Yes.
Of course if that net is used by spammers...

What do we actually use to fight spam here, is it something at the webserver level (like ModSecurity) or is it a vBulletin plugin?

For tools like ModSecurity it's possible to make the RBL lookups just one part of the decision on whether to block or not by calculating an anomaly score for each transaction.

My configuration turns on some extra rules for fighting spam (keyword blocking) when the IP address matches a RBL lookup for spam source.

Something like that might make the blocking less likely to affect legitimate posts. Lots of cool things are possible with ModSecurity, many of them have already been written into the Core Rule Set (CRS):

https://github.com/SpiderLabs/owasp-modsecurity-crs

The Denial of Service rules automatically set and expire blocks without manual intervention, which also ticks the "few human moderator hours" requirement.

modsecurity_crs_11_dos_protection.conf

And there's some protection for slowloris attacks:

modsecurity_crs_11_slow_dos_protection.conf

Good input.
clearly not working as intended atm

But. Be aware. That using RBL will also give false positives.
pretty positive my ip would at some point join RBL by my experiments with eg mailservers (and possibly tor)

True, a lot of people using dynamic IP addresses might already be on a RBL, since it only takes one computer to have been infected with spammy malware at some point in the IP's lifetime for it to be on the list.

But that's why you don't block straight away if you get a RBL match - by default in the CRS a RBL match gives an anomaly score of 3, and transactions are blocked at 5, so you'd need something else to push it over the edge (suspected XSS attack, SQLi, protocol violations or anomalies, known bad user agent string etc.)

Or, incorrect ehlo reply. Etc, etc, etc.

You mean when EHLO doesn't match the PTR?

Yes. That will put you on the blacklist in a jiffy.

I didn't know that, thanks. I figured you'd get put on the list for EHLO'ing with a domain name that doesn't have a DNS A or MX record pointing to that IP address (or one that doesn't have a DNS record at all), but didn't think the lists were that strict.

Luckily my ISP ( https://www.plus.net/ ) is one of the best for technical support - when I built my server I asked them to change my PTR record and they did it within 12h - many ISPs won't let you do it at all.

EHLO based blocking is really useful for mail servers - mine received 30 messages yesterday, 11 were rejected because the client didn't EHLO with a FQDN, a further 10 were rejected because the hostname couldn't be resolved.

I think it all depends. For example MS outlook 365 service will report any such mismatchs.

I don't know if this is possible but what would be interesting for the forum is to let anybody access it and read the posts (even when they use a spammer's ip) but block them from signing in or creating an account.

I for example use a proxy at work to just read the posts (I don't sign in), but just to stay up to date, and because of this restriction I can't any more (or I use a php proxy in addition to the web proxy to get access) and it's annoying. I have to use a proxy at work, otherwise a lot of accesses to the Internet are blocked by the company I work at (but strangely the access to some open proxys are not).