rejecting client=unknown[ip.ad.dr.ess]

[LuKreme]

Received a message with the following received header:
Received: from twitter.com (unknown [152.157.207.191])
        by mail.covisp.net (Postfix) with ESMTP id 3D796118B753
        for <kr...@kreme.com>; Mon, 22 Jun 2009 10:46:37 -0600 (MDT)

It was a virus payload containing a zip file with a .exe inside it  
(made to look like a pdf).

I got another nearly identical one claiming to be from hallmark ecards  
within a few minutes.

postfix/smtpd[31572]: 94E84118B80D: client=unknown[152.157.207.191]
postfix/cleanup[33547]: 94E84118B80D: message-id=<20090622164644.94e84118b...@mail.covisp.net 
>
postfix/qmgr[1043]: 94E84118B80D: from=<e-ca...@hallmark.com>,  
size=684311, nrcpt=1 (queue active)
postfix/local[33558]: 94E84118B80D: to=<kr...@covisp.net>, orig_to=<kr...@kreme.com 
>, relay=local, delay=70, delays=70/0/0/0.31, dsn=2.0.0, status=sent  
(delivered to command: /usr/local/bin/procmail -t -a $EXTENSION)
postfix/qmgr[1043]: 94E84118B80D: removed
postfix/smtpd[32918]: 3D796118B753: client=unknown[152.157.207.191]
postfix/cleanup[33397]: 3D796118B753: message-id=<20090622164638.3d796118b...@mail.covisp.net 
>
postfix/qmgr[1043]: 3D796118B753: from=<invitati...@twitter.com>,  
size=688383, nrcpt=1 (queue active)
postfix/local[33558]: 3D796118B753: to=<kr...@covisp.net>, orig_to=<kr...@kreme.com 
>, relay=local, delay=65, delays=64/0.01/0/0.44, dsn=2.0.0,  
status=sent (delivered to command: /usr/local/bin/procmail -t -a  
$EXTENSION)
postfix/qmgr[1043]: 3D796118B753: removed

I know they aren't hitting the various unknown checks because they are  
claiming a valid looking name in the EHLO, but is there something I  
can do to drop these at the transaction phase? I searched my mailspool  
for all the IDs for "client=unknown" and then searched the maillog for  
those IDs grepping on the 'from=' line, printing them out and sorting  
them.  I don't see anything in the maillogs for the last 31 days that  
is a legitimate email.

Is there anyway to, if not outright reject anyone whose DNS shows up  
as unknown to at least tempfail them with a "Ooops, your DNS is not  
resolving, try back later" or something?

Seems at least half the spam that gets by zen shows up as client=unknown

--
Ah we're lonely, we're romantic / and the cider's laced with acid /
        and the Holy Spirit's crying, Where's the beef? / And the moon
        is swimming naked / and the summer night is fragrant /
        with a mighty expectation of relief