Keys can be a fully or partly qualified host or domain name such as host.subdomain.domain.com, subdomain.domain.com, or domain.com. The last two forms match any host or subdomain under the specified domain.
Keys can also be a network address or subnetwork, e.g., 220.127.116.11, 205.199.2, or 205.199. The latter two forms match any host in the indicated subnetwork. Lastly, keys can be email@example.com to reject mail from a specific user.
Values can be REJECT to refuse connections from this host, DISCARD to accept the message but silently discard it (the sender will think it has been accepted), OK to allow access (overriding other built-in checks), RELAY to allow access including relaying SMTP through your machine, or an arbitrary message to reject the mail with the customized message.
For example, a database might contain:
firstname.lastname@example.org 550 Spammer
to reject all mail from any host in the abc.com domain, allow any relaying to or from any host in the sendmail.org domain, and reject mail from email@example.com with a specific message.
Note that the access database is a map and just as with all maps, the database must be generated using makemap. For example: makemap hash /etc/mail/access < /etc/mail/access