AA email has whitelist / blacklist rules based on a combination of any/all of to: address, from: address and/or subject line, all of which can take very simple wildcards (not full regexes).
One weird thing that support told me is that the so-called from: address match in the rules actually isn't. I'm told it really matches on some other mail header field value, can't remember for the life of me what the name of it is, it was described as ‘envelope’ <something-or-other> but that is unfortunately not the name of the header in question, I remember that much. They really really need to either fix this or at least document it. It's really annoying and misleading and you have to start digging into the guts of emails, you can't just look at the lame stuff your favourite email client shows you.
If you find the rules fail on you when you specify rules on from: address then this is what it is. I had a persistent spammer and I couldn't block them by from: address rule even though I tried every variation I could think of for the email address match string in case I was failing to understand their wildcarding. Anyway if you have a problem, then it's either that or you have not got your mind right about their wildcarding syntax, which caught me out.
In fact there is no excuse, I should document it, I and you have access to their wiki.
Their engine doesn't seem to have the sophisticated range of actions that I had before with UKservers where you could associate actions with a rule-match such as redirecting mail, moving or binning it.