Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Goでつくる透過型SMTPプロキシ / Transparent SMTP proxy in Go

linyows
June 10, 2021
Programming
1
580

Goでつくる透過型SMTPプロキシ / Transparent SMTP proxy in Go

Fukuoka.go #17 Jun 10, 2021 の発表資料です。

linyows

June 10, 2021
Tweet

More Decks by linyows

See All by linyows
なぜNotionを使うのか2022 / Why use notion as our workspace in 2022
linyows
3
4.9k
Denoの仕組み / How deno works as TypeScript runtime
linyows
2
450
透過型SMTPプロキシによるメール送信集約とキュー輻輳回避の検討 / A Study on Aggregation of Email Transfer and Avoidance of QueueCongestion using a Transparent SMTP Proxy
linyows
0
1.6k
Goでサーバの健全性を確保する / Keeping servers healthy with Go
linyows
0
1.5k
なぜNotionを使うのか / Why use notion as our workspace
linyows
4
960
みんなのIMAPを可視化する / Visualize IMAP Everybody
linyows
2
400
CockroachDBって何 / What is CockroachDB
linyows
1
340
TypeScript v3.7のおさらい / Learning TypeScript v3.7
linyows
1
160
Edge Computing with Rust and WebAssembly / RustとWebAssemblyでEdge Computing
linyows
0
600

Other Decks in Programming

See All in Programming
Github CopilotとChatGPTを使って感じた使い分けの糸口 / JavaDo #22
gishi_yama
0
180
SpringIO_19-05-2023.pdf
ancaghenade
0
120
マイクロサービス化を切り戻してモノリスで開発しているお話 およびその後
myahagi
0
350
Evolving a microservice architecture: how to right-size your services
cer
PRO
0
790
M5Stack用の指紋認証デバイスを試す
ufoo68
0
130
ざっくりつかむLangChainのメンタルモデル [説明欄にソースあり]
sagawa23
6
930
Goのジェネリクスを活用する
syumai
2
1.3k
その Swift コード、
こう書き換えてみないか / Polishing your Swift code with me!
treastrain
1
3.5k
CDCデータパイプラインを止めないために / One Stream of the CDC
tosh2230
0
120
Firebase A/B TestingとRemote Config
を最大限に活用する方法
mukky620
1
580
Look Back Over Deep Links
jmatsu
0
230
Architecting For Scale
squer
0
220

Featured

See All Featured
4 Signs Your Business is Dying
shpigford
171
21k
Designing with Data
zakiwarfel
92
4.3k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
16
1.3k
The Illustrated Children's Guide to Kubernetes
chrisshort
26
44k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
13
1.4k
Adopting Sorbet at Scale
ufuk
66
8k
Debugging Ruby Performance
tmm1
68
11k
Done Done
chrislema
178
15k
Bootstrapping a Software Product
garrettdimon
PRO
299
110k
Atom: Resistance is Futile
akmur
256
24k
What’s in a name? Adding method to the madness
productmarketing
PRO
14
2.1k
Web development in the modern age
philhawksworth
197
9.7k

Transcript

  1. Fukuoka.go #17
    Tomohisa Oda / Jun 10, 2021
    Transparent SMTP Proxy in Go
    GoͰͭ͘ΔಁաܕSMTPϓϩΩγ

    View Slide

  2. Fukuoka.go #17
    @linyows
    Blog: tomohisaoda.com


    Af
    fi
    liation: GMO pepabo, inc.


    Fukuoka.go and Fukuoka.ts Organizer

    View Slide

  3. Fukuoka.go #17
    @linyows
    Blog: tomohisaoda.com


    Af
    fi
    liation: GMO pepabo, inc.


    Fukuoka.go and Fukuoka.ts Organizer
    ࠷ۙɺNotionʹࣅإֆΛॻ͍ͯ΋Β͍·ͨ͠ɻ

    View Slide

  4. Fukuoka.go #17
    ๏ ϗεςΟϯάࣄۀ෦ Senior Engineering Lead


    ࣄۀ෦ͷCTO΍VPoEͷΑ͏ͳ΋ͷ


    ๏ ϖύϘݚڀॴ ۝भେֶڞಉݚڀ


    2020 Պݚඅ࠾୒ https://kaken.nii.ac.jp/grant/KAKENHI-PROJECT-20K11791/


    ܰྔίϯςφʹΑΔେن໛ߴूੵϝʔϧϗεςΟϯάج൫ʹ͓͚Δૹ৴ػೳͷߴػೳԽ
    In Pepabo…

    View Slide

  5. Fukuoka.go #17
    Private Projects
    ΞϓϦέʔγϣϯࣗ਎͕ϦϙδτϦ͔
    Β࠷৽ͷίʔυΛݕ஌ͯࣗ͠ಈͰσϓϩ
    ΠͱσϦόϦʔΛߦ͏πʔϧ
    linuxͷuser໊લղܾΛGitHubͷ
    Teamϝϯόʔ΍ϦϙδτϦͷΞΫηε
    ݖݶऀ͔Βߦ͏πʔϧ
    ϝʔϧૹ৴༻ͷಁաܕSMTPϓϩΩγͰ
    ϦΫΤετͱϨεϙϯεΛϩά΍σʔλ
    ϕʔεʹग़ྗ͢Δ͜ͱ͕Ͱ͖Δ
    New!!

    View Slide

  6. Fukuoka.go #17
    ϝʔϧͷ࢓૊ΈͱϝʔϧϗεςΟϯάͷ՝୊

    View Slide

  7. Fukuoka.go #17

    Architecture
    💻 🖥
    Mail Submission


    Agent
    :587
    Mail Transfer


    Agent
    :25
    Mail Delivery


    Agent
    :993
    Postfix Postfix Dovecot


    SMTP
    SMTP
    LMTP
    IMAP
    📱
    📱
    DNS
    MX TXT(SPF, DKIM, DMARC…)

    View Slide

  8. Fukuoka.go #17

    Architecture
    💻 🖥
    Mail Submission


    Agent
    :587
    Mail Transfer


    Agent
    :25
    Mail Delivery


    Agent
    :993
    Postfix Postfix Dovecot


    SMTP
    SMTP
    LMTP
    IMAP
    📱
    📱
    [email protected]
    DNS
    MX TXT(SPF, DKIM, DMARC…)
    [email protected]
    Bob Alice
    ϝʔϧϗεςΟϯάʹ͓͍ͯ
    ϝʔϧΛ૬खઌʹ
    ౸ୡͤ͞Δ͜ͱ͕ॏཁ

    View Slide

  9. Fukuoka.go #17
    ϝʔϧͷ౸ୡੑʹӨڹΛ༩͑Δ̐ͭͷ͜ͱ
    via: https://sendgrid.kke.co.jp/blog/?p=4494 by Jillian Smith
    ๏ ϝʔϧΠϯϑϥͷ݈શੑʢωοτϫʔΫͱDNSʣ


    ๏ ϝʔϧͷίϯςϯπʢఴ෇ϑΝΠϧ, ຊจ, ϔομʔͳͲʣ


    ๏ ϝʔϧͷૹ৴ݩʢૹ৴ݩIP, υϝΠϯ, ૹ৴ྔͳͲʣ


    ๏ ड৴ଆαʔόͷՄ༻ੑ

    View Slide

  10. Fukuoka.go #17
    ๏ ϝʔϧΠϯϑϥͷ݈શੑʢωοτϫʔΫͱDNSʣ


    ๏ ϝʔϧͷίϯςϯπʢఴ෇ϑΝΠϧ, ຊจ, ϔομʔͳͲʣ


    ๏ ϝʔϧͷૹ৴ݩʢૹ৴ݩIP, υϝΠϯ, ૹ৴ྔͳͲʣ


    ๏ ड৴ଆαʔόͷՄ༻ੑ
    ϝʔϧͷ౸ୡੑʹӨڹΛ༩͑Δ̐ͭͷ͜ͱ
    via: https://sendgrid.kke.co.jp/blog/?p=4494 by Jillian Smith
    %/4#-ʹొ࿥͞ΕΔͳͲ
    Ϩϐϡςʔγϣϯʢධ൑ʣʹӨڹ͢Δ

    View Slide

  11. Fukuoka.go #17
    ๏ ༷ʑͳϢʔβ͕࢖͏ϚϧνςφϯτͰ͋ΔͨΊɺϝʔϧΛ೔ৗతʹͨ͘͞Μૹ৴͢
    ΔΞΧ΢ϯτ΋͋Ε͹ɺීஈ͸গͳ͍͕ͨ·ʹେྔૹ৴͢ΔΞΧ΢ϯτ΋͋Δ


    ๏ ͦ΋ͦ΋ΞΧ΢ϯτΛ৐ͬऔΒΕΔέʔε΋͋Δ


    ๏ ड৴ऀ͕ͳͥड͚औΓڋ൱Λͨ͠ͷ͔͕෼͔Γʹ͍͘ʢDMARCରԠ͕͋Ε͹ผʣ


    ๏ ϝʔϧ͸૒ํͷ΍ΓͱΓͳͷͰɺૹ৴ଆ͕εύϜߦҝͱࢥ͍ͬͯͳͯ͘΋ड৴ऀ͕
    εύϜߦҝͩͱײ͡Δ͜ͱ΋͋Γ͏Δ
    ϝʔϧϗεςΟϯάʹ͓͚Δ՝୊

    View Slide

  12. Fukuoka.go #17
    ๏ ༷ʑͳϢʔβ͕࢖͏ϚϧνςφϯτͰ͋ΔͨΊɺϝʔϧΛ೔ৗతʹͨ͘͞Μૹ৴͢
    ΔΞΧ΢ϯτ΋͋Ε͹ɺීஈ͸গͳ͍͕ͨ·ʹେྔૹ৴͢ΔΞΧ΢ϯτ΋͋Δ


    ๏ ͦ΋ͦ΋ΞΧ΢ϯτΛ৐ͬऔΒΕΔέʔε΋͋Δ


    ๏ ड৴ऀ͕ͳͥड͚औΓڋ൱Λͨ͠ͷ͔͕෼͔Γʹ͍͘ʢDMARCରԠ͕͋Ε͹ผʣ


    ๏ ϝʔϧ͸૒ํͷ΍ΓͱΓͳͷͰɺૹ৴ଆ͕εύϜߦҝͱࢥ͍ͬͯͳͯ͘΋ड৴ऀ͕
    εύϜߦҝͩͱײ͡Δ͜ͱ΋͋Γ͏Δ
    ϝʔϧϗεςΟϯάʹ͓͚Δ՝୊
    ϝʔϧૹ৴࣌ͷͲΜͳৼΔ෣͍͕ड৴ڋ൱ʹࢸ͔ͬͨʁ
    ෼ੳ͠ݕ஌Ͱ͖ΔΑ͏ʹ͍ͨ͠ʂ

    View Slide

  13. Fukuoka.go #17

    Architecture
    💻 🖥
    Mail Submission


    Agent
    :587
    Mail Transfer


    Agent
    :25
    Mail Delivery


    Agent
    :993
    Postfix Postfix Dovecot


    SMTP
    SMTP
    LMTP
    IMAP
    📱
    📱
    [email protected]
    DNS
    MX TXT(SPF, DKIM, DMARC…)
    [email protected]
    Bob Alice
    ͜ͷ΍ΓͱΓΛ෼ੳͰ͖Δɺ͔ͭ
    ໰୊Λݕ஌Ͱ͖Ε͹
    ૹ৴ΛϒϩοΫͰ͖Δ࢓૊Έ͕ඞཁ

    View Slide

  14. Fukuoka.go #17
    ࣮ݱํ๏ͷൺֱ

    View Slide

  15. Fukuoka.go #17
    ϝʔϧϦϨʔ vs. ಁաܕϓϩΩγ
    Mail Transfer


    Agent
    :25
    Mail Transfer


    Agent
    :25
    Postfix Postfix
    [email protected]
    Transparent


    Proxy
    :25
    Mail Transfer


    Agent
    :25
    ? Postfix
    [email protected]
    Mail Submission


    Agent
    :587
    Postfix
    [email protected]
    Mail Submission


    Agent
    :587
    Postfix
    [email protected]
    ✉ ✉


    ϝʔϧϦϨʔΛߦ͏ͱϗοϓ͕૿͑
    ϝʔϧΩϡʔͷ؅ཧ͕ෳࡶʹͳΔ
    4.51ड͚ྲྀ͢ಁաܕϓϩΩγͩͱ
    ϝʔϧΩϡʔ؅ཧ͕ݱߦͱมΘΒͣ
    γϯϓϧͰ͋Δɻ͔͠͠ɺͦͷΑ͏
    ͳϛυϧ΢ΣΞ͕ݟ౰ͨΒͳ͍ɻ

    View Slide

  16. Fukuoka.go #17
    ϝʔϧϦϨʔ vs. ಁաܕϓϩΩγ
    Mail Transfer


    Agent
    :25
    Mail Transfer


    Agent
    :25
    Postfix Postfix
    [email protected]
    Transparent


    Proxy
    :25
    Mail Transfer


    Agent
    :25
    ? Postfix
    [email protected]
    Mail Submission


    Agent
    :587
    Postfix
    [email protected]
    Mail Submission


    Agent
    :587
    Postfix
    [email protected]
    ✉ ✉


    ϝʔϧϦϨʔΛߦ͏ͱϗοϓ͕૿͑
    ϝʔϧΩϡʔͷ؅ཧ͕ෳࡶʹͳΔ
    4.51ड͚ྲྀ͢ಁաܕϓϩΩγͩͱ
    ϝʔϧΩϡʔ؅ཧ͕ݱߦͱมΘΒͣ
    γϯϓϧͰ͋Δɻ͔͠͠ɺͦͷΑ͏
    ͳϛυϧ΢ΣΞ͕ݟ౰ͨΒͳ͍ɻ

    View Slide

  17. Fukuoka.go #17
    GoͰͭ͘ΔಁաܕSMTPϓϩΩγ

    View Slide

  18. Fukuoka.go #17
    Ͳ͏΍ͬͯಁաܕϓϩΩγΛ࣮ݱ͢Δ͔
    ๏ Port25൪ѼΛDNATͰશͯProxyʹૹΔ


    ๏ getsockopt(2)ͰѼઌมߋલͷΞυϨεΛऔಘ͢Δ

    View Slide

  19. Fukuoka.go #17
    SMTP Example
    via: https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol
    4.51͸04*-ͷͱͯ΋γϯϓϧͳϓϩτίϧ

    View Slide

  20. Fukuoka.go #17
    Goͷio.CopyΛ࢖͑͹ָউͳΜ͡Όͳ͍ʁ

    View Slide

  21. Fukuoka.go #17
    Transparent


    Proxy
    Go
    Mail Transfer


    Agent
    Postfix
    [email protected]
    Mail Submission


    Agent
    Postfix
    [email protected]
    io.Copy(internalConn, externalConn)
    io.Copy(externalConn, internalConn)

    View Slide

  22. Fukuoka.go #17
    PoC
    ී௨ʹϝʔϧΛૹड৴Ͱ͖ͨͷͰ׬શʹ͏·͍ͬ͘
    ͨͱࢥͬͨɻ
    ͔͠͠ɺHPSPVUJOF಺ͷม਺Λग़ྗͯ͠ΈΔͱɺ
    ్த͔Βจࣈ͕ಡΊͳ͍ײ͡ʹ

    View Slide

  23. Fukuoka.go #17
    STARTTLSͷ͜ͱΛ๨Ε͍ͯͨ!!!

    View Slide

  24. Fukuoka.go #17
    μ΢ϯάϨʔυ߈ܸରԠʹ͢Δ

    View Slide

  25. Fukuoka.go #17
    ୯ʹJP$PQZͰ͸ͳ͘
    5-4ίωΫγϣϯ·Ͱ
    ੍ޚ͢Δඞཁ͕͋ͬͨ

    View Slide

  26. Fukuoka.go #17
    45"355-4ʹରԠͯ͠ͳ͍
    Ϩεϙϯεʹ͢Δ

    View Slide

  27. Fukuoka.go #17
    όοϑΝϦϯάͨ͠σʔλΛ5-4
    ίωΫγϣϯͱͦͷޙͷఆܕ΍Γ
    औΓޙʹૹ৴͢Δ

    View Slide

  28. Fukuoka.go #17
    Demo: ࣌ؒͳ͍͔΋

    View Slide

  29. Fukuoka.go #17
    ๏ Integration Testͷख๏Λߟ͑ΔʢPostfix
    ґଘΛͲ͏͢΂͖͔ʣ


    ๏ ऩूͨ͠৘ใΛDatabaseʹ஝ੵͱ෼ੳ


    ๏ IptablesґଘϧʔςΟϯάΛBPF/XDPΛ
    ࢖͏Α͏ʹ͢Δ


    ๏ Production΁ΧφϦΞϦϦʔε
    ࠓޙͷܭը — github.com/linyows/warp

    View Slide

  30. Fukuoka.go #17
    ๏ ϝʔϧͷ౸ୡੑʹؔΘΔ̐ͭͷ߲໨͕͋Δ


    ๏ ϝʔϧϗεςΟϯάʹ͓͚Δ՝୊͸ड৴ڋ൱ͷཧ༝͕Θ͔Βͳ͍͜ͱ


    ๏ ϝʔϧૹ৴࣌ͷΞΧ΢ϯτ͝ͱͷৼΔ෣͍ͱड৴ڋ൱ͷؔ܎Λݟ͚ͭΔͨΊͷಁաܕϓϩ
    Ωγ


    ๏ ಁաܕϓϩΩγʹ͢Δʹ͸DNATͱgetsockoptΛ࢖ͬͨ


    ๏ SMTPͷಁաܕϓϩΩγͷ࣮૷͸io.Copy͢Δ͚ͩͰ͸μϝͰμ΢ϯάϨʔυ߈ܸΛରԠ
    ͢Δඞཁ͕͋Γ࣮૷͕গ͠ෳࡶ
    Conclusion

    View Slide

  31. Fukuoka.go #17
    Thank you \ʕ⊙౪⚆ʔ/

    View Slide