IP-address based classes support routing domains in v10.1?

The scan command is trying to parse the IP::client_addr output to see if it's in the form of IP address%route_domain. If it is, then the client IP is searched for in a datagroup which has the route domain in the name. If the IP is in that datagroup, then the connection is allowed. For all other cases, the request is dropped.

Within an iRule the [IP::client_addr] command will then be seen as 82.159.83.112%rd?

That's correct. IP::client_addr will return the client IP and route domain if the connection came in on a VLAN with a route domain set.

Here is a version of the iRule with debug logging to show you how it is working:

when CLIENT_ACCEPTED {

   log local0. "[IP::client_addr]:[TCP::client_port]: Connection to [IP::local_addr]:[TCP::local_port]"

    Check if there is a route domain in the IP::client_addr value
   if {[scan [IP::client_addr] {%[^%]%%%s} ip rdomain] == 2}{

      log local0. "[IP::client_addr]:[TCP::client_port]: Parsed $ip and $rdomain"

       There was a route domain for the client IP address
       Check if there is a corresponding class
      if {[class exists "SMTP_whitelist_${rdomain}"]}{

         log local0. "[IP::client_addr]:[TCP::client_port]: Class, SMTP_whitelist_${rdomain}, exists for route domain $rdomain"

  There is a corresponding class, so check if the client IP is in it
         if {[class match $ip equals "SMTP_whitelist_${rdomain}"]}{

            log local0. "[IP::client_addr]:[TCP::client_port]: Found $ip in SMTP_whitelist_${rdomain}, allowing connection."

             Client IP is in the corresponding class
     Exit this event in this rule
     All other cases will be rejected
    return
         }
      }
   }
    If we're still in the iRule, the client isn't allowed, so drop the connection
   log local0. "[IP::client_addr]:[TCP::client_port]: Dropping request."
   drop
}

Aaron