Trying to limit acces to an attribute

I'm setting an OpenLDAP server, for small company For historical reason each users in ths company has two email address user@domain and user@olddomain.

Both address are used for sending and receiving email Howver we want to make sure that only the user@domain ones are show in the address book of squirellmail So I thaught of an ACL like this

access to attrs=mail matchingRule.regex="@domain" by peername "ip.of.web.mail" none by * read

But this seems to have no effect. I need some example or tips for debugging this problem. Thanks

Andres