TFL are rejecting authenticated mail relayed through our servers due to one of the SMTP Received: headers containing an IP address listed at Spamhaus.
In this case, it's the mistaken & inadvertent use of the Spamhaus PBL where the error lies. A majority of e-mail sent from a home broadband connection will contain an IP listed in the PBL. TFL (or is it Capita?) are wrongly using the Spamhaus ZEN blocklist which is an aggregate of all the lists maintained by Spamhaus. This includes the PBL.
Here's the rejection message:
REDACTED@tflcc.co.uk
host smtp.tflcc.co.uk [80.82.130.162]
SMTP error from remote mail server after end of data:
550 5.7.1 92.40.249.10 listed at zen.spamhaus.org
Here are the SMTP Received: headers from the outgoing message rejected by TFL:
Received: from [92.40.249.10] (helo=dsklinux.lan) by smtp2.tvscience.co.uk with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <REDACTED@tv-science.co.uk>) id 1dVEdi-0004i8-Wd for REDACTED@tflcc.co.uk; Wed, 12 Jul 2017 10:13:02 +0000 Received: from localhost ([127.0.0.1]:59230 helo=dsklinux.lan) by dsklinux.lan with esmtp (Exim 4.88) (envelope-from <REDACTED@tv-science.co.uk>) id 1dVEdh-0004QW-Bd for REDACTED@tflcc.co.uk; Wed, 12 Jul 2017 11:13:01 +0100
The IP of our SMTP relay server smtp2.tvscience.co.uk is [185.208.170.37] — not listed in any blocklist.
Mail administrators from TFL/Capita would do well to read and inwardly digest this Spamhaus FAQ entry; noting particularly the "⚠WARNING!" section.
For information on the correct and appropriate use of Spamhaus's blocklists see this FAQ.
For more information on SMTP trace headers, including the Received: header see: RFC 2822.