MSM Bypass

Problem this snippet solves:

This iRule allows you to bypass MSM (Mail Security Module) for known-good senders by disabling all subsequent iRules (including the MSM iRule) for addresses in a specified class of allowlisted IP addresses.

The Class

First create a data group list (class) of type Address that contains the IP addresses and/or subnets from which mail will always be accepted: class allow_list { host 10.10.10.1 net 192.168.0.0 255.255.0.0 }

Then apply the following iRule to the same virtual server to which MSM is associated:

How to use this snippet:


Code :

priority 1
when CLIENT_ACCEPTED {  
  if { [matchclass [IP::client_addr] equals $::allow_list] } {  
  log local0. "client: [IP::client_addr] found in allow_list directed to http_test_pool"  
pool http_test_pool  
event disable all  
  }  
  elseif { [matchclass [IP::client_addr] equals $::deny_list] } {  
    log local0. " client: [IP::client_addr] found in deny_list directed to http_test_pool_2"  
pool http_test_pool_2   
           # or discard  
event disable all  
  }  
}
Published Mar 18, 2015
Version 1.0

Was this article helpful?

No CommentsBe the first to comment