Looks to me like you have added the dnsbl check to smtpd_recipient_restrictions. Just add a check_client_access with access table that whitelists the IP address before the dnsbl restriction. There is extensive postfix docs on this. Make sure that you reject_unauth_destination, and then check for whitelist after that - otherwise you will be an open relay for the whitelisted host.
http://www.postfix.org/uce.html#smtp...t_restrictions
Note that in Zimbra we specify all the restrictions in smtpd_recipient_restrictions (as opposed to smptd_client_restrictions) so envelope addrs, even on reject, are in the logs.