Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Email in Rails (and/or introduction to "Dark De...

sylph01
September 18, 2019
Technology
0
1.2k

Email in Rails (and/or introduction to "Dark Depths of Email")

presented at Fukuoka.rb 150th anniversary LT

sylph01

September 18, 2019
Tweet

More Decks by sylph01

See All by sylph01
"Actual" Security in Microcontroller Ruby!?
sylph01
0
93
Everyone Now Understands AuthZ/AuthN and Encryption Perfectly and I'm Gonna Lose My Job
sylph01
1
33
Updates on PicoRuby Networking, HPKE (and maybe more)
sylph01
1
250
Adding Security to Microcontroller Ruby
sylph01
2
3.3k
Secure Messaging at IETF 118
sylph01
0
85
Adventures in the Dungeons of OpenSSL
sylph01
0
530
Community & RubyKaigi Showcase @ Ehime.rb Reboot Meetup
sylph01
0
330
Build and Learn Rails Authentication
sylph01
8
2.1k
Email, Messaging, and Self-Sovereign Identity (2021/05/28 edition)
sylph01
0
310

Other Decks in Technology

See All in Technology
Pwned Labsのすゝめ
ken5scal
2
450
AI Agent時代なのでAWSのLLMs.txtが欲しい!
watany
2
230
RayでPHPのデバッグをちょっと快適にする
muno92
PRO
0
190
Охота на косуль у древних
ashapiro
0
110
Ruby on Railsで持続可能な開発を行うために取り組んでいること
am1157154
3
160
Perlの生きのこり - エンジニアがこの先生きのこるためのカンファレンス2025
kfly8
2
270
Iceberg Meetup Japan #1 : Iceberg and Databricks
databricksjapan
0
380
入門 PEAK Threat Hunting @SECCON
odorusatoshi
0
160
Aurora PostgreSQLがCloudWatch Logsに 出力するログの課金を削減してみる #jawsdays2025
non97
1
220
Active Directory攻防
cryptopeg
PRO
8
5.6k
コンピュータビジョンの社会実装について考えていたらゲームを作っていた話
takmin
1
610
日経のデータベース事業とElasticsearch
hinatades
PRO
0
240

Featured

See All Featured
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
49
2.3k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
160
15k
Fontdeck: Realign not Redesign
paulrobertlloyd
83
5.4k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
Agile that works and the tools we love
rasmusluckow
328
21k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
Docker and Python
trallard
44
3.3k
Java REST API Framework Comparison - PWX 2021
mraible
29
8.4k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
33
2.8k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
59k
Designing Experiences People Love
moore
140
23k
Speed Design
sergeychernyshev
27
810

Transcript

  1. Email in Rails, and/or Introduction to the "Dark Depths of

    Email" Ryo Kajiwara(sylph01) @ Fukuoka.rb #149/150

  2. ୭ʁ sylph01 / ֿݪ ཾ Twitter: @s01 ҉߸ͱ͔Ͱ͖·͢ Elixirͱ͔Ͱ͖·͢ Ruby·ΔͰΘ͔ΒΜ

  3. None

  4. W3CͷձٞͰདྷ·ͨ͠ ͍Ζ͍Ζweb-relatedͳεςοΧʔͱ ͔͋ΔͷͰ͋ͱͰ੠͔͚͍ͯͩ͘͞

  5. None
  6. None
  7. None

  8. RailsͰϝʔϧͷ͢΂ͯ Λѻ͑ΔΑ͏ʹͳͬ ͨʂ

  9. MTAʮ΁ͷʯೖΓޱΛ උ͍͑ͯΔɺͱ͋Δ͚ ͲɺͲͪΒ͔ͱ͍͏ͱ MTAʮ͔ΒͷʯೖΓޱ

  10. ͜Ε͸ԿΛ͢Δ΋ͷͧ • ड৴ϝʔϧΛActiveRecordΦϒδΣΫτʹม׵ • ActiveStorageͰϥΠϑαΠΫϧ؅ཧɺҰఆظؒܦͬͨΒࣗಈম ٫ʢ࡟আʣ • ϝʔϧΛड͚ͨͱ͖ͷॲཧΛॻ͚Δ

  11. ݸਓͰϝʔϧ΍Δͷ͸͓͢͢ Ί͠·ͤΜ • IMAP΍ΔͱετϨʔδ஍ࠈʹؕΓ·͢ • ໎࿭ϝʔϧରࡦ͸͠ΜͲ͍ • ઃఆϛεΔͱϝʔϧ͕૬खʹಧ͖·ͤΜ • ͱ͍͏͔SMTPΛ΍ΊΖ

  12. ͳͷͰGuidesʹॻ͍ͯ͋ΔΑ ͏ʹWebαʔϏεΛ࢖͓͏ • Mailgun • Mandrill • Postmark • SendGrid

    • ·ͨ͸Amazon SESʢଞʹൺ΂Δͱࣗ෼ͰMTA؅ཧ͢Δͷʹۙ͘ ͸͋Δʣ

  13. ͦΕͰ΋΍Γͨ͘ͳͬ ͨͱ͖ͷ࿩Λ͠·͢

  14. ஫: ͔͜͜ΒNot Ruby Rubyͷݴ༿ͰؤுΓ͔͚ͨͬͨͲؒ ʹ߹Θͳ͔ͬͨΑ…

  15. SMTP Ͳ͕͜Simple΍ͶΜMail Transfer Protocolɻ RFC 821 → ݱࡏͷ࠷৽͸ RFC 5321

    ʮϝʔϧΛόέπϦϨʔͷΑ͏ʹసૹ͢ΔʯͷͰʮSMTP relayingʯͱ͔ʮϦϨʔαʔόʔʯͱ͔͍͏͚ΕͲݱ୅తʹ͸͜ͷ Πϝʔδ͸࣋ͬͯͳͯ͘Α͍Ͱ͢ɻ૬खઌυϝΠϯ໊ͷMXϨίʔ υΛݟͯ௚઀ͦ͜ʹୟ͖͚ͭ·͢ɻ
  16. None

  17. SMTPʹ͸ೝূ͕ͳ͍ SMTP͸ϦϨʔػߏΛ࡞ΔͨΊͷϓϩτίϧͳͷͰɺͲ͔͜Βϝʔ ϧ͕དྷ͔ͨΛ͍͍ͪͪೝূ͢Δඞཁ͕ͳ͍ɻཧ۶͸Θ͔Δͷ͚ͩ Ͳ໎࿭ϝʔϧ͕͸ͼ͜Δ࠷େͷݪҼͷҰ͕ͭ͜Εɻ POP before SMTPɺSMTP-AUTHͳͲͷ֦ுͰೝূΛ͢Δɻ

  18. SPF, DKIM ͜ͷϝʔϧ͸ͪΌΜͱ͜ͷυϝΠϯΛॴ༗͍ͯ͠Δਓʢͷαʔ όʔʣ͔Βདྷͯ·͢Αɺͱ͍͏͜ͱΛ͍ࣔͨ͠ɻ ͲͪΒ΋DNSͷTXTϨίʔυʹهड़Λߦ͏ɻ • SPF: ڐՄ͢ΔIPΞυϨεΛࢦఆɻ • DKIM:

    ެ։伴ΛTXTϨίʔυʹઃఆɻαʔόʔ͸ൿີ伴Λར༻͠ ͯϝοηʔδʹॺ໊͢Δɻ

  19. SPF TXTϨίʔυʹIPΞυϨεɺ΋͘͠͸MXϨίʔυͷυϝΠϯ໊Λࢦ ఆ͢Δ͚ͩɻ ྫ: example.net. IN TXT "v=spf1 ip4:192.0.2.1 -all"

  20. DKIM • opendkimΛΠϯετʔϧͯ͠ઃఆ͢Δ • ΍Δ͜ͱଟ͍ͷͰৄࡉ͸DigitalOceanͷνϡʔτϦΞϧࢀর - https:/ /www.digitalocean.com/community/tutorials/how-to- install-and-configure-dkim-with-postfix-on-debian-wheezy •

    ެ։伴ɾൿີ伴ϖΞͷੜ੒ͱTXTϨίʔυͷੜ੒Λ΍ͬͯ͘ ΕΔ
  21. None

  22. DMARC • ϔομʹࣔ͞ΕΔૹ৴ऀͷυϝΠϯ(Header-From)ͱMAIL FROM ίϚϯυͰ౉͞ΕΔૹ৴ऀͷυϝΠϯ(Envelope-From)ͷҰகΛ औΔ • Header-FromͷυϝΠϯ໊ͱDKIMͷ"d="Ͱ༩͑ΒΕΔυϝΠϯ ໊ͷҰகΛऔΔ ͱ͍͏௥ՃͷೝূΛ͢Δɻࣦഊͨ͠৔߹ʹυϝΠϯΦʔφʔʹ໰

    ୊ͷ͋ΔϝʔϧΛใࠂͰ͖Δ࢓૊Έ΋͋Δɻ

  23. SPF, DKIM, DMARCͷઃ ఆϛε͸͔ͳΓଟ͍ αʔϏε࢖ͬͯͯ΋DNSઃఆ๨ΕΔͱ ໎࿭ϝʔϧѻ͍͞Ε·͢

  24. ड৴͢Δଆͱͯ͠͸ ʮ໎࿭ϝʔϧ͸ड৴ ϘοΫεʹೖͬͨ࣌఺ Ͱෛ͚ʯ MTAͰݕূͪΌΜͱ͠Α͏

  25. ૹΔଆͰؾΛ͚ͭͳ ͖Ό͍͚ͳ͍͜ͱ

  26. LTͩͱೖΓ੾Βͳ͍ͷ Ͱ؆୯ʹ঺հ

  27. GoogleͷҰׅૹ৴ΨΠυϥΠ ϯ https:/ /support.google.com/a/answer/81126?hl=ja ૹΔଆ͸͜Εकͬͯͳ͍ͱ͍ͭͷؒʹ͔໎࿭ϝʔϧϑΥϧμߦ͖ ʹͳΓ·͢ɻ ૹ৴ϘϦϡʔϜ͕େ͖͍৔߹͸Postmaster ToolsΛ࢖͏ͱΑ͍ɻ

  28. mail-tester.com https:/ /www.mail-tester.com/ ͜͜ʹϝʔϧૹΔͱIP͕ϒϥοΫϦετ͞ΕͯΔ͔Ͳ͏͔΍Ұൠ తͳઃఆϛεʹ͍ͭͯڭ͑ͯ͘ΕΔɻ

  29. None

  30. DigitalOcean͔Βૹͬͯ ͨΒMSNʹϒϩοΫ͞ ΕͯͨͰ͟͝Δ

  31. None

  32. چWILLCOMܥͷΞυϨ εʹ͸௨৴͢Βड͚෇ ͚ͯ΋Β͑ͳ͔ͬͨ

  33. None

  34. ݸਓͰϝʔϧ΍Δͷ͸͓͢͢ Ί͠·ͤΜ(࠶) • IMAP΍ΔͱετϨʔδ஍ࠈʹؕΓ·͢ • ໎࿭ϝʔϧରࡦ͸͠ΜͲ͍ • ઃఆϛεΔͱϝʔϧ͕૬खʹಧ͖·ͤΜ • ͱ͍͏͔SMTPΛ΍ΊΖ

  35. ͳͷͰWebαʔϏεΛ࢖͓͏ (࠶) • Mailgun, Mandrill, Postmark, SendGrid, Amazon SES •

    αʔόʔӡ༻Λؙ౤͛Ͱ͖Δ͠ • ໎࿭ϝʔϧରࡦ΍ͬͯ͘ΕΔ • IPΞυϨεͷϨϐϡςʔγϣϯ؅ཧ΋΍ͬͯ͘ΕΔ

  36. Ͳ͏ͯ͠΋΍Γ͍ͨ ํʹ͸ ΋͏ͪΐͬͱ౿ΈࠐΜͩ಺༰Λ"Dark Depths of SMTP"(ٕज़ॻయ4ॳग़)ͱ͍͏ ຊͰॻ͍͍ͯ·͢ ͜ͷ෼໺͸঎ۀຊ͕࠷ۙग़ͯͳ͍ͷͰ͓ ͦΒ͘࠷৽Ͱ͢ ͳ͓౦ํཁૉ͸දࢴ͚ͩͰ͢ɻ

  37. Welcome to SMTPপ