Final remarks
Christoph,
Naturally: do NOT put the *@<domain>.tld in the domains white list. It does NOT belong there.
Naturally: you get a SKIP, due to a match in the domains white list (in this case, the exact match is *tfbnw.net).
And SURE: there is an issue with reverse DNS.
But you only mention a minor flaw (not a bug or issue/problem with the filter), with this flaw being that (to my best knowledge) the greylisting filter only uses "reverse DNS" (rDNS) and does not use the theoretically better "Forward Confirmed reverse DNS" (FCrDNS).
For a better understanding of rDNS: see
http://en.wikipedia.org/wiki/Reverse_DNS_lookup
For a better understanding of FCrDNS: see
http://en.wikipedia.org/wiki/Forward_Confirmed_reverse_DNS
Then again, note that you can resolve this flaw by just adding specific DNSBL services (in plesk control panel, just allow for "spam protection based on DNS blackhole lists" under "mail server settings").
That blocks a huge amount of spam in advance. In practice, as confirmed by many tests executed by me, proper DNSBL configuration makes the greylisting filter almost obsolete in the server-wide environment.
The value of the greylisting filter comes from the fact that it delivers the feature of individual settings in the domain-specific and mailbox-specific environment, due to the tight integration with spamassassin. The filter simply adds the possibility to extend the DNSBL settings to your own liking.
The DNSBL services should preferably be zen.spamhaus.org. Do not use spamcop, even though it uses the "stronger" FCrDNS check, since spamcop can (and will) cause problems.
It is very likely that Parallels, in order to prevent those problems with FCrDNS, is making use of the simple rDNS check.
The drawbacks of this check and therefore the inherent drawbacks of the greylisting filter
can cause the behavior that did start this thread. However, these drawbacks are certainly
not causing the behavior automatically.
Finally, I was never able to replicate similar errors, caused by white-/blacklist patterns.
In short, patterns are used correctly and whatever errors there might be with rDNS: those errors can be resolved by using DNSBL services