Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Goでつくる透過型SMTPプロキシ / Transparent SMTP proxy in Go

5d769d109697012317c09c6a27a6a4bf?s=47 linyows
June 10, 2021
Programming
1
340

Goでつくる透過型SMTPプロキシ / Transparent SMTP proxy in Go

Fukuoka.go #17 Jun 10, 2021 の発表資料です。

5d769d109697012317c09c6a27a6a4bf?s=128

linyows

June 10, 2021
Tweet

More Decks by linyows

See All by linyows
Denoの仕組み / How deno works as TypeScript runtime
5d769d109697012317c09c6a27a6a4bf?s=48 linyows
1
260
透過型SMTPプロキシによるメール送信集約とキュー輻輳回避の検討 / A Study on Aggregation of Email Transfer and Avoidance of QueueCongestion using a Transparent SMTP Proxy
5d769d109697012317c09c6a27a6a4bf?s=48 linyows
0
1k
Goでサーバの健全性を確保する / Keeping servers healthy with Go
5d769d109697012317c09c6a27a6a4bf?s=48 linyows
0
1k
なぜNotionを使うのか / Why use notion as our workspace
5d769d109697012317c09c6a27a6a4bf?s=48 linyows
4
810
みんなのIMAPを可視化する / Visualize IMAP Everybody
5d769d109697012317c09c6a27a6a4bf?s=48 linyows
2
300
CockroachDBって何 / What is CockroachDB
5d769d109697012317c09c6a27a6a4bf?s=48 linyows
1
280
TypeScript v3.7のおさらい / Learning TypeScript v3.7
5d769d109697012317c09c6a27a6a4bf?s=48 linyows
0
130
Edge Computing with Rust and WebAssembly / RustとWebAssemblyでEdge Computing
5d769d109697012317c09c6a27a6a4bf?s=48 linyows
0
480
あらためてGenericsを知る / Learn about Generics again
5d769d109697012317c09c6a27a6a4bf?s=48 linyows
0
590

Other Decks in Programming

See All in Programming
アプリのログをチーム外で活用してもらうためにやったこと
2f8b61ad31dd9c6ada4a90af746290fd?s=48 shotakashihara
0
190
未経験QAの私が、よきQA(Question Asker) になっていく物語
F0a8d07597a19192791bf663504d2a17?s=48 atamaplus
0
350
デュアルトラックアジャイル × Agile Testingから 見えてきたQAのミライ
F0a8d07597a19192791bf663504d2a17?s=48 atamaplus
0
450
Groovy Roadmap
4578d99b560b2a470e05288ef6766ac2?s=48 paulk
7
13k
Node.js 最新動向 TFCon 2022
D76231a2114896dfcc7b79ac69558b79?s=48 yosuke_furukawa
PRO
6
2.9k
Micro Frontends with Module Federation: Beyond the Basics @codecrafts2022
15934fa2aa7b2ce21f091e9b7cffa856?s=48 manfredsteyer
PRO
0
130
Kotlin 最新動向2022 #tfcon #techfeed
14c9795d267f5b85abb98ca5e8780646?s=48 ntaro
1
1.2k
Oculus Interaction SDK 概説 / xrdnk-caunity-LT4
270b0c7883545117a9a618dc7ca7cc83?s=48 xrdnk
0
270
もしも、 上司に鬼退治を命じられたら~プロジェクト計画編~
Fb0a40e5e7a9dc85520f1646fd41eb44?s=48 higuuu
0
290
スモールチームがAmazon Cognitoでコスパよく作るサービス間連携認証
87980686562669ac5ec4617ca53047f9?s=48 tacke_jp
2
860
Reactでアプリケーションを構築する多様化
2917a3c430817eb71086f8973c06ebba?s=48 sakito
4
3.5k
Unboxing Rails 7
0722f1ff8d0a69bce57ebdb93dafc395?s=48 claudiob
1
120

Featured

See All Featured
Intergalactic Javascript Robots from Outer Space
6804f1775cb4babfcc3851298566fbce?s=48 tanoku
261
25k
Thoughts on Productivity
A16eb159db895e3b01d3dc95767ad595?s=48 jonyablonski
43
2.2k
The Illustrated Children's Guide to Kubernetes
0438ae60cde4c7add6f9da48f28c15cc?s=48 chrisshort
14
35k
Support Driven Design
1519587b1a0febb658c36c94f6272b0d?s=48 roundedbygravity
86
8.5k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
651dcfe41723207fbb0aa044a4f7c07f?s=48 dotmariusz
100
5.9k
Designing the Hi-DPI Web
C157b16234f1e75e8eac3698c1d4414a?s=48 ddemaree
272
32k
Gamification - CAS2011
4394ceb8b277f35ee3da7030384efb5d?s=48 davidbonilla
75
3.9k
Code Review Best Practice
3d6ace9554821d552146413bcdf874f6?s=48 trishagee
41
6.8k
GraphQLの誤解/rethinking-graphql
3cb4e761dbdb7aebd1ffd85f752e1e3e?s=48 sonatard
24
6.2k
The Cult of Friendly URLs
Ded01cdab114abe4ec13511e4c25b9bb?s=48 andyhume
68
4.7k
Visualization
170b760e0147792d0140e59ec78e9893?s=48 eitanlees
124
11k
How STYLIGHT went responsive
F716e5f737fcfb03f2cf8d1a184f1dbe?s=48 nonsquared
85
3.9k

Transcript

  1. Fukuoka.go #17 Tomohisa Oda / Jun 10, 2021 Transparent SMTP

    Proxy in Go GoͰͭ͘ΔಁաܕSMTPϓϩΩγ

  2. Fukuoka.go #17 @linyows Blog: tomohisaoda.com Af fi liation: GMO pepabo,

    inc. Fukuoka.go and Fukuoka.ts Organizer

  3. Fukuoka.go #17 @linyows Blog: tomohisaoda.com Af fi liation: GMO pepabo,

    inc. Fukuoka.go and Fukuoka.ts Organizer ࠷ۙɺNotionʹࣅإֆΛॻ͍ͯ΋Β͍·ͨ͠ɻ

  4. Fukuoka.go #17 ๏ ϗεςΟϯάࣄۀ෦ Senior Engineering Lead ࣄۀ෦ͷCTO΍VPoEͷΑ͏ͳ΋ͷ ๏ ϖύϘݚڀॴ

    ۝भେֶڞಉݚڀ 2020 Պݚඅ࠾୒ https://kaken.nii.ac.jp/grant/KAKENHI-PROJECT-20K11791/ ܰྔίϯςφʹΑΔେن໛ߴूੵϝʔϧϗεςΟϯάج൫ʹ͓͚Δૹ৴ػೳͷߴػೳԽ In Pepabo…

  5. Fukuoka.go #17 Private Projects ΞϓϦέʔγϣϯࣗ਎͕ϦϙδτϦ͔ Β࠷৽ͷίʔυΛݕ஌ͯࣗ͠ಈͰσϓϩ ΠͱσϦόϦʔΛߦ͏πʔϧ linuxͷuser໊લղܾΛGitHubͷ Teamϝϯόʔ΍ϦϙδτϦͷΞΫηε ݖݶऀ͔Βߦ͏πʔϧ

    ϝʔϧૹ৴༻ͷಁաܕSMTPϓϩΩγͰ ϦΫΤετͱϨεϙϯεΛϩά΍σʔλ ϕʔεʹग़ྗ͢Δ͜ͱ͕Ͱ͖Δ New!!

  6. Fukuoka.go #17 ϝʔϧͷ࢓૊ΈͱϝʔϧϗεςΟϯάͷ՝୊

  7. Fukuoka.go #17 ✉ Architecture 💻 🖥 Mail Submission Agent :587

    Mail Transfer Agent :25 Mail Delivery Agent :993 Postfix Postfix Dovecot ✉ ✉ SMTP SMTP LMTP IMAP 📱 📱 DNS MX TXT(SPF, DKIM, DMARC…)

  8. Fukuoka.go #17 ✉ Architecture 💻 🖥 Mail Submission Agent :587

    Mail Transfer Agent :25 Mail Delivery Agent :993 Postfix Postfix Dovecot ✉ ✉ SMTP SMTP LMTP IMAP 📱 📱 alice@example.com DNS MX TXT(SPF, DKIM, DMARC…) bob@example.net Bob Alice ϝʔϧϗεςΟϯάʹ͓͍ͯ ϝʔϧΛ૬खઌʹ ౸ୡͤ͞Δ͜ͱ͕ॏཁ

  9. Fukuoka.go #17 ϝʔϧͷ౸ୡੑʹӨڹΛ༩͑Δ̐ͭͷ͜ͱ via: https://sendgrid.kke.co.jp/blog/?p=4494 by Jillian Smith ๏ ϝʔϧΠϯϑϥͷ݈શੑʢωοτϫʔΫͱDNSʣ

    ๏ ϝʔϧͷίϯςϯπʢఴ෇ϑΝΠϧ, ຊจ, ϔομʔͳͲʣ ๏ ϝʔϧͷૹ৴ݩʢૹ৴ݩIP, υϝΠϯ, ૹ৴ྔͳͲʣ ๏ ड৴ଆαʔόͷՄ༻ੑ

  10. Fukuoka.go #17 ๏ ϝʔϧΠϯϑϥͷ݈શੑʢωοτϫʔΫͱDNSʣ ๏ ϝʔϧͷίϯςϯπʢఴ෇ϑΝΠϧ, ຊจ, ϔομʔͳͲʣ ๏ ϝʔϧͷૹ৴ݩʢૹ৴ݩIP,

    υϝΠϯ, ૹ৴ྔͳͲʣ ๏ ड৴ଆαʔόͷՄ༻ੑ ϝʔϧͷ౸ୡੑʹӨڹΛ༩͑Δ̐ͭͷ͜ͱ via: https://sendgrid.kke.co.jp/blog/?p=4494 by Jillian Smith %/4#-ʹొ࿥͞ΕΔͳͲ Ϩϐϡςʔγϣϯʢධ൑ʣʹӨڹ͢Δ

  11. Fukuoka.go #17 ๏ ༷ʑͳϢʔβ͕࢖͏ϚϧνςφϯτͰ͋ΔͨΊɺϝʔϧΛ೔ৗతʹͨ͘͞Μૹ৴͢ ΔΞΧ΢ϯτ΋͋Ε͹ɺීஈ͸গͳ͍͕ͨ·ʹେྔૹ৴͢ΔΞΧ΢ϯτ΋͋Δ ๏ ͦ΋ͦ΋ΞΧ΢ϯτΛ৐ͬऔΒΕΔέʔε΋͋Δ ๏ ड৴ऀ͕ͳͥड͚औΓڋ൱Λͨ͠ͷ͔͕෼͔Γʹ͍͘ʢDMARCରԠ͕͋Ε͹ผʣ ๏

    ϝʔϧ͸૒ํͷ΍ΓͱΓͳͷͰɺૹ৴ଆ͕εύϜߦҝͱࢥ͍ͬͯͳͯ͘΋ड৴ऀ͕ εύϜߦҝͩͱײ͡Δ͜ͱ΋͋Γ͏Δ ϝʔϧϗεςΟϯάʹ͓͚Δ՝୊

  12. Fukuoka.go #17 ๏ ༷ʑͳϢʔβ͕࢖͏ϚϧνςφϯτͰ͋ΔͨΊɺϝʔϧΛ೔ৗతʹͨ͘͞Μૹ৴͢ ΔΞΧ΢ϯτ΋͋Ε͹ɺීஈ͸গͳ͍͕ͨ·ʹେྔૹ৴͢ΔΞΧ΢ϯτ΋͋Δ ๏ ͦ΋ͦ΋ΞΧ΢ϯτΛ৐ͬऔΒΕΔέʔε΋͋Δ ๏ ड৴ऀ͕ͳͥड͚औΓڋ൱Λͨ͠ͷ͔͕෼͔Γʹ͍͘ʢDMARCରԠ͕͋Ε͹ผʣ ๏

    ϝʔϧ͸૒ํͷ΍ΓͱΓͳͷͰɺૹ৴ଆ͕εύϜߦҝͱࢥ͍ͬͯͳͯ͘΋ड৴ऀ͕ εύϜߦҝͩͱײ͡Δ͜ͱ΋͋Γ͏Δ ϝʔϧϗεςΟϯάʹ͓͚Δ՝୊ ϝʔϧૹ৴࣌ͷͲΜͳৼΔ෣͍͕ड৴ڋ൱ʹࢸ͔ͬͨʁ ෼ੳ͠ݕ஌Ͱ͖ΔΑ͏ʹ͍ͨ͠ʂ

  13. Fukuoka.go #17 ✉ Architecture 💻 🖥 Mail Submission Agent :587

    Mail Transfer Agent :25 Mail Delivery Agent :993 Postfix Postfix Dovecot ✉ ✉ SMTP SMTP LMTP IMAP 📱 📱 alice@example.com DNS MX TXT(SPF, DKIM, DMARC…) bob@example.net Bob Alice ͜ͷ΍ΓͱΓΛ෼ੳͰ͖Δɺ͔ͭ ໰୊Λݕ஌Ͱ͖Ε͹ ૹ৴ΛϒϩοΫͰ͖Δ࢓૊Έ͕ඞཁ

  14. Fukuoka.go #17 ࣮ݱํ๏ͷൺֱ

  15. Fukuoka.go #17 ϝʔϧϦϨʔ vs. ಁաܕϓϩΩγ Mail Transfer Agent :25 Mail

    Transfer Agent :25 Postfix Postfix alice@example.com Transparent Proxy :25 Mail Transfer Agent :25 ? Postfix alice@example.com Mail Submission Agent :587 Postfix bob@example.net Mail Submission Agent :587 Postfix bob@example.net ✉ ✉ ✉ ✉ ϝʔϧϦϨʔΛߦ͏ͱϗοϓ͕૿͑ ϝʔϧΩϡʔͷ؅ཧ͕ෳࡶʹͳΔ 4.51ड͚ྲྀ͢ಁաܕϓϩΩγͩͱ ϝʔϧΩϡʔ؅ཧ͕ݱߦͱมΘΒͣ γϯϓϧͰ͋Δɻ͔͠͠ɺͦͷΑ͏ ͳϛυϧ΢ΣΞ͕ݟ౰ͨΒͳ͍ɻ

  16. Fukuoka.go #17 ϝʔϧϦϨʔ vs. ಁաܕϓϩΩγ Mail Transfer Agent :25 Mail

    Transfer Agent :25 Postfix Postfix alice@example.com Transparent Proxy :25 Mail Transfer Agent :25 ? Postfix alice@example.com Mail Submission Agent :587 Postfix bob@example.net Mail Submission Agent :587 Postfix bob@example.net ✉ ✉ ✉ ✉ ϝʔϧϦϨʔΛߦ͏ͱϗοϓ͕૿͑ ϝʔϧΩϡʔͷ؅ཧ͕ෳࡶʹͳΔ 4.51ड͚ྲྀ͢ಁաܕϓϩΩγͩͱ ϝʔϧΩϡʔ؅ཧ͕ݱߦͱมΘΒͣ γϯϓϧͰ͋Δɻ͔͠͠ɺͦͷΑ͏ ͳϛυϧ΢ΣΞ͕ݟ౰ͨΒͳ͍ɻ

  17. Fukuoka.go #17 GoͰͭ͘ΔಁաܕSMTPϓϩΩγ

  18. Fukuoka.go #17 Ͳ͏΍ͬͯಁաܕϓϩΩγΛ࣮ݱ͢Δ͔ ๏ Port25൪ѼΛDNATͰશͯProxyʹૹΔ ๏ getsockopt(2)ͰѼઌมߋલͷΞυϨεΛऔಘ͢Δ

  19. Fukuoka.go #17 SMTP Example via: https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol 4.51͸04*-ͷͱͯ΋γϯϓϧͳϓϩτίϧ

  20. Fukuoka.go #17 Goͷio.CopyΛ࢖͑͹ָউͳΜ͡Όͳ͍ʁ

  21. Fukuoka.go #17 Transparent Proxy Go Mail Transfer Agent Postfix alice@example.com

    Mail Submission Agent Postfix bob@example.net io.Copy(internalConn, externalConn) io.Copy(externalConn, internalConn)

  22. Fukuoka.go #17 PoC ී௨ʹϝʔϧΛૹड৴Ͱ͖ͨͷͰ׬શʹ͏·͍ͬ͘ ͨͱࢥͬͨɻ ͔͠͠ɺHPSPVUJOF಺ͷม਺Λग़ྗͯ͠ΈΔͱɺ ్த͔Βจࣈ͕ಡΊͳ͍ײ͡ʹ

  23. Fukuoka.go #17 STARTTLSͷ͜ͱΛ๨Ε͍ͯͨ!!!

  24. Fukuoka.go #17 μ΢ϯάϨʔυ߈ܸରԠʹ͢Δ

  25. Fukuoka.go #17 ୯ʹJP$PQZͰ͸ͳ͘ 5-4ίωΫγϣϯ·Ͱ ੍ޚ͢Δඞཁ͕͋ͬͨ

  26. Fukuoka.go #17 45"355-4ʹରԠͯ͠ͳ͍ Ϩεϙϯεʹ͢Δ

  27. Fukuoka.go #17 όοϑΝϦϯάͨ͠σʔλΛ5-4 ίωΫγϣϯͱͦͷޙͷఆܕ΍Γ औΓޙʹૹ৴͢Δ

  28. Fukuoka.go #17 Demo: ࣌ؒͳ͍͔΋

  29. Fukuoka.go #17 ๏ Integration Testͷख๏Λߟ͑ΔʢPostfix ґଘΛͲ͏͢΂͖͔ʣ ๏ ऩूͨ͠৘ใΛDatabaseʹ஝ੵͱ෼ੳ ๏ IptablesґଘϧʔςΟϯάΛBPF/XDPΛ

    ࢖͏Α͏ʹ͢Δ ๏ Production΁ΧφϦΞϦϦʔε ࠓޙͷܭը — github.com/linyows/warp

  30. Fukuoka.go #17 ๏ ϝʔϧͷ౸ୡੑʹؔΘΔ̐ͭͷ߲໨͕͋Δ ๏ ϝʔϧϗεςΟϯάʹ͓͚Δ՝୊͸ड৴ڋ൱ͷཧ༝͕Θ͔Βͳ͍͜ͱ ๏ ϝʔϧૹ৴࣌ͷΞΧ΢ϯτ͝ͱͷৼΔ෣͍ͱड৴ڋ൱ͷؔ܎Λݟ͚ͭΔͨΊͷಁաܕϓϩ Ωγ ๏

    ಁաܕϓϩΩγʹ͢Δʹ͸DNATͱgetsockoptΛ࢖ͬͨ ๏ SMTPͷಁաܕϓϩΩγͷ࣮૷͸io.Copy͢Δ͚ͩͰ͸μϝͰμ΢ϯάϨʔυ߈ܸΛରԠ ͢Δඞཁ͕͋Γ࣮૷͕গ͠ෳࡶ Conclusion

  31. Fukuoka.go #17 Thank you \ʕ⊙౪⚆ʔ/