I just spent the day trying to figure out why Zimbra doesn't like speakeasy.net email. As it turns out, I turned on all of the zimbraMtaRestriction rbl's. I did all of the 'whitelisting' that has been explained in these forums. I just re-applied my rbl's, and left the one that is rejcting speakeasy.net (relays.ordb.org) out. BOOM, it worked... but then most of the spam started kicking back in.
I guess it seems plausible that the rbl's have to be checked somewhere in the line of things.. and why check them last, if you use them, you might as well check them first.
Just making sure that this is the way it is supposed to be. No whitelisting in the world is going to save you from a domain that is in one of the RBL's?