Postfix: whitelist host for specific sender

I have configured postfix like this to prevent spam (I am mydomain.com):

smtpd_helo_restrictions         =
    permit_mynetworks
    permit_sasl_authenticated
    check_client_access hash:/etc/postfix/check_client_access
    check_helo_access hash:/etc/postfix/check_helo_access
    reject_non_fqdn_helo_hostname
    reject_invalid_helo_hostname
    reject_unknown_helo_hostname
...

Because of that, I have the following logs:

Jul 30 00:04:14 stormrage postfix/smtpd[28116]: NOQUEUE: reject: RCPT from srv-exchange.anett.fr[80.118.5.170]: 450 4.7.1 <emailsecurity.domain.com>: Helo command rejected: Host not found; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<emailsecurity.domain.com>

This example log is a legitimate email, so I whitelist in check_helo_access like this:

/etc/postfix/check_helo_access:
emailsecurity.domain.com OK
...

It works, but I think the whitelisting may be strengthen. I can whitelist by host or by sender, but not both.

How can I whitelist an email based on specific sender/domain-sender when sent though specific host ?

I can whitelist by host or by sender, but not both.

actually you could. All you need is to use smtpd_restriction_classes

smtpd_restriction_classes = sender_white_list
sender_white_list = check_client_access hash:/etc/postfix/check_client_access, reject

smtpd_helo_restrictions =
  check_helo_access hash:/etc/postfix/check_helo_access
  permit_mynetworks
  permit_sasl_authenticated

/etc/postfix/check_helo_access
emailsecurity.domain.com sender_white_list

/etc/postfix/check_client_access
80.118.5.170 OK