{"id":7486,"date":"2023-06-09T17:07:41","date_gmt":"2023-06-09T08:07:41","guid":{"rendered":"https:\/\/www.lancard.com\/blog\/?p=7486"},"modified":"2025-03-12T11:22:15","modified_gmt":"2025-03-12T02:22:15","slug":"postfix-mta-sts-resolver-and-tls-rpt","status":"publish","type":"post","link":"https:\/\/www.lancard.com\/blog\/2023\/06\/09\/postfix-mta-sts-resolver-and-tls-rpt\/","title":{"rendered":"postfix-mta-sts-resolver\u3068TLS-RPT\u3092\u8a2d\u5b9a\u3059\u308b"},"content":{"rendered":"\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:100%\">\n<a href=\"https:\/\/www.lancard.com\/blog\/2023\/05\/25\/mta-sts\/\">\u524d\u56de<\/a>MTA-STS\u3092\u8a2d\u5b9a\u3057\u307e\u3057\u305f\u304c\u3001postfix\u306e\u5b9f\u88c5\u3067\u3042\u308bpostfix-mta-sts-resolver\u3068\u3001TLS-RPT\u306e\u8a2d\u5b9a\u3092\u8ffd\u52a0\u3057\u3066\u307f\u307e\u3059\u3002<br>\u305f\u3060\u3001\u6b8b\u5ff5\u306a\u304c\u3089\u73fe\u72b6\u306fpostfix-mta-sts-resolver\u306b\u306f\u30a8\u30e9\u30fc\u30ec\u30dd\u30fc\u30c8\u306e\u6a5f\u80fd\u304c\u7121\u3044\u3088\u3046\u3067\u3059\u3002\n<\/div>\n<\/div>\n\n\n\n\n<!--more-->\n\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:100%\">\n\u9001\u53d7\u4fe1\u3057\u5408\u3046\u306e\u306b\u30012\u30c9\u30e1\u30a4\u30f3\u5206\u6709\u3063\u305f\u65b9\u304c\u826f\u3044\u3067\u3059\u3002<br>\u307e\u305fexample.com\u3067\u8a18\u8f09\u3057\u3066\u3044\u307e\u3059\u304c\u3001\u8a2d\u5b9a\u3059\u308b\u5404\u30c9\u30e1\u30a4\u30f3\u306b\u7f6e\u304d\u63db\u3048\u307e\u3059\u3002\n<\/div>\n<\/div>\n\n\n\n\n\n<h2 class=\"wp-block-heading\">DNS<\/h2>\n\n\n\n\nTLS-RPT\u7528\u306b\u3001_smtp._tls.[domain] \u306eTXT\u30ec\u30b3\u30fc\u30c9\u3092\u8a2d\u5b9a\u3057\u307e\u3059\u3002<br>example.com\u306e\u5834\u5408\u3001_smtp._tls.example.com\u306b\u306a\u308a\u307e\u3059\u3002<br>\u76f8\u624b\u5148\u304cTLS-RPT\u306e\u9001\u4fe1\u3092\u3057\u3066\u3044\u308c\u3070\u3001\u4ee5\u4e0b\u3067aikawa@example.com\u5b9b\u306b\u30ec\u30dd\u30fc\u30c8\u304c\u5c4a\u304d\u307e\u3059\u3002\n\n\n\n\n<pre class=\"wp-block-code\"><code>v=TLSRPTv1; rua=mailto:aikawa@example.com<\/code><\/pre>\n\n\n\n\n\n<h2 class=\"wp-block-heading\">postfix-mta-sts-resolver<\/h2>\n\n\n\n\n\u4e00\u5fdc\u3001CentOS7\u306ePostfix(2.10)\u3067\u3082\u53ef\u80fd\u3067\u3059\u304c\u3001\u305d\u306e\u5834\u5408SNI\u304c\u4f7f\u3048\u307e\u305b\u3093\u306e\u3067Postfix 3.4\u7cfb\u4ee5\u964d\u304c\u5165\u308bCentOS Stream 9\u7b49\u304c\u826f\u3044\u3068\u601d\u3044\u307e\u3059\u3002\n\n\n\n\n<pre class=\"wp-block-code\"><code>dnf install python3 python3-pip python3-devel gcc\npython3 -m pip install multidict typing_extensions attrs yarl async_timeout idna_ssl charset_normalizer aiosignal \npython3 -m pip install postfix-mta-sts-resolver&#91;redis,sqlite]<\/code><\/pre>\n\n\n\n\npip\u3067Warning\u304c\u51fa\u307e\u3059\u304c\u3001\u4eca\u56de\u306f\u7121\u8996\u3002\n\n\n\n\n<h4 class=\"wp-block-heading\">\/etc\/mta-sts-daemon.yml<\/h4>\n\n\n\n\n\n<pre class=\"wp-block-code\"><code>host: 127.0.0.1\nport: 8461\nreuse_port: true\nshutdown_timeout: 20\nproactive_policy_fetching:\n  enabled: true\n  interval: 86400\n  concurrency_limit: 100\n  grace_ratio: 2\ncache:\n  type: internal\n  options:\n    cache_size: 10000\ndefault_zone:\n  strict_testing: true\n  timeout: 4\n  require_sni: true\nzones:\n  myzone:\n    strict_testing: true\n    timeout: 4<\/code><\/pre>\n\n\n\n\nSNI\u3092\u30b5\u30dd\u30fc\u30c8\u3057\u3066\u3044\u306a\u3044Postfix(3.4\u672a\u6e80)\u306e\u5834\u5408\u3001require_sni\u3092false\u306b\u3057\u307e\u3059\u3002\n\n\n\n\n<h4 class=\"wp-block-heading\">\/etc\/systemd\/system\/postfix-mta-sts.service <\/h4>\n\n\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;Unit]\nDescription=Postfix MTA STS daemon instance\nAfter=syslog.target network.target\n\n&#91;Service]\nType=notify\nUser=mta-sts\nGroup=mta-sts\n# This is the ExecStart path for RHEL7 using python 36 from the Software collections.\n# You may use a different python interpreter on other distributions\nExecStart=\/usr\/local\/bin\/mta-sts-daemon\nRestart=always\nKillMode=process\nTimeoutStartSec=10\nTimeoutStopSec=30\n\n&#91;Install]\nWantedBy=multi-user.target<\/code><\/pre>\n\n\n\n\n\u30c7\u30fc\u30e2\u30f3\u5b9f\u884c\u7528\u30e6\u30fc\u30b6\u3092\u8ffd\u52a0\u3057\u3066\u3001systemctl\u3067\u8d77\u52d5\u51fa\u6765\u308b\u3088\u3046\u306b\u3057\u307e\u3059\u3002\n\n\n\n\n<pre class=\"wp-block-code\"><code>useradd -c \"Daemon for MTA-STS policy checks\" mta-sts -s \/sbin\/nologin\nsystemctl daemon-reload\nsystemctl enable postfix-mta-sts --now<\/code><\/pre>\n\n\n\n\n\n<h2 class=\"wp-block-heading\">Postfix<\/h2>\n\n\n\n\n\n<h4 class=\"wp-block-heading\">\/etc\/postfix\/main.cf<\/h4>\n\n\n\n\n\n<pre class=\"wp-block-code\"><code>## MTA-STS ##\nsmtp_tls_policy_maps = socketmap:inet:127.0.0.1:8461:postfix\n\n# Client TLS(CentOS 7\u7528 \/ CentOS Stream 9\u3067\u306f\u8a2d\u5b9a\u6e08)\nsmtp_tls_security_level = may\nsmtp_tls_CAfile = \/etc\/pki\/tls\/certs\/ca-bundle.crt\nsmtp_tls_loglevel = 1\n\n# \u4ed8\u3051\u306a\u3044\u3068Untrusted TLS \/ Anonymous TLS connection \u306b\u306a\u308b\nsmtpd_tls_ask_ccert = yes<\/code><\/pre>\n\n\n\n\n\u30ea\u30ed\u30fc\u30c9\u3057\u307e\u3059\u3002\n\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl reload postfix<\/code><\/pre>\n\n\n\n\n\n<h2 class=\"wp-block-heading\">\u78ba\u8a8d<\/h2>\n\n\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:100%\">\n\u307e\u305a\u306f\u3001\u8a2d\u5b9a\u3057\u305f\u30c9\u30e1\u30a4\u30f3\u540c\u58eb\u3067\u30e1\u30fc\u30eb\u3092\u9001\u3063\u3066\u307f\u3066\u3001\/var\/log\/maillog\u306b\u3001Trusted TLS\u304c\u8868\u793a\u3055\u308c\u3066\u3044\u308b\u4e8b\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002\n<\/div>\n<\/div>\n\n\n\n\n\n<pre class=\"wp-block-code\"><code>postfix\/smtp&#91;pid]: Trusted TLS connection established to example.com&#91;ipaddr]:25: TLSv1.2 with...<\/code><\/pre>\n\n\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:100%\">\nsmtpd_tls_ask_ccert\u3092yes\u306b\u3057\u3066\u3044\u306a\u3044\u5834\u5408\u3084\u3001Let&#8217;s Encrypt\u306e\u8a3c\u660e\u66f8\u8a2d\u5b9a\u3001smtp\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u306eCA\uff08\u4e2d\u9593\u8a3c\u660e\u66f8\uff09\u306e\u8a2d\u5b9a\u304c\u51fa\u6765\u3066\u3044\u306a\u3044\u3068\u3001Untrusted\u307e\u305f\u306fAnonymous \u306b\u306a\u3063\u305f\u308a\u3057\u307e\u3059\uff08CentOS7\u306fUntrusted\u3067\u3001CentOS Stream 9\u306fAnonymous\u306b\u306a\u308b\u3088\u3046\u3067\u3059\uff09\u3002\n<\/div>\n<\/div>\n\n\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:100%\">\n\u6b21\u306bPostfix\u306e\u8a2d\u5b9a\u304c\u52d5\u3044\u3066\u3044\u308b\u304b\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002\n<\/div>\n<\/div>\n\n\n\n\n\n<pre class=\"wp-block-code\"><code>\/usr\/sbin\/postmap -q example.com socketmap:inet:127.0.0.1:8461:postfix\n# secure match=example.com \u7b49\u3068\u51fa\u529b<\/code><\/pre>\n\n\n\n\n\u6700\u5f8c\u306b\u3001TLS-RPT\u306b\u8a2d\u5b9a\u3057\u305f\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u5b9b\u306b\u30ec\u30dd\u30fc\u30c8\u304c\u9001\u3089\u308c\u3066\u6765\u308b\u304b\u306e\u78ba\u8a8d\u306fGmail\u304c\u5b9f\u88c5\u3057\u3066\u3044\u308b\u3088\u3046\u3067\u3001Gmail\u3078\u306e\u9001\u4fe1\u3068Gmail\u304b\u3089\u306e\u53d7\u4fe1\u3092\u4f55\u5ea6\u304b\u3059\u308b\u3068\u3001\u6570\u65e5\u5f8c\u306b\u30ec\u30dd\u30fc\u30c8\u304cgz\u5f62\u5f0f\u306e\u6dfb\u4ed8\u30d5\u30a1\u30a4\u30eb\u3067\u9001\u3089\u308c\u3066\u6765\u307e\u3057\u305f\u3002<br>7-Zip\u7b49\u3067\u5c55\u958b\u3057\u3066\u3001Firefox\u306a\u3093\u304b\u306b\u30c9\u30ed\u30c3\u30d7\u3059\u308b\u3068\u898b\u3084\u3059\u3044\u3067\u3059\uff08\u30c9\u30e1\u30a4\u30f3\u540d\u306f\u3044\u3058\u3063\u3066\u3042\u308a\u307e\u3059\uff09\u3002\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.lancard.com\/blog\/wp-content\/uploads\/2023\/06\/image.png\"><img loading=\"lazy\" decoding=\"async\" width=\"602\" height=\"613\" src=\"https:\/\/www.lancard.com\/blog\/wp-content\/uploads\/2023\/06\/image-602x613.png\" alt=\"\" class=\"wp-image-7487\" srcset=\"https:\/\/www.lancard.com\/blog\/wp-content\/uploads\/2023\/06\/image-602x613.png 602w, https:\/\/www.lancard.com\/blog\/wp-content\/uploads\/2023\/06\/image-393x400.png 393w, https:\/\/www.lancard.com\/blog\/wp-content\/uploads\/2023\/06\/image.png 606w\" sizes=\"auto, (max-width: 602px) 100vw, 602px\" \/><\/a><\/figure>\n<a class=\"synved-social-button synved-social-button-share synved-social-size-24 synved-social-resolution-single synved-social-provider-facebook nolightbox\" data-provider=\"facebook\" target=\"_blank\" rel=\"nofollow\" title=\"Share on Facebook\" href=\"https:\/\/www.facebook.com\/sharer.php?u=https%3A%2F%2Fwww.lancard.com%2Fblog%2Fwp-json%2Fwp%2Fv2%2Fposts%2F7486&#038;t=postfix-mta-sts-resolver%E3%81%A8TLS-RPT%E3%82%92%E8%A8%AD%E5%AE%9A%E3%81%99%E3%82%8B&#038;s=100&#038;p&#091;url&#093;=https%3A%2F%2Fwww.lancard.com%2Fblog%2Fwp-json%2Fwp%2Fv2%2Fposts%2F7486&#038;p&#091;images&#093;&#091;0&#093;=https%3A%2F%2Fwww.lancard.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F06%2Fimage-602x613.png&#038;p&#091;title&#093;=postfix-mta-sts-resolver%E3%81%A8TLS-RPT%E3%82%92%E8%A8%AD%E5%AE%9A%E3%81%99%E3%82%8B\" style=\"font-size: 0px;width:24px;height:24px;margin:0;margin-bottom:5px;margin-right:5px\"><img loading=\"lazy\" decoding=\"async\" alt=\"Facebook\" title=\"Share on Facebook\" class=\"synved-share-image synved-social-image synved-social-image-share\" width=\"24\" height=\"24\" style=\"display: inline;width:24px;height:24px;margin: 0;padding: 0;border: none;box-shadow: none\" src=\"https:\/\/www.lancard.com\/blog\/wp-content\/plugins\/social-media-feather\/synved-social\/image\/social\/regular\/48x48\/facebook.png\" \/><\/a><a class=\"synved-social-button synved-social-button-share synved-social-size-24 synved-social-resolution-single synved-social-provider-twitter nolightbox\" data-provider=\"twitter\" target=\"_blank\" rel=\"nofollow\" title=\"Share on Twitter\" href=\"http:\/\/twitter.com\/share?url=https%3A%2F%2Fwww.lancard.com%2Fblog%2Fwp-json%2Fwp%2Fv2%2Fposts%2F7486&#038;text=postfix-mta-sts-resolver%E3%81%A8TLS-RPT%E3%82%92%E8%A8%AD%E5%AE%9A%E3%81%99%E3%82%8B\" style=\"font-size: 0px;width:24px;height:24px;margin:0;margin-bottom:5px;margin-right:5px\"><img loading=\"lazy\" decoding=\"async\" alt=\"twitter\" title=\"Share on Twitter\" class=\"synved-share-image synved-social-image synved-social-image-share\" width=\"24\" height=\"24\" style=\"display: inline;width:24px;height:24px;margin: 0;padding: 0;border: none;box-shadow: none\" src=\"https:\/\/www.lancard.com\/blog\/wp-content\/plugins\/social-media-feather\/synved-social\/image\/social\/regular\/48x48\/twitter.png\" \/><\/a><a class=\"synved-social-button synved-social-button-share synved-social-size-24 synved-social-resolution-single synved-social-provider-linkedin nolightbox\" data-provider=\"linkedin\" target=\"_blank\" rel=\"nofollow\" title=\"Share on Linkedin\" href=\"https:\/\/www.linkedin.com\/shareArticle?mini=true&#038;url=https%3A%2F%2Fwww.lancard.com%2Fblog%2Fwp-json%2Fwp%2Fv2%2Fposts%2F7486&#038;title=postfix-mta-sts-resolver%E3%81%A8TLS-RPT%E3%82%92%E8%A8%AD%E5%AE%9A%E3%81%99%E3%82%8B\" style=\"font-size: 0px;width:24px;height:24px;margin:0;margin-bottom:5px;margin-right:5px\"><img loading=\"lazy\" decoding=\"async\" alt=\"linkedin\" title=\"Share on Linkedin\" class=\"synved-share-image synved-social-image synved-social-image-share\" width=\"24\" height=\"24\" style=\"display: inline;width:24px;height:24px;margin: 0;padding: 0;border: none;box-shadow: none\" src=\"https:\/\/www.lancard.com\/blog\/wp-content\/plugins\/social-media-feather\/synved-social\/image\/social\/regular\/48x48\/linkedin.png\" \/><\/a><a class=\"synved-social-button synved-social-button-share synved-social-size-24 synved-social-resolution-single synved-social-provider-tumblr nolightbox\" data-provider=\"tumblr\" target=\"_blank\" rel=\"nofollow\" title=\"Share on tumblr\" href=\"https:\/\/tumblr.com\/share?s=&#038;v=3&#038;t=postfix-mta-sts-resolver%E3%81%A8TLS-RPT%E3%82%92%E8%A8%AD%E5%AE%9A%E3%81%99%E3%82%8B&#038;u=https%3A%2F%2Fwww.lancard.com%2Fblog%2Fwp-json%2Fwp%2Fv2%2Fposts%2F7486\" style=\"font-size: 0px;width:24px;height:24px;margin:0;margin-bottom:5px;margin-right:5px\"><img loading=\"lazy\" decoding=\"async\" alt=\"tumblr\" title=\"Share on tumblr\" class=\"synved-share-image synved-social-image synved-social-image-share\" width=\"24\" height=\"24\" style=\"display: inline;width:24px;height:24px;margin: 0;padding: 0;border: none;box-shadow: none\" src=\"https:\/\/www.lancard.com\/blog\/wp-content\/plugins\/social-media-feather\/synved-social\/image\/social\/regular\/48x48\/tumblr.png\" \/><\/a><a class=\"synved-social-button synved-social-button-share synved-social-size-24 synved-social-resolution-single synved-social-provider-mail nolightbox\" data-provider=\"mail\" rel=\"nofollow\" title=\"Share by email\" href=\"mailto:?subject=postfix-mta-sts-resolver%E3%81%A8TLS-RPT%E3%82%92%E8%A8%AD%E5%AE%9A%E3%81%99%E3%82%8B&#038;body=%E3%82%B7%E3%82%A7%E3%82%A2%E3%81%99%E3%82%8B%EF%BC%9A:%20https%3A%2F%2Fwww.lancard.com%2Fblog%2Fwp-json%2Fwp%2Fv2%2Fposts%2F7486\" style=\"font-size: 0px;width:24px;height:24px;margin:0;margin-bottom:5px\"><img loading=\"lazy\" decoding=\"async\" alt=\"mail\" title=\"Share by email\" class=\"synved-share-image synved-social-image synved-social-image-share\" width=\"24\" height=\"24\" style=\"display: inline;width:24px;height:24px;margin: 0;padding: 0;border: none;box-shadow: none\" src=\"https:\/\/www.lancard.com\/blog\/wp-content\/plugins\/social-media-feather\/synved-social\/image\/social\/regular\/48x48\/mail.png\" \/><\/a>","protected":false},"excerpt":{"rendered":"<p>\u524d\u56deMTA-STS\u3092\u8a2d\u5b9a\u3057\u307e\u3057\u305f\u304c\u3001postfix\u306e\u5b9f\u88c5\u3067\u3042\u308bpostfix-mta-sts-resolver\u3068\u3001TLS-RPT\u306e\u8a2d\u5b9a\u3092\u8ffd\u52a0\u3057\u3066\u307f\u307e\u3059\u3002\u305f\u3060\u3001\u6b8b\u5ff5\u306a\u304c\u3089\u73fe\u72b6\u306fpostfix-mta-sts-resolve [&hellip;]<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-7486","post","type-post","status-publish","format-standard","hentry","category-1"],"_links":{"self":[{"href":"https:\/\/www.lancard.com\/blog\/wp-json\/wp\/v2\/posts\/7486","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.lancard.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.lancard.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.lancard.com\/blog\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/www.lancard.com\/blog\/wp-json\/wp\/v2\/comments?post=7486"}],"version-history":[{"count":26,"href":"https:\/\/www.lancard.com\/blog\/wp-json\/wp\/v2\/posts\/7486\/revisions"}],"predecessor-version":[{"id":7513,"href":"https:\/\/www.lancard.com\/blog\/wp-json\/wp\/v2\/posts\/7486\/revisions\/7513"}],"wp:attachment":[{"href":"https:\/\/www.lancard.com\/blog\/wp-json\/wp\/v2\/media?parent=7486"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.lancard.com\/blog\/wp-json\/wp\/v2\/categories?post=7486"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.lancard.com\/blog\/wp-json\/wp\/v2\/tags?post=7486"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}