If the MTA on the Internet connects to your Postfix server through the ZyWall (using NAT), the SMTP headers should show the address of the MTA, not that of the ZyWall. The only time you would see the ZyWall's address in the headers (or the log) is when it is sending the message. Here, for example, is my external MTA connecting to the internal Postfix MTA (on a Synology) through my USG-100:
Nov 9 22:28:25 DiskStation postfix/smtpd[22483]: connect from mail.ecc.lu[198.71.89.73]
In the header of a message, the same IP address appears:
Received: from mail.ecc.lu (mail.ecc.lu [198.71.89.73])
by home.ecc.lu (Postfix) with SMTP id C143580A6D4
for <xxx@ecc.lu>; Sun, 9 Nov 2014 22:28:25 +0100 (CET)
Here is my USG connecting to send its daily report:
Nov 9 00:00:10 DiskStation postfix/smtpd[22711]: connect from vpnrouter.ecc.lu[192.168.1.252]
Nov 9 00:00:10 DiskStation postfix/smtpd[22711]: 102F1860001: client=vpnrouter.ecc.lu[192.168.1.252
Nov 9 00:00:10 DiskStation postfix/cleanup[22715]: 102F1860001: hold: header Received: from ecc.lu
Nov 9 00:00:10 DiskStation postfix/cleanup[22715]: 102F1860001: message-id=<>
Nov 9 00:00:10 DiskStation postfix/smtpd[22711]: disconnect from vpnrouter.ecc.lu[192.168.1.252]
and the corresponding header in the email:
Received: from ecc.lu (vpnrouter.ecc.lu [192.168.1.252])
by home.ecc.lu (Postfix) with ESMTP id C1B53808751
for <xxx@ecc.lu>; Sun, 9 Nov 2014 00:00:11 +0100 (CET)
For the ZyWall's address to be substituted for the external MTA's address it would have to act as a kind of proxy instead of NATting the connection to your internal MTA, and I am not aware of such a functionality.
Can you post the relevant excerpts from the configuration of your USG?
Take care,
Stefaan