A fastfail DNSBRL blacklisted message is rejected even if the sender user is successfully SMTP AUTHenticated.
Instead in such case the message should be accepted.
This bug is particularly critical in the scenario in which a blacklist that lists dynamic IP ranges (like "dul.dnsbl.sorbs.net") is being used, and a legitimate and SMTP AUTHenticated mail client roaming user connects from a dynamic IP and tries to send a mail to the James server. He will be rejected in such case.
BTW, just FYI, statistics on my production server show that using fastfail DNSBRL blacklists and the Bayesian mailet, about 20% of the spam gets rejected by the "dul.dnsbl.sorbs.net" list, 65% by the other James stock configuration lists, and almost all of the remaining 15% is detected (and flagged for inspection) by the Bayesian mailet. Without the "dul.dnsbl.sorbs.net" about 34% is detected and flagged by the Bayesian mailet but has to be manually inspected to avoid false positives, and 1% is undetected. So the dynamic IP criteria is very effective but, to be used, this bug has to be fixed.