Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Email in Rails (and/or introduction to "Dark De...

sylph01
September 18, 2019
Technology
0
1.2k

Email in Rails (and/or introduction to "Dark Depths of Email")

presented at Fukuoka.rb 150th anniversary LT

sylph01

September 18, 2019
Tweet

More Decks by sylph01

See All by sylph01
Introduction to C Extensions
sylph01
3
160
"Actual" Security in Microcontroller Ruby!?
sylph01
0
110
Everyone Now Understands AuthZ/AuthN and Encryption Perfectly and I'm Gonna Lose My Job
sylph01
1
45
Updates on PicoRuby Networking, HPKE (and maybe more)
sylph01
1
270
Adding Security to Microcontroller Ruby
sylph01
2
3.4k
Secure Messaging at IETF 118
sylph01
0
94
Adventures in the Dungeons of OpenSSL
sylph01
0
570
Community & RubyKaigi Showcase @ Ehime.rb Reboot Meetup
sylph01
0
340
Build and Learn Rails Authentication
sylph01
8
2.1k

Other Decks in Technology

See All in Technology
Tirez profit de Messenger pour améliorer votre architecture
tucksaun
1
200
DevinはクラウドエンジニアAIになれるのか!? 実践的なガードレール設計/devin-can-become-a-cloud-engineer-ai-practical-guardrail-design
tomoki10
3
1.5k
チームビルディング「脅威モデリング」ワークショップ
koheiyoshikawa
0
180
React Server Componentは 何を解決し何を解決しないのか / What do React Server Components solve, and what do they not solve?
kaminashi
6
1.3k
20250328_RubyKaigiで出会い鯛_____RubyKaigiから始まったはじめてのOSSコントリビュート.pdf
mterada1228
0
420
AIエージェント開発における「攻めの品質改善」と「守りの品質保証」 / 2024.04.09 GPU UNITE 新年会 2025
smiyawaki0820
0
230
やさしいMCP入門
minorun365
PRO
135
78k
アプリケーション固有の「ロジックの脆弱性」を防ぐ開発者のためのセキュリティ観点
flatt_security
40
15k
AIエージェントキャッチアップと論文リサーチ
os1ma
6
1.4k
Tokyo dbt Meetup #13 dbtと連携するBI製品&機能ざっくり紹介
sagara
0
320
SSH公開鍵認証による接続 / Connecting with SSH Public Key Authentication
kaityo256
PRO
2
260
OPENLOGI Company Profile for engineer
hr01
1
23k

Featured

See All Featured
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
331
21k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
102
19k
4 Signs Your Business is Dying
shpigford
183
22k
Navigating Team Friction
lara
184
15k
Code Reviewing Like a Champion
maltzj
522
39k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
233
17k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
45
9.5k
Optimising Largest Contentful Paint
csswizardry
35
3.2k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Docker and Python
trallard
44
3.3k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
129
19k

Transcript

  1. Email in Rails, and/or Introduction to the "Dark Depths of

    Email" Ryo Kajiwara(sylph01) @ Fukuoka.rb #149/150

  2. ୭ʁ sylph01 / ֿݪ ཾ Twitter: @s01 ҉߸ͱ͔Ͱ͖·͢ Elixirͱ͔Ͱ͖·͢ Ruby·ΔͰΘ͔ΒΜ

  3. None

  4. W3CͷձٞͰདྷ·ͨ͠ ͍Ζ͍Ζweb-relatedͳεςοΧʔͱ ͔͋ΔͷͰ͋ͱͰ੠͔͚͍ͯͩ͘͞

  5. None
  6. None
  7. None

  8. RailsͰϝʔϧͷ͢΂ͯ Λѻ͑ΔΑ͏ʹͳͬ ͨʂ

  9. MTAʮ΁ͷʯೖΓޱΛ උ͍͑ͯΔɺͱ͋Δ͚ ͲɺͲͪΒ͔ͱ͍͏ͱ MTAʮ͔ΒͷʯೖΓޱ

  10. ͜Ε͸ԿΛ͢Δ΋ͷͧ • ड৴ϝʔϧΛActiveRecordΦϒδΣΫτʹม׵ • ActiveStorageͰϥΠϑαΠΫϧ؅ཧɺҰఆظؒܦͬͨΒࣗಈম ٫ʢ࡟আʣ • ϝʔϧΛड͚ͨͱ͖ͷॲཧΛॻ͚Δ

  11. ݸਓͰϝʔϧ΍Δͷ͸͓͢͢ Ί͠·ͤΜ • IMAP΍ΔͱετϨʔδ஍ࠈʹؕΓ·͢ • ໎࿭ϝʔϧରࡦ͸͠ΜͲ͍ • ઃఆϛεΔͱϝʔϧ͕૬खʹಧ͖·ͤΜ • ͱ͍͏͔SMTPΛ΍ΊΖ

  12. ͳͷͰGuidesʹॻ͍ͯ͋ΔΑ ͏ʹWebαʔϏεΛ࢖͓͏ • Mailgun • Mandrill • Postmark • SendGrid

    • ·ͨ͸Amazon SESʢଞʹൺ΂Δͱࣗ෼ͰMTA؅ཧ͢Δͷʹۙ͘ ͸͋Δʣ

  13. ͦΕͰ΋΍Γͨ͘ͳͬ ͨͱ͖ͷ࿩Λ͠·͢

  14. ஫: ͔͜͜ΒNot Ruby Rubyͷݴ༿ͰؤுΓ͔͚ͨͬͨͲؒ ʹ߹Θͳ͔ͬͨΑ…

  15. SMTP Ͳ͕͜Simple΍ͶΜMail Transfer Protocolɻ RFC 821 → ݱࡏͷ࠷৽͸ RFC 5321

    ʮϝʔϧΛόέπϦϨʔͷΑ͏ʹసૹ͢ΔʯͷͰʮSMTP relayingʯͱ͔ʮϦϨʔαʔόʔʯͱ͔͍͏͚ΕͲݱ୅తʹ͸͜ͷ Πϝʔδ͸࣋ͬͯͳͯ͘Α͍Ͱ͢ɻ૬खઌυϝΠϯ໊ͷMXϨίʔ υΛݟͯ௚઀ͦ͜ʹୟ͖͚ͭ·͢ɻ
  16. None

  17. SMTPʹ͸ೝূ͕ͳ͍ SMTP͸ϦϨʔػߏΛ࡞ΔͨΊͷϓϩτίϧͳͷͰɺͲ͔͜Βϝʔ ϧ͕དྷ͔ͨΛ͍͍ͪͪೝূ͢Δඞཁ͕ͳ͍ɻཧ۶͸Θ͔Δͷ͚ͩ Ͳ໎࿭ϝʔϧ͕͸ͼ͜Δ࠷େͷݪҼͷҰ͕ͭ͜Εɻ POP before SMTPɺSMTP-AUTHͳͲͷ֦ுͰೝূΛ͢Δɻ

  18. SPF, DKIM ͜ͷϝʔϧ͸ͪΌΜͱ͜ͷυϝΠϯΛॴ༗͍ͯ͠Δਓʢͷαʔ όʔʣ͔Βདྷͯ·͢Αɺͱ͍͏͜ͱΛ͍ࣔͨ͠ɻ ͲͪΒ΋DNSͷTXTϨίʔυʹهड़Λߦ͏ɻ • SPF: ڐՄ͢ΔIPΞυϨεΛࢦఆɻ • DKIM:

    ެ։伴ΛTXTϨίʔυʹઃఆɻαʔόʔ͸ൿີ伴Λར༻͠ ͯϝοηʔδʹॺ໊͢Δɻ

  19. SPF TXTϨίʔυʹIPΞυϨεɺ΋͘͠͸MXϨίʔυͷυϝΠϯ໊Λࢦ ఆ͢Δ͚ͩɻ ྫ: example.net. IN TXT "v=spf1 ip4:192.0.2.1 -all"

  20. DKIM • opendkimΛΠϯετʔϧͯ͠ઃఆ͢Δ • ΍Δ͜ͱଟ͍ͷͰৄࡉ͸DigitalOceanͷνϡʔτϦΞϧࢀর - https:/ /www.digitalocean.com/community/tutorials/how-to- install-and-configure-dkim-with-postfix-on-debian-wheezy •

    ެ։伴ɾൿີ伴ϖΞͷੜ੒ͱTXTϨίʔυͷੜ੒Λ΍ͬͯ͘ ΕΔ
  21. None

  22. DMARC • ϔομʹࣔ͞ΕΔૹ৴ऀͷυϝΠϯ(Header-From)ͱMAIL FROM ίϚϯυͰ౉͞ΕΔૹ৴ऀͷυϝΠϯ(Envelope-From)ͷҰகΛ औΔ • Header-FromͷυϝΠϯ໊ͱDKIMͷ"d="Ͱ༩͑ΒΕΔυϝΠϯ ໊ͷҰகΛऔΔ ͱ͍͏௥ՃͷೝূΛ͢Δɻࣦഊͨ͠৔߹ʹυϝΠϯΦʔφʔʹ໰

    ୊ͷ͋ΔϝʔϧΛใࠂͰ͖Δ࢓૊Έ΋͋Δɻ

  23. SPF, DKIM, DMARCͷઃ ఆϛε͸͔ͳΓଟ͍ αʔϏε࢖ͬͯͯ΋DNSઃఆ๨ΕΔͱ ໎࿭ϝʔϧѻ͍͞Ε·͢

  24. ड৴͢Δଆͱͯ͠͸ ʮ໎࿭ϝʔϧ͸ड৴ ϘοΫεʹೖͬͨ࣌఺ Ͱෛ͚ʯ MTAͰݕূͪΌΜͱ͠Α͏

  25. ૹΔଆͰؾΛ͚ͭͳ ͖Ό͍͚ͳ͍͜ͱ

  26. LTͩͱೖΓ੾Βͳ͍ͷ Ͱ؆୯ʹ঺հ

  27. GoogleͷҰׅૹ৴ΨΠυϥΠ ϯ https:/ /support.google.com/a/answer/81126?hl=ja ૹΔଆ͸͜Εकͬͯͳ͍ͱ͍ͭͷؒʹ͔໎࿭ϝʔϧϑΥϧμߦ͖ ʹͳΓ·͢ɻ ૹ৴ϘϦϡʔϜ͕େ͖͍৔߹͸Postmaster ToolsΛ࢖͏ͱΑ͍ɻ

  28. mail-tester.com https:/ /www.mail-tester.com/ ͜͜ʹϝʔϧૹΔͱIP͕ϒϥοΫϦετ͞ΕͯΔ͔Ͳ͏͔΍Ұൠ తͳઃఆϛεʹ͍ͭͯڭ͑ͯ͘ΕΔɻ

  29. None

  30. DigitalOcean͔Βૹͬͯ ͨΒMSNʹϒϩοΫ͞ ΕͯͨͰ͟͝Δ

  31. None

  32. چWILLCOMܥͷΞυϨ εʹ͸௨৴͢Βड͚෇ ͚ͯ΋Β͑ͳ͔ͬͨ

  33. None

  34. ݸਓͰϝʔϧ΍Δͷ͸͓͢͢ Ί͠·ͤΜ(࠶) • IMAP΍ΔͱετϨʔδ஍ࠈʹؕΓ·͢ • ໎࿭ϝʔϧରࡦ͸͠ΜͲ͍ • ઃఆϛεΔͱϝʔϧ͕૬खʹಧ͖·ͤΜ • ͱ͍͏͔SMTPΛ΍ΊΖ

  35. ͳͷͰWebαʔϏεΛ࢖͓͏ (࠶) • Mailgun, Mandrill, Postmark, SendGrid, Amazon SES •

    αʔόʔӡ༻Λؙ౤͛Ͱ͖Δ͠ • ໎࿭ϝʔϧରࡦ΍ͬͯ͘ΕΔ • IPΞυϨεͷϨϐϡςʔγϣϯ؅ཧ΋΍ͬͯ͘ΕΔ

  36. Ͳ͏ͯ͠΋΍Γ͍ͨ ํʹ͸ ΋͏ͪΐͬͱ౿ΈࠐΜͩ಺༰Λ"Dark Depths of SMTP"(ٕज़ॻయ4ॳग़)ͱ͍͏ ຊͰॻ͍͍ͯ·͢ ͜ͷ෼໺͸঎ۀຊ͕࠷ۙग़ͯͳ͍ͷͰ͓ ͦΒ͘࠷৽Ͱ͢ ͳ͓౦ํཁૉ͸දࢴ͚ͩͰ͢ɻ

  37. Welcome to SMTPপ