An easy way to do it is via spamassassin, it may not be the most CPU effective, but it should do the trick quite easily.
You don't specify which version of zimbra you have, so routes my be different, but you could create /opt/zimbra/data/spamassassin/localrules/sauser.cf in your as/av servers and add the rules there. The domain one is going to be easier that the IP one, as this last one will require you to write a little regex. Use this with carefull, as SA is quite resource consuming and making this grow and grow will likely affect the performance of your server (also, tune it so it compile rules, etc...there's quite a bunch of docs regarding this).
You should have lines like this in your sauser.cf for blocking addresses or domains.
blacklist_from firstname.lastname@example.org email@example.com
For IPs you need a regex...although if you already know exactly which IP is giving you problem, a "literal" is the easiest way of regex and most likely the case you need. (replace the "X" with the numbers of the IPs you are trying to block).
# Blacklist IP
header BANNED_IPS Received =~ /\[XXX\.XXX\.XXX\.XXX\]/
score BANNED_IPS 100
Make sure your zimbra user and groups are owners of that file and once done, restart amavis with:
Now, everytime an email comes from that IP, it should match that rule and add 100 points to it scores, which (if not changed from defaults), will reach the "kill" score for that mail, making it to even skip the "spam" folder and discarding it directly.
For IPs though...it is usually better to just use your permietral firewalls, and block those IPs there instead of creating the rules in zimbra.