This object takes care of matching a triplet. The simplest type is all which matches any triplet. The match object together with the policy object decide what happens with a triplet - whether it is rejected or let through.
A typical greylist setup uses an allmatch together with a greylist policy object after checking the triplet against whitelists. But it is also possible to greylist selectively by combining a selective match (pattern or exact) with the greylist policy object.
It is important to remember that defining a match only makes sense when it is used by a policy object.

user defined name for this match. This is what other objects use to refer to this match.
the following match types are availabe:all, exact match, cached exact match, pattern match, cached pattern match. The exact match types match a triplet or part of it against a particular column in a datsource - e.g. this is useful for whitelisting a list of recipient addresses. The pattern types can be used for more complex matching - e.g. whitelisting a particluar sender -> recipient pair.
The cached versions load the complete database table (or more precisely the datasource) into a local cache and use the cache for subsequent lookups. This reduces the number of database queries and greatly improves performance.
name=recipient match
type=cached exact match
the column in the datasource to match against. This depends on the structure of the database.
the part of the triplet to match against. The following parts are available:
client_address - the IP address of the client.
sender's email address.
recipient's email address.
the reverse client name.
shortened version of the reverse client name.
verfied client name.
shortened version of the verified client name.
complex representation of all parts of this triplet - mainly used for pattern matching (see below).
1.2.3 - shortened version of the client address.
the column in the datasource that is reported in the logs. For instance, a whitelisted triplet will be logged as .. wl recipient match: (sender) -> (recipient): (comment).
the user defined name of the datasource this match uses - e.g. the table in the database.

Complex pattern matching:

name=recipient match
type=cached pattern match

The triplet_string is identical to the pattern matching in the old greylist service. The triplet is represented as

s=<a href="" rel="nofollow"></a>
r=<a href="" rel="nofollow"></a>

In the above example the IP address resolves to one of Yahoo's servers. This pattern uses reverse name lookup and matches the example:

> insert into pattern values(".+^h=.*yahoo\.com.+$","yahoo");

Another example: this whitelists one of your mail domains completely

> insert into pattern values(".+^r=.*@someorg\.org.+$","someorg want all spam");

A more complex example for a common situation. A user has problems with receiving mail from someone particular. In this example we even know the sender's mail server's IP address -- well at least the first byte:

^s=user.+^r=<a href="mailto:myuser@mydomain" rel="nofollow">myuser@mydomain</a>.+^c=210

If you wanted to specify the users full address it would look like this

^s=user.+^r=<a href="mailto:myuser@mydomain" rel="nofollow">myuser@mydomain</a>\.org.+^c=210

Note: the .+ after the org in the example is still required!

Since s=user is at the beginning do not use the leading .+ before the anchor ^

^s=<a href="mailto:sender@example" rel="nofollow">sender@example</a>\.com.+$