I'll try. It's been a while. In WHM I went to Exim Configurations -> RBL. I had 3 and sorbs was one. I clicked the radio button for Sorbs from on to off and clicked Save. That was the first step, but I was still getting complaints that email was being blocked by Sorbs. So I went back and clicked on the Manage button on the RBL screen and deleted references to Sorbs and clicked Save.
After continued complaints I did to a grep for the one user and here's an example with actual domains changed to protect the innocent

:
2015-02-02 10:52:41 H=mail-wi0-f197.google.com [209.85.212.197]:40014 I=[69.50.241.226]:25 X=TLSv1:RC4-SHA:128 F=<
[email protected]> rejected RCPT <
[email protected]>: "JunkMail rejected - mail-wi0-f197.google.com [209.85.212.197]:40014 is in an RBL, see Currently Sending Spam See: http://www.sorbs.net/lookup.shtml?209.85.212.197"
Also if I just do a grep sorbs exim_mainlog I get tons of results.
Finally I looked at /etc/exim.conf and found:
# BEGIN INSERT SORBS_rbl
deny message = JunkMail rejected - $sender_fullhost is in an RBL, see $dnslist_text
hosts = +backupmx_hosts
dnslists = dnsbl.sorbs.net
warn
!hosts = 209.17.115.53 : 209.17.115.51 : 75.109.250.204 : 69.50.246.34 : 108.174.96.51
dnslists = dnsbl.sorbs.net
set acl_m8 = 1
set acl_m9 = "JunkMail rejected - $sender_fullhost is in an RBL, see $dnslist_text"
warn
condition = ${if eq {${acl_m8}}{1}{1}{0}}
ratelimit = 0 / 1h / strict / per_conn
log_message = "Increment Connection Ratelimit - $sender_fullhost because of RBL match"
drop
condition = ${if eq {${acl_m8}}{1}{1}{0}}
message = ${acl_m9}
# END INSERT SORBS_rbl