Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Email in Rails (and/or introduction to "Dark De...
Search
sylph01
September 18, 2019
Technology
0
1.2k
Email in Rails (and/or introduction to "Dark Depths of Email")
presented at Fukuoka.rb 150th anniversary LT
sylph01
September 18, 2019
Tweet
Share
More Decks by sylph01
See All by sylph01
"Actual" Security in Microcontroller Ruby!?
sylph01
0
66
Everyone Now Understands AuthZ/AuthN and Encryption Perfectly and I'm Gonna Lose My Job
sylph01
1
13
Updates on PicoRuby Networking, HPKE (and maybe more)
sylph01
1
210
Adding Security to Microcontroller Ruby
sylph01
2
3.2k
Secure Messaging at IETF 118
sylph01
0
74
Adventures in the Dungeons of OpenSSL
sylph01
0
480
Community & RubyKaigi Showcase @ Ehime.rb Reboot Meetup
sylph01
0
300
Build and Learn Rails Authentication
sylph01
8
2k
Email, Messaging, and Self-Sovereign Identity (2021/05/28 edition)
sylph01
0
280
Other Decks in Technology
See All in Technology
re:Invent 2024 Innovation Talks(NET201)で語られた大切なこと
shotashiratori
0
320
Fanstaの1年を大解剖! 一人SREはどこまでできるのか!?
syossan27
2
180
プロダクト開発を加速させるためのQA文化の築き方 / How to build QA culture to accelerate product development
mii3king
1
280
[トレノケ雲の会 mod.13] 3回目のre:Inventで気づいたこと -CloudOperationsを添えて-
shintaro_fukatsu
0
110
UI State設計とテスト方針
rmakiyama
3
780
Amazon Kendra GenAI Index 登場でどう変わる? 評価から学ぶ最適なRAG構成
naoki_0531
0
130
LINEヤフーのフロントエンド組織・体制の紹介【24年12月】
lycorp_recruit_jp
0
550
LINE Developersプロダクト(LIFF/LINE Login)におけるフロントエンド開発
lycorptech_jp
PRO
0
150
Oracle Cloudの生成AIサービスって実際どこまで使えるの? エンジニア目線で試してみた
minorun365
PRO
4
300
DUSt3R, MASt3R, MASt3R-SfM にみる3D基盤モデル
spatial_ai_network
2
230
20241220_S3 tablesの使い方を検証してみた
handy
4
680
WACATE2024冬セッション資料(ユーザビリティ)
scarletplover
0
290
Featured
See All Featured
Fireside Chat
paigeccino
34
3.1k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
6
520
Navigating Team Friction
lara
183
15k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
111
49k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.5k
Music & Morning Musume
bryan
46
6.2k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
6
450
Build The Right Thing And Hit Your Dates
maggiecrowley
33
2.4k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
The Cult of Friendly URLs
andyhume
78
6.1k
Thoughts on Productivity
jonyablonski
68
4.4k
Transcript
Email in Rails, and/or Introduction to the "Dark Depths of
Email" Ryo Kajiwara(sylph01) @ Fukuoka.rb #149/150
୭ʁ sylph01 / ֿݪ ཾ Twitter: @s01 ҉߸ͱ͔Ͱ͖·͢ Elixirͱ͔Ͱ͖·͢ Ruby·ΔͰΘ͔ΒΜ
None
W3CͷձٞͰདྷ·ͨ͠ ͍Ζ͍Ζweb-relatedͳεςοΧʔͱ ͔͋ΔͷͰ͋ͱͰ͔͚͍ͯͩ͘͞
None
None
None
RailsͰϝʔϧͷͯ͢ Λѻ͑ΔΑ͏ʹͳͬ ͨʂ
MTAʮͷʯೖΓޱΛ උ͍͑ͯΔɺͱ͋Δ͚ ͲɺͲͪΒ͔ͱ͍͏ͱ MTAʮ͔ΒͷʯೖΓޱ
͜ΕԿΛ͢Δͷͧ • ड৴ϝʔϧΛActiveRecordΦϒδΣΫτʹม • ActiveStorageͰϥΠϑαΠΫϧཧɺҰఆظؒܦͬͨΒࣗಈম ٫ʢআʣ • ϝʔϧΛड͚ͨͱ͖ͷॲཧΛॻ͚Δ
ݸਓͰϝʔϧΔͷ͓͢͢ Ί͠·ͤΜ • IMAPΔͱετϨʔδࠈʹؕΓ·͢ • ໎ϝʔϧରࡦ͠ΜͲ͍ • ઃఆϛεΔͱϝʔϧ͕૬खʹಧ͖·ͤΜ • ͱ͍͏͔SMTPΛΊΖ
ͳͷͰGuidesʹॻ͍ͯ͋ΔΑ ͏ʹWebαʔϏεΛ͓͏ • Mailgun • Mandrill • Postmark • SendGrid
• ·ͨAmazon SESʢଞʹൺΔͱࣗͰMTAཧ͢Δͷʹۙ͘ ͋Δʣ
ͦΕͰΓͨ͘ͳͬ ͨͱ͖ͷΛ͠·͢
: ͔͜͜ΒNot Ruby Rubyͷݴ༿ͰؤுΓ͔͚ͨͬͨͲؒ ʹ߹Θͳ͔ͬͨΑ…
SMTP Ͳ͕͜SimpleͶΜMail Transfer Protocolɻ RFC 821 → ݱࡏͷ࠷৽ RFC 5321
ʮϝʔϧΛόέπϦϨʔͷΑ͏ʹసૹ͢ΔʯͷͰʮSMTP relayingʯͱ͔ʮϦϨʔαʔόʔʯͱ͔͍͏͚ΕͲݱతʹ͜ͷ Πϝʔδ࣋ͬͯͳͯ͘Α͍Ͱ͢ɻ૬खઌυϝΠϯ໊ͷMXϨίʔ υΛݟͯͦ͜ʹୟ͖͚ͭ·͢ɻ
None
SMTPʹೝূ͕ͳ͍ SMTPϦϨʔػߏΛ࡞ΔͨΊͷϓϩτίϧͳͷͰɺͲ͔͜Βϝʔ ϧ͕དྷ͔ͨΛ͍͍ͪͪೝূ͢Δඞཁ͕ͳ͍ɻཧ۶Θ͔Δͷ͚ͩ Ͳ໎ϝʔϧ͕ͼ͜Δ࠷େͷݪҼͷҰ͕ͭ͜Εɻ POP before SMTPɺSMTP-AUTHͳͲͷ֦ுͰೝূΛ͢Δɻ
SPF, DKIM ͜ͷϝʔϧͪΌΜͱ͜ͷυϝΠϯΛॴ༗͍ͯ͠Δਓʢͷαʔ όʔʣ͔Βདྷͯ·͢Αɺͱ͍͏͜ͱΛ͍ࣔͨ͠ɻ ͲͪΒDNSͷTXTϨίʔυʹهड़Λߦ͏ɻ • SPF: ڐՄ͢ΔIPΞυϨεΛࢦఆɻ • DKIM:
ެ։伴ΛTXTϨίʔυʹઃఆɻαʔόʔൿີ伴Λར༻͠ ͯϝοηʔδʹॺ໊͢Δɻ
SPF TXTϨίʔυʹIPΞυϨεɺ͘͠MXϨίʔυͷυϝΠϯ໊Λࢦ ఆ͢Δ͚ͩɻ ྫ: example.net. IN TXT "v=spf1 ip4:192.0.2.1 -all"
DKIM • opendkimΛΠϯετʔϧͯ͠ઃఆ͢Δ • Δ͜ͱଟ͍ͷͰৄࡉDigitalOceanͷνϡʔτϦΞϧࢀর - https:/ /www.digitalocean.com/community/tutorials/how-to- install-and-configure-dkim-with-postfix-on-debian-wheezy •
ެ։伴ɾൿີ伴ϖΞͷੜͱTXTϨίʔυͷੜΛͬͯ͘ ΕΔ
None
DMARC • ϔομʹࣔ͞ΕΔૹ৴ऀͷυϝΠϯ(Header-From)ͱMAIL FROM ίϚϯυͰ͞ΕΔૹ৴ऀͷυϝΠϯ(Envelope-From)ͷҰகΛ औΔ • Header-FromͷυϝΠϯ໊ͱDKIMͷ"d="Ͱ༩͑ΒΕΔυϝΠϯ ໊ͷҰகΛऔΔ ͱ͍͏ՃͷೝূΛ͢Δɻࣦഊͨ͠߹ʹυϝΠϯΦʔφʔʹ
ͷ͋ΔϝʔϧΛใࠂͰ͖ΔΈ͋Δɻ
SPF, DKIM, DMARCͷઃ ఆϛε͔ͳΓଟ͍ αʔϏεͬͯͯDNSઃఆΕΔͱ ໎ϝʔϧѻ͍͞Ε·͢
ड৴͢Δଆͱͯ͠ ʮ໎ϝʔϧड৴ ϘοΫεʹೖͬͨ࣌ Ͱෛ͚ʯ MTAͰݕূͪΌΜͱ͠Α͏
ૹΔଆͰؾΛ͚ͭͳ ͖Ό͍͚ͳ͍͜ͱ
LTͩͱೖΓΒͳ͍ͷ Ͱ؆୯ʹհ
GoogleͷҰׅૹ৴ΨΠυϥΠ ϯ https:/ /support.google.com/a/answer/81126?hl=ja ૹΔଆ͜Εकͬͯͳ͍ͱ͍ͭͷؒʹ͔໎ϝʔϧϑΥϧμߦ͖ ʹͳΓ·͢ɻ ૹ৴ϘϦϡʔϜ͕େ͖͍߹Postmaster ToolsΛ͏ͱΑ͍ɻ
mail-tester.com https:/ /www.mail-tester.com/ ͜͜ʹϝʔϧૹΔͱIP͕ϒϥοΫϦετ͞ΕͯΔ͔Ͳ͏͔Ұൠ తͳઃఆϛεʹ͍ͭͯڭ͑ͯ͘ΕΔɻ
None
DigitalOcean͔Βૹͬͯ ͨΒMSNʹϒϩοΫ͞ ΕͯͨͰ͟͝Δ
None
چWILLCOMܥͷΞυϨ εʹ௨৴͢Βड͚ ͚ͯΒ͑ͳ͔ͬͨ
None
ݸਓͰϝʔϧΔͷ͓͢͢ Ί͠·ͤΜ(࠶) • IMAPΔͱετϨʔδࠈʹؕΓ·͢ • ໎ϝʔϧରࡦ͠ΜͲ͍ • ઃఆϛεΔͱϝʔϧ͕૬खʹಧ͖·ͤΜ • ͱ͍͏͔SMTPΛΊΖ
ͳͷͰWebαʔϏεΛ͓͏ (࠶) • Mailgun, Mandrill, Postmark, SendGrid, Amazon SES •
αʔόʔӡ༻Λؙ͛Ͱ͖Δ͠ • ໎ϝʔϧରࡦͬͯ͘ΕΔ • IPΞυϨεͷϨϐϡςʔγϣϯཧͬͯ͘ΕΔ
Ͳ͏ͯ͠Γ͍ͨ ํʹ ͏ͪΐͬͱ౿ΈࠐΜͩ༰Λ"Dark Depths of SMTP"(ٕज़ॻయ4ॳग़)ͱ͍͏ ຊͰॻ͍͍ͯ·͢ ͜ͷۀຊ͕࠷ۙग़ͯͳ͍ͷͰ͓ ͦΒ͘࠷৽Ͱ͢ ͳ͓౦ํཁૉදࢴ͚ͩͰ͢ɻ
Welcome to SMTPপ