You could start by analyzing why those senders are on dnsbl lists. From there you can decide which option to take:
1. Stop using that list, if you think it isn't managed responsibly.
2. Get the sender to pester their mail service provider to fix whatever caused them to end up on the list.
3. Remove the list from mta-level dnsrbl check and create a custom spamassassin rule instead.
Here's an example of what I appended to /opt/zimbra/conf/salocal.cf.in.
You can find more documentation on this forum, in the wiki, and in the spamassassin docs. After modifying salocal.cf.in, you need to restart some or all of the system. With 5.x, zmamavisdctl stop && zmamavisdctl start is probably sufficient. But with 6.x, you may need to restart the whole server; at least that was my recent experience. To confirm that the changes have been applied, look in salocal.cf. (You shouldn't modify salocal.cf directly because it gets rewritten by zimbra.)
# Single-zone BLs for UCEPROTECT
header RCVD_IN_UCEPROTECT_2 eval:check_rbl('UCEPROTECT-1', 'dnsbl-1.uceprotect.net.')
describe RCVD_IN_UCEPROTECT_2 Received via a relay in dnsbl-1.uceprotect.net
tflags RCVD_IN_UCEPROTECT_2 net
score RCVD_IN_UCEPROTECT_2 6.5
header RCVD_IN_UCEPROTECT_2 eval:check_rbl('UCEPROTECT-2', 'dnsbl-2.uceprotect.net.')
describe RCVD_IN_UCEPROTECT_2 Received via a relay in dnsbl-2.uceprotect.net
tflags RCVD_IN_UCEPROTECT_2 net
score RCVD_IN_UCEPROTECT_2 1.1
header RCVD_IN_UCEPROTECT_3 eval:check_rbl('UCEPROTECT-3', 'dnsbl-3.uceprotect.net.')
describe RCVD_IN_UCEPROTECT_3 Received via a relay in dnsbl-3.uceprotect.net
tflags RCVD_IN_UCEPROTECT_3 net
score RCVD_IN_UCEPROTECT_3 0.5
# Multi-zone BL for hostkarma, see http://wiki.ctyme.com/index.php/Spam_DNS_Lists#Spam_Assassin_Examples
# also http://www.zimbra.com/forums/administrators/30801-spamassassin-additional-rules-botnet-plugin.html
# I use Uxbod's scoring.
header __RCVD_IN_JMF eval:check_rbl('JMF-lastexternal','hostkarma.junkemailfilter.com.')
describe __RCVD_IN_JMF Sender listed in JunkEmailFilter
tflags __RCVD_IN_JMF net
header RCVD_IN_JMF_BL eval:check_rbl_sub('JMF-lastexternal', '127.0.0.2')
describe RCVD_IN_JMF_BL Sender listed in JMF-BLACK
tflags RCVD_IN_JMF_BL net
score RCVD_IN_JMF_BL 1.5
header RCVD_IN_JMF_BR eval:check_rbl_sub('JMF-lastexternal', '127.0.0.4')
describe RCVD_IN_JMF_BR Sender listed in JMF-BROWN
tflags RCVD_IN_JMF_BR net
score RCVD_IN_JMF_BR 0.5
# Single-zone BL for NiX Spam DNSBL
header RCVD_IN_NIXSPAM eval:check_rbl('NIXSPAM', 'ix.dnsbl.manitu.net')
describe RCVD_IN_NIXSPAM Received via a relay in ix.dnsbl.manitu.net
tflags RCVD_IN_NIXSPAM net
score RCVD_IN_NIXSPAM 6.5
If you have 6.x you can have user-level whitelists for the SA checks. Before 6.x, you need to modify /opt/zimbra/conf/amavisd.conf.in. There should be a section beginning with # ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING
See Improving Anti-spam system - Zimbra :: Wiki
What I did, as root, to blacklist a particular email address. (Whitelisting is similar.)
cp amavisd.conf.in amavisd.conf.in.bak
Now in the section following the line # soft-blacklisting (positive score) I added this:
'<unwanted sender's address>' => 15.0,
Then, as zimbra, I did zmamavisdctl stop && zmamavisdctl start . Note, the && means "do the second command if the first command exits successfully". See Combining UNIX Commands using && and ||.
Finally, I looked in amavisd.conf and confirmed that the change had gone into it.