Can we see the smtpproxy log for the message? You should be able to find it at the command line with the following:
show events [date]|grep <messageid>
Remember that the date field is one day past when the event happened. Guessing that the message noted in your post came in on the same day as the post, this would be
show events 20100528 | grep 689412
This will return some lines that are in the format starting
We want to take the connection ID, which should be a 14 digit number, and search for that, thereby getting the smtpproxy data.
show events [date] | grep connectionid
With this data, we can take a look and see what whitelists were hit, and why TrustedSource scored the way that it did.
IronMail 6.7.2 Hotfix 2 has a default behavior of using port 443 (https) for checking TrustedSource reputations.
The IronMail was not allowed to use port 443, only port 53 (DNS) like the old behavior.
As a workaround, Support enabled TrustedSource to use port 53 again -- until the firewall rule is adjusted to allow outgoing port 443.