not only last). Here is the log example:
Antispam scan result: Spam
IP (X.Y.Z.61) listed on RBL service (zen.spamhaus.org:127.0.0.11)
IP (A.B.C.220) wasn't found on cloud blacklist 2
Actually A.B.C.220 address is last from header, and from it was initiated the SMTP session.
Could you please check is this is an issue? Used EMSX version 9