where type is either the word 'from' or 'rcpt'. sender and recipient can be the actual sender, recipient, a wildcard or a regular expression (uses regex(3))
The accesslist happens at SMTP and mails which get restricted get rejected with permanent 5xx code.
To give some examples
The 3rd line implies that all outside mails from the sender email@example.com will be rejected at SMTP unless the recipient is firstname.lastname@example.org
IndiMail also provides a program called uacl to test this accesslist. uacl is useful especially when you use wildcards or regular expressions.
An extreme example where you want to restrict the communication between two domains only