write a policy server (or use one that implements this). postfix checks use a single variable (client, helo, sender, recipient). you can't mix things.
I'll try this way.
anyway, if you find yourself whitelisting many clients, then you should abandon the check. reject_unknown_client is unsafe. even if the client has a correct rNDS setup, the check will delay mail if there is a dns lookup failure. while testing it, I noticed that it delayed mail from dspam and netbsd mailing lists.
if your goal is to fight spam, there are safer and more efficient checks. you should start with zen.spamhaus.org.