I submitted this to support also, but wanted to also put out there for the community.
Currently in our v5000 appliances the RBL section only allows DNS url's to be entered. Other mail appliances also allow the action that you want to take such as SMTP reject, 5.x.x Permanent Failure return, forward to spam mailbox etc.
It looks like the v5000's just terminate the connection which doesn't tell the spammers that its no good, just that the connection dropped and they try again.
Per Spamhaus test:
I connected to x.x.x.x and here's the conversation I had:
Terminating conversation.
This is not a good thing, by the way. It looks like you're using tcp_wrappers to close the SMTP connection before the SMTP server even has a chance to run. This confuses some SMTP clients, so they immediately reconnect. This can happen hundreds of times per minute, which has the same effect as a denial of service attack. Much better to spit back a 5xx permanent failure message, then close the connection without waiting for a quit.