{"id":18969,"date":"2026-04-12T15:05:59","date_gmt":"2026-04-12T13:05:59","guid":{"rendered":"https:\/\/webhosting.de\/blog-mailserver-tls-konfiguration-cipher-auswahl-optimierung-server\/"},"modified":"2026-04-12T15:05:59","modified_gmt":"2026-04-12T13:05:59","slug":"%e3%83%96%e3%83%ad%e3%82%b0-%e3%83%a1%e3%83%bc%e3%83%ab%e3%82%b5%e3%83%bc%e3%83%90%e3%83%bc-tls-%e8%a8%ad%e5%ae%9a-%e6%9a%97%e5%8f%b7-%e9%81%b8%e6%8a%9e-%e6%9c%80%e9%81%a9%e5%8c%96-%e3%82%b5%e3%83%bc","status":"publish","type":"post","link":"https:\/\/webhosting.de\/ja\/blog-mailserver-tls-konfiguration-cipher-auswahl-optimierung-server\/","title":{"rendered":"\u30e1\u30fc\u30eb\u30b5\u30fc\u30d0\u30fc\u306eTLS\u8a2d\u5b9a\u3068\u6697\u53f7\u306e\u9078\u629e\uff1a\u7a76\u6975\u306e\u30ac\u30a4\u30c9"},"content":{"rendered":"<p>\u305d\u306e\u65b9\u6cd5\u3092\u304a\u898b\u305b\u3057\u3088\u3046\u3002 <strong>\u30e1\u30fc\u30eb\u30b5\u30fc\u30d0\u30fc TLS<\/strong> SMTP\u63a5\u7d9a\u304c\u4e00\u8cab\u3057\u3066\u4fdd\u8b77\u3055\u308c\u308b\u3088\u3046\u306b\u3001Postfix\u3067\u5f37\u529b\u306a\u6697\u53f7\u30b9\u30a4\u30fc\u30c8\u3092\u9078\u629e\u3057\u307e\u3059\u3002TLS 1.2\/1.3\u3001DANE\u3001MTA-STS\u304a\u3088\u3073\u6700\u65b0\u306e\u30ad\u30fc\u30da\u30a2\u306e\u305f\u3081\u306e\u8a66\u884c\u932f\u8aa4\u3055\u308c\u305f\u30d1\u30e9\u30e1\u30fc\u30bf\u306b\u57fa\u3065\u304d\u3001\u8a2d\u5b9a\u3001\u30c6\u30b9\u30c8\u3001\u30c1\u30e5\u30fc\u30cb\u30f3\u30b0\u3092\u9806\u3092\u8ffd\u3063\u3066\u8aac\u660e\u3057\u307e\u3059\u3002 <strong>\u30e1\u30fc\u30eb\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3<\/strong> \u30b0\u30ea\u30c3\u30d7\u3092\u304d\u308c\u3044\u306b\u63e1\u308b\u3002.<\/p>\n\n<h2>\u4e2d\u5fc3\u70b9<\/h2>\n\n<ul>\n  <li><strong>\u30dd\u30b9\u30c8\u30d5\u30a3\u30c3\u30af\u30b9<\/strong> \u5b89\u5168\u306b\u8a2d\u5b9a\uff1aTLS\u306e\u6709\u52b9\u5316\u3001\u30d7\u30ed\u30c8\u30b3\u30eb\u306e\u5236\u9650\u3001\u30ed\u30ae\u30f3\u30b0\u306e\u8a2d\u5b9a\u3002.<\/li>\n  <li><strong>\u6697\u53f7<\/strong> \u3092\u512a\u5148\u3059\u308b\uff1aECDHE + GCM\/CHACHA20\u3001PFS\u306e\u5b9f\u65bd\u3001\u30ec\u30ac\u30b7\u30fc\u30c7\u30fc\u30bf\u306e\u30d6\u30ed\u30c3\u30af\u3002.<\/li>\n  <li><strong>\u8a3c\u660e\u66f8<\/strong> \u30af\u30ea\u30fc\u30f3\u306b\u4fdd\u3064\uff1aRSA+ECDSA\u3001\u5b8c\u5168\u306a\u30c1\u30a7\u30fc\u30f3\u3001\u5f37\u529b\u306a\u30ab\u30fc\u30d6\u3002.<\/li>\n  <li><strong>DANE\/MTA-STS<\/strong> \u5229\u7528\u3059\u308b\uff1a\u30ac\u30a4\u30c9\u30e9\u30a4\u30f3\u306e\u30a2\u30f3\u30ab\u30ea\u30f3\u30b0\u3068\u683c\u4e0b\u3052\u30ea\u30b9\u30af\u306e\u8efd\u6e1b\u3002.<\/li>\n  <li><strong>\u30c6\u30b9\u30c8<\/strong> \u76e3\u8996\uff1a OpenSSL\u3001TLS\u30b9\u30ad\u30e3\u30ca\u3001MTA\u30ed\u30b0\u3092\u5b9a\u671f\u7684\u306b\u30c1\u30a7\u30c3\u30af\u3059\u308b\u3002.<\/li>\n<\/ul>\n\n\n<figure class=\"wp-block-image size-full is-resized\">\n  <img fetchpriority=\"high\" decoding=\"async\" src=\"https:\/\/webhosting.de\/wp-content\/uploads\/2026\/04\/mailserver-konfiguration-4721.png\" alt=\"\" width=\"1536\" height=\"1024\"\/>\n<\/figure>\n\n\n<h2>TLS\u7d4c\u7531\u306eSMTP\uff1a\u4f55\u304c\u672c\u5f53\u306b\u5b89\u5168\u304b<\/h2>\n\n<p>\u3067SMTP\u3092\u4fdd\u8b77\u3059\u308b\u3002 <strong>STARTTLS<\/strong>, \u96fb\u5b50\u30e1\u30fc\u30eb\u306e\u8ee2\u9001\u304c\u30d7\u30ec\u30fc\u30f3\u30c6\u30ad\u30b9\u30c8\u3067\u884c\u308f\u308c\u306a\u3044\u3088\u3046\u306b\u3059\u308b\u3002\u30aa\u30dd\u30c1\u30e5\u30cb\u30b9\u30c6\u30a3\u30c3\u30afTLS <strong>smtpd_tls_security_level = may<\/strong> \u7740\u4fe1\u63a5\u7d9a\u3067\u306f\u3001\u30ea\u30e2\u30fc\u30c8\u30fb\u30b9\u30c6\u30fc\u30b7\u30e7\u30f3\u304c\u6697\u53f7\u5316\u3092\u63d0\u4f9b\u3059\u308b\u3068\u540c\u6642\u306b\u3001\u6697\u53f7\u5316\u304c\u4f7f\u7528\u3055\u308c\u308b\u3088\u3046\u306b\u3059\u308b\u3002\u9001\u51fa\u306b\u306f <strong>smtp_tls_security_level = dane<\/strong> DNSSEC\u304c\u30b5\u30dd\u30fc\u30c8\u3059\u308b\u30dd\u30ea\u30b7\u30fc\u30fb\u30c1\u30a7\u30c3\u30af\u306b\u3088\u308a\u3001\u30c0\u30a6\u30f3\u30b0\u30ec\u30fc\u30c9\u653b\u6483\u304c\u3088\u308a\u56f0\u96e3\u306b\u306a\u308a\u307e\u3059\u3002TLS\u304c\u306a\u3051\u308c\u3070\u3001\u30e1\u30fc\u30eb\u306f\u8ee2\u9001\u4e2d\u306b\u8aad\u307e\u308c\u305f\u308a\u64cd\u4f5c\u3055\u308c\u305f\u308a\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u3001\u30d5\u30a9\u30fc\u30e0\u3084\u6ce8\u6587\u3001\u53e3\u5ea7\u30c7\u30fc\u30bf\u306b\u3068\u3063\u3066\u306f\u7279\u306b\u5371\u967a\u3067\u3059\u3002\u7d42\u59cbTLS\u304c\u6709\u52b9\u306a\u305f\u3081\u3001\u76d7\u8074\u3084MITM\u306e\u30ea\u30b9\u30af\u3092\u5927\u5e45\u306b\u6e1b\u3089\u3059\u3053\u3068\u304c\u3067\u304d\u3001\u5927\u624b\u306e\u30d7\u30ed\u30d0\u30a4\u30c0\u30fc\u304c\u5b89\u5168\u306a\u63a5\u7d9a\u3092\u597d\u610f\u7684\u306b\u8a55\u4fa1\u3059\u308b\u305f\u3081\u3001\u914d\u4fe1\u7387\u3082\u5411\u4e0a\u3057\u3066\u3044\u307e\u3059\u3002.<\/p>\n\n<h2>Postfix\u306b\u304a\u3051\u308b\u9375\u3001\u8a3c\u660e\u66f8\u3001\u30d7\u30ed\u30c8\u30b3\u30eb<\/h2>\n\n<p>\u79c1\u306f2\u3064\u306e\u8a3c\u660e\u66f8\u3092\u7528\u610f\u3057\u3066\u3044\u308b\u3002 <strong>\u30a2\u30fc\u30eb\u30a8\u30b9\u30a8\u30fc<\/strong>-\u8a3c\u660e\u66f8\u3068ECDSA\u8a3c\u660e\u66f8\u3092\u4f7f\u3063\u3066\u3001\u65b0\u65e7\u306eMTA\u304c\u6700\u9069\u306b\u63a5\u7d9a\u3055\u308c\u308b\u3088\u3046\u306b\u3057\u305f\u3002Postfix\u306e\u30d1\u30b9\u306f\u6b21\u306e\u3088\u3046\u306b\u660e\u78ba\u306b\u8a2d\u5b9a\u3057\u305f\u3002 <strong>smtpd_tls_cert_file<\/strong> RSA\u3068 <strong>smtpd_tls_eccert_file<\/strong> ECDSA\u306e\u5834\u5408\u3001\u305d\u308c\u305e\u308c\u304c\u4e00\u81f4\u3059\u308b\u9375\u3092\u6301\u3063\u3066\u3044\u308b\u3002\u30af\u30ea\u30fc\u30f3\u306a\u8a8d\u8a3c\u306e\u305f\u3081\u306b\u3001\u79c1\u306f\u5b8c\u5168\u306a\u30c1\u30a7\u30fc\u30f3\u3001\u30db\u30b9\u30c8\u306b\u6b63\u78ba\u306b\u4e00\u81f4\u3059\u308bCN\/SAN\u3001\u305d\u3057\u3066\u4ee5\u4e0b\u306e\u3088\u3046\u306a\u30ab\u30fc\u30d6\u306b\u6ce8\u610f\u3092\u6255\u3046\u3002 <strong>secp384r1<\/strong> \u3092ECDSA\u30ad\u30fc\u306b\u4f7f\u7528\u3059\u308b\u3002\u79c1\u306f\u3001\u5f37\u5236\u7684\u306a\u30c0\u30a6\u30f3\u30b0\u30ec\u30fc\u30c9\u3092\u9632\u3050\u305f\u3081\u306b\u3001\u53e4\u3044\u30d7\u30ed\u30c8\u30b3\u30eb\u3001\u3064\u307e\u308aSSLv2\u3084SSLv3\u3092\u53b3\u683c\u306b\u7121\u52b9\u5316\u3057\u3066\u3044\u308b\u3002\u8a3c\u660e\u66f8\u306e\u7a2e\u985e\u3092\u691c\u8a0e\u3055\u308c\u308b\u5834\u5408\u306f\u3001\u4ee5\u4e0b\u306e\u30b5\u30a4\u30c8\u3092\u3054\u89a7\u304f\u3060\u3055\u3044\u3002 <a href=\"https:\/\/webhosting.de\/ja\/%e3%83%9b%e3%82%b9%e3%83%86%e3%82%a3%e3%83%b3%e3%82%b0%e3%83%bb%e3%82%bb%e3%82%ad%e3%83%a5%e3%83%aa%e3%83%86%e3%82%a3%e3%81%ae%e6%af%94%e8%bc%83\/\">DV\u3001OV\u307e\u305f\u306fEV<\/a>, \u9069\u5207\u306a\u4fe1\u983c\u5ea6\u3092\u9078\u629e\u3067\u304d\u308b\u3088\u3046\u306b\u3002.<\/p>\n\n\n<figure class=\"wp-block-image size-full is-resized\">\n  <img decoding=\"async\" src=\"https:\/\/webhosting.de\/wp-content\/uploads\/2026\/04\/tls_configuration_guide_4928.png\" alt=\"\" width=\"1536\" height=\"1024\"\/>\n<\/figure>\n\n\n<h2>\u6697\u53f7\u306e\u9078\u629e\uff1aTLS 1.2\/1.3\u306e\u512a\u5148\u9806\u4f4d<\/h2>\n\n<p>\u306e\u6697\u53f7\u30b9\u30a4\u30fc\u30c8\u3092\u512a\u5148\u3059\u308b\u3002 <strong>\u30d4\u30fc\u30a8\u30d5\u30a8\u30b9<\/strong>, \u3059\u306a\u308f\u3061\u3001DHE\u306e\u524d\u306bECDHE\u3092\u4f7f\u7528\u3057\u3001GCM\u307e\u305f\u306fCHACHA20-POLY1305\u3092\u4f7f\u7528\u3059\u308b\u3002TLS 1.3\u3067\u306f\u3001\u30b9\u30bf\u30c3\u30af\u306f\u591a\u304f\u306e\u30ec\u30ac\u30b7\u30fc\u306a\u554f\u984c\u304b\u3089\u89e3\u653e\u3057\u3066\u304f\u308c\u308b\u304c\u3001TLS 1.2\u3067\u306f\u307e\u3060\u660e\u78ba\u306a\u30ea\u30b9\u30c8\u304c\u5fc5\u8981\u3060\u3002TLS1.2\u3067\u306f\u307e\u3060\u660e\u78ba\u306a\u30ea\u30b9\u30c8\u304c\u5fc5\u8981\u3067\u3059\u3002 <strong>\u30a2\u30fc\u30eb\u30b7\u30fc\u30d5\u30a9\u30fc<\/strong>, \u79c1\u306f3DES\u3001CAMELLIA\u3001aNULL\u3001eNULL\u3092\u524a\u9664\u3057\u3066\u3044\u308b\u3002Postfix\u3067\u306f <strong>smtpd_tls_ciphers = high<\/strong> \u3068\u5236\u9650\u7684\u306a <em>tls_high_cipherlist<\/em>, \u6642\u4ee3\u9045\u308c\u306e\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u304c\u3059\u308a\u629c\u3051\u306a\u3044\u3088\u3046\u306b\u3002\u3055\u3089\u306b\u6df1\u304f\u6398\u308a\u4e0b\u3052\u308b\u3068 <a href=\"https:\/\/webhosting.de\/ja\/%e3%83%9b%e3%82%b9%e3%83%86%e3%82%a3%e3%83%b3%e3%82%b0%e3%82%bb%e3%82%ad%e3%83%a5%e3%83%aa%e3%83%86%e3%82%a3-%e3%82%b5%e3%83%bc%e3%83%90%e3%83%bc%e3%83%96%e3%83%bc%e3%82%b9%e3%83%88\/\">\u6697\u53f7\u30b9\u30a4\u30fc\u30c8\u30ac\u30a4\u30c9<\/a> \u30d0\u30e9\u30b9\u30c8\u306e\u306a\u3044\u308f\u304b\u308a\u3084\u3059\u3044\u30ab\u30c6\u30b4\u30ea\u30fc\u5206\u3051\u3002.<\/p>\n\n<table>\n  <thead>\n    <tr>\n      <th>TLS\u30d0\u30fc\u30b8\u30e7\u30f3<\/th>\n      <th>\u304a\u6c17\u306b\u5165\u308a\u306e\u6697\u53f7\u30b9\u30a4\u30fc\u30c8<\/th>\n      <th>\u30b9\u30c6\u30fc\u30bf\u30b9<\/th>\n      <th>\u30d2\u30f3\u30c8<\/th>\n    <\/tr>\n  <\/thead>\n  <tbody>\n    <tr>\n      <td><strong>TLS 1.3<\/strong><\/td>\n      <td>TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_GCM_SHA256<\/td>\n      <td>\u30a2\u30af\u30c6\u30a3\u30d6<\/td>\n      <td>\u30bb\u30ec\u30af\u30b7\u30e7\u30f3\u306f\u3057\u3063\u304b\u308a\u3068\u30d7\u30ed\u30c8\u30b3\u30eb\u306b\u7d44\u307f\u8fbc\u307e\u308c\u3001\u30ec\u30ac\u30b7\u30fc\u306e\u554f\u984c\u306f\u306a\u304f\u306a\u3063\u305f\u3002.<\/td>\n    <\/tr>\n    <tr>\n      <td><strong>TLS 1.2<\/strong><\/td>\n      <td>ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-ECDSA-CHACHA20-POLY1305<\/td>\n      <td>\u30a2\u30af\u30c6\u30a3\u30d6<\/td>\n      <td>PFS\u3092\u512a\u5148\u3057\u3001GCM\/CHACHA\u3092\u597d\u3080\u3002.<\/td>\n    <\/tr>\n    <tr>\n      <td><strong>\u5ec3\u6b62<\/strong><\/td>\n      <td>RC4\u30013DES\u3001CAMELLIA\u3001AES128-SHA\u3001aNULL\/eNULL<\/td>\n      <td>\u9375\u4ed8\u304d<\/td>\n      <td>\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4e0a\u306e\u7406\u7531\u304b\u3089\u5b8c\u5168\u306b\u7121\u52b9\u5316\u3059\u308b\u3002.<\/td>\n    <\/tr>\n  <\/tbody>\n<\/table>\n\n<h2>Postfix: main.cf\u306e\u5177\u4f53\u7684\u306a\u30d1\u30e9\u30e1\u30fc\u30bf<\/h2>\n\n<p>\u79c1\u306f\u3001MTA\u304c\u30a4\u30f3\u30d0\u30a6\u30f3\u30c9\u3068\u30a2\u30a6\u30c8\u30d0\u30a6\u30f3\u30c9\u306e\u4e21\u65b9\u3067\u30bb\u30ad\u30e5\u30a2\u306b\u8a71\u3059\u3088\u3046\u306b\u3001\u660e\u78ba\u306a\u30b3\u30f3\u30d5\u30a3\u30ae\u30e5\u30ec\u30fc\u30b7\u30e7\u30f3\u3092\u8a2d\u5b9a\u3057\u307e\u3057\u305f\u3002\u30a8\u30d5\u30a7\u30e1\u30e9\u30ebECDH\u306b\u306f <strong>smtpd_tls_eecdh_grade<\/strong> \u305d\u3057\u3066\u3001CRIME\u306e\u3088\u3046\u306a\u653b\u6483\u3092\u907f\u3051\u308b\u305f\u3081\u306b\u5727\u7e2e\u3092\u89e3\u9664\u3057\u3066\u3044\u308b\u30024096\u30d3\u30c3\u30c8\u306e\u5f37\u529b\u306aDH\u30d5\u30a1\u30a4\u30eb\u306f\u3001\u5f31\u3044DHE\u4ea4\u6e09\u3092\u9632\u3050\u3002\u30d7\u30ed\u30c8\u30b3\u30eb\u306b\u53b3\u3057\u3044\u5236\u9650\u3092\u304b\u3051\u3001TLS 1.3\u306e\u3088\u3046\u306a\u9ad8\u3044\u6697\u53f7\u54c1\u8cea\u3092\u5f37\u5236\u3057\u3066\u3044\u308b\u3002\u6700\u521d\u306e\u3046\u3061\u306f\u3001\u9069\u5ea6\u306a\u30ed\u30b0\u30ec\u30d9\u30eb\u3067\u3001\u30b8\u30e3\u30fc\u30ca\u30eb\u3092\u6ea2\u308c\u3055\u305b\u308b\u3053\u3068\u306a\u304f\u30cf\u30f3\u30c9\u30b7\u30a7\u30a4\u30af\u3092\u30c1\u30a7\u30c3\u30af\u3067\u304d\u308b\u3088\u3046\u306b\u3057\u3066\u3044\u308b\u3002.<\/p>\n\n<pre><code># \u30a2\u30af\u30c6\u30a3\u30d9\u30fc\u30b7\u30e7\u30f3\u3068\u30dd\u30ea\u30b7\u30fc\nsmtpd_tls_security_level = may\nsmtp_tls_security_level = dane\n\n#\u8a3c\u660e\u66f8\uff08\u30d1\u30b9\u306e\u4f8b\uff09\nsmtpd_tls_cert_file = \/etc\/ssl\/certs\/mail.example.de.cer\nsmtpd_tls_key_file = \/etc\/ssl\/private\/mail.example.de.key\nsmtpd_tls_eccert_file = \/etc\/ssl\/certs\/mail.example.de_ecc.cer\nsmtpd_tls_eckey_file = \/etc\/ssl\/private\/mail.example.de_ecc.key\n\n#\u30d7\u30ed\u30c8\u30b3\u30eb\u3068\u6697\u53f7\nsmtpd_tls_protocols = !SSLv2, !SSLv3\nsmtpd_tls_mandatory_protocols = !SSLv2, !SSLv3\nsmtpd_tls_ciphers = high\ntls_high_cipherlist = !aNULL:!eNULL:!RC4:!3DES:!CAMELLIA:HIGH:@STRENGTH\ntls_ssl_options = NO_COMPRESSION\nsmtpd_tls_eecdh_grade = ultra\n\n# DH\u30d1\u30e9\u30e1\u30fc\u30bf\nsmtpd_tls_dh1024_param_file = \/etc\/postfix\/dh_4096.pem\n\n# DNSSEC\/DANE (\u5229\u7528\u53ef\u80fd\u306a\u5834\u5408)\nsmtp_dns_support_level = dnssec\n\n#\u30ed\u30b0\nsmtpd_tls_logle \u30ec\u30d9\u30eb = 1\n<\/code><\/pre>\n\n<p>\u79c1\u306f\u8a3c\u660e\u66f8\u30c1\u30a7\u30fc\u30f3\u3092\u5b8c\u5168\u306a\u72b6\u614b\u306b\u4fdd\u3061\u3001\u6b21\u306e\u3088\u3046\u306a\u6b63\u3057\u3044\u6a29\u5229\u306b\u6ce8\u610f\u3092\u6255\u3046\u3002 <strong>\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8<\/strong> \u30ad\u30fc\u30d5\u30a1\u30a4\u30eb\u3092\u518d\u8aad\u307f\u8fbc\u307f\u3057\u3001\u518d\u8aad\u307f\u8fbc\u307f\u5f8c\u306e\u30ed\u30b0\u3092\u30c1\u30a7\u30c3\u30af\u3059\u308b\u3002\u30ec\u30ac\u30b7\u30fc\u30fb\u30d1\u30fc\u30c8\u30ca\u30fc\u306e\u305f\u3081\u306bTLS 1.2\u304c\u5fc5\u8981\u306a\u5834\u5408\u306f\u3001GCM\/CHACHA\u306b\u53b3\u5bc6\u306b\u3053\u3060\u308f\u308a\u3001\u305d\u308c\u4ee5\u5916\u306f\u3059\u3079\u3066\u30d6\u30ed\u30c3\u30af\u3059\u308b\u3002TLS 1.3\u306e\u5834\u5408\u306f\u3001\u30b9\u30bf\u30c3\u30af\u306e\u6a19\u6e96\u306b\u983c\u308a\u3001\u30e1\u30f3\u30c6\u30ca\u30f3\u30b9\u304c\u96e3\u3057\u304f\u306a\u308b\u3088\u3046\u306a\u7279\u5225\u306a\u30d1\u30b9\u306f\u907f\u3051\u308b\u3002OCSP\u30b9\u30c6\u30fc\u30d7\u30ea\u30f3\u30b0\u306f\u3001\u30a2\u30c3\u30d7\u30b9\u30c8\u30ea\u30fc\u30e0\u30d7\u30ed\u30ad\u30b7\u304c\u63d0\u4f9b\u3059\u308b\u5834\u5408\u306b\u306e\u307fSMTP\u3067\u5f79\u5272\u3092\u679c\u305f\u3059\u306e\u3067\u3001\u5bfe\u5fdc\u3059\u308b\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7\u306e\u5834\u5408\u306b\u306e\u307f\u30c1\u30a7\u30c3\u30af\u3059\u308b\u3002\u5909\u66f4\u306e\u305f\u3073\u306bOpenSSL\u3067\u691c\u8a3c\u3092\u884c\u3044\u3001\u526f\u4f5c\u7528\u3092\u65e9\u671f\u306b\u8a8d\u8b58\u3057 <strong>\u96fb\u5b50\u30e1\u30fc\u30eb\u306e\u6697\u53f7\u5316<\/strong> \u4e00\u8cab\u3057\u3066\u3044\u308b\u3002.<\/p>\n\n\n<figure class=\"wp-block-image size-full is-resized\">\n  <img decoding=\"async\" src=\"https:\/\/webhosting.de\/wp-content\/uploads\/2026\/04\/mailserver-tls-guide-cipher-tips-6954.png\" alt=\"\" width=\"1536\" height=\"1024\"\/>\n<\/figure>\n\n\n<h2>DANE\u3001MTA-STS\u3001SPF\u3001DKIM\u3001DMARC\u306b\u3088\u308b\u30c8\u30e9\u30f3\u30b9\u30dd\u30fc\u30c8\u8a8d\u8a3c<\/h2>\n\n<p>\u79c1\u306fTLS\u3092 <strong>DANE<\/strong>, DNSSEC\u306e\u4e0b\u3067\u7f72\u540d\u3055\u308c\u305fTLSA\u30ec\u30b3\u30fc\u30c9\u3092\u516c\u958b\u3059\u308b\u3053\u3068\u306b\u3088\u3063\u3066\u3002\u3055\u3089\u306b\u3001MTA-STS\u3092\u8a2d\u5b9a\u3057\u3066\u3001\u79c1\u306e\u30db\u30b9\u30c8\u304cTLS\u3092\u8981\u6c42\u3057\u3066\u3044\u308b\u3053\u3068\u3068\u3001\u3069\u306eMX\u306b\u5f93\u3046\u3079\u304d\u304b\u3092\u30ea\u30e2\u30fc\u30c8\u306e\u30d4\u30a2\u306b\u77e5\u3089\u305b\u307e\u3059\u3002ID\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u306e\u305f\u3081\u306b\u3001\u79c1\u306f\u9001\u4fe1\u30e1\u30fc\u30eb\u306b <strong>\u30c7\u30a3\u30fc\u30b1\u30fc\u30a2\u30a4\u30a8\u30e0<\/strong> \u3068SPF\u30eb\u30fc\u30eb\u306b\u3088\u308b\u30bb\u30ad\u30e5\u30a2\u306a\u30c9\u30e1\u30a4\u30f3\u914d\u9001\u3092\u63d0\u4f9b\u3059\u308b\u3002\u6700\u5f8c\u306b\u3001DMARC\u306f\u53d7\u4fe1\u8005\u304c\u3069\u306e\u3088\u3046\u306b\u9038\u8131\u306b\u5bfe\u51e6\u3059\u3079\u304d\u304b\u3092\u5b9a\u7fa9\u3057\u3001\u306a\u308a\u3059\u307e\u3057\u3092\u3088\u308a\u96e3\u3057\u304f\u3057\u3066\u3044\u308b\u3002\u3053\u308c\u3089\u306e\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u306f\u9023\u643a\u3057\u3066\u6a5f\u80fd\u3059\u308b\uff1aTLS\u306f\u30c8\u30e9\u30f3\u30b9\u30dd\u30fc\u30c8\u3092\u4fdd\u8b77\u3057\u3001\u8a8d\u8a3c\u306f\u9001\u4fe1\u8005\u3092\u5f37\u5316\u3057\u3001\u914d\u4fe1\u7387\u3092\u9855\u8457\u306b\u5411\u4e0a\u3055\u305b\u308b\u3002.<\/p>\n\n<p>\u30d1\u30d5\u30a9\u30fc\u30de\u30f3\u30b9\u304c\u30dc\u30c8\u30eb\u30cd\u30c3\u30af\u306b\u306a\u3063\u3066\u3044\u308b\u5834\u5408\u306f\u3001\u30bb\u30c3\u30b7\u30e7\u30f3\u518d\u958b\u3001\u30cf\u30fc\u30c9\u30a6\u30a7\u30a2\u6a5f\u80fd\u3001\u30cf\u30f3\u30c9\u30b7\u30a7\u30a4\u30af\u305d\u306e\u3082\u306e\u3092\u6700\u9069\u5316\u3059\u308b\u3002\u5b9f\u8df5\u7684\u306a\u30c8\u30ea\u30c3\u30af\u306f <a href=\"https:\/\/webhosting.de\/ja\/tls%e3%83%8f%e3%83%b3%e3%83%89%e3%82%b7%e3%82%a7%e3%82%a4%e3%82%af%e3%81%ae%e3%83%91%e3%83%95%e3%82%a9%e3%83%bc%e3%83%9e%e3%83%b3%e3%82%b9%e3%82%92%e6%9c%80%e9%81%a9%e5%8c%96%e3%81%99%e3%82%8bquicboos\/\">TLS\u30cf\u30f3\u30c9\u30b7\u30a7\u30a4\u30af\u306e\u9ad8\u901f\u5316<\/a>, \u63a5\u7d9a\u3092\u78ba\u7acb\u3059\u308b\u969b\u306e\u5f85\u3061\u6642\u9593\u3092\u77ed\u7e2e\u3059\u308b\u3002\u91cd\u8981\uff1a\u6697\u53f7\u306e\u9078\u629e\u3068\u518d\u958b\u306e\u30d0\u30e9\u30f3\u30b9\u3092\u4fdd\u3064\u3002\u5f31\u3044\u59a5\u5354\u306f\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u9762\u3067\u5831\u308f\u308c\u306a\u3044\u304b\u3089\u3060\u3002\u8fc5\u901f\u306aTLS\u30cd\u30b4\u30b7\u30a8\u30fc\u30b7\u30e7\u30f3\u306f\u3001\u7279\u306b\u30e1\u30fc\u30eb\u91cf\u304c\u591a\u3044\u5834\u5408\u306b\u5927\u304d\u306a\u7bc0\u7d04\u3092\u3082\u305f\u3089\u3057\u307e\u3059\u3002\u3053\u306e\u65b9\u6cd5 <strong>\u30b9\u30eb\u30fc\u30d7\u30c3\u30c8<\/strong> \u3068\u5b89\u5168\u4fdd\u969c\u306e\u30d0\u30e9\u30f3\u30b9\u304c\u53d6\u308c\u3066\u3044\u308b\u3002.<\/p>\n\n<h2>\u30c6\u30b9\u30c8\u3001\u30e2\u30cb\u30bf\u30ea\u30f3\u30b0\u3001\u76e3\u67fb<\/h2>\n\n<p>\u3067\u30ed\u30fc\u30ab\u30eb\u306b\u63e1\u624b\u3092\u30c1\u30a7\u30c3\u30af\u3059\u308b\u3002 <strong>\u30aa\u30fc\u30d7\u30f3\u30b9\u30eb<\/strong> \u3092\u5b9f\u884c\u3057\u3001\u30d7\u30ed\u30c8\u30b3\u30eb\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u3001\u6697\u53f7\u3001\u8a3c\u660e\u66f8\u30c1\u30a7\u30fc\u30f3\u3092\u30c1\u30a7\u30c3\u30af\u3059\u308b\u3002\u30b3\u30de\u30f3\u30c9 <em>openssl s_client -connect mail.example.de:25 -starttls smtp<\/em> \u306f\u3001\u30ea\u30e2\u30fc\u30c8\u30b5\u30fc\u30d0\u30fc\u304c\u4f55\u3092\u30cd\u30b4\u30b7\u30a8\u30fc\u30c8\u3057\u3066\u3044\u308b\u304b\u3092\u30e9\u30a4\u30d6\u3067\u8868\u793a\u3057\u3066\u304f\u308c\u308b\u3002\u30b3\u30f3\u30d5\u30a3\u30ae\u30e5\u30ec\u30fc\u30b7\u30e7\u30f3\u3092\u5909\u66f4\u3057\u305f\u5f8c\u306f <em>\u30dd\u30b9\u30c8\u30d5\u30a3\u30c3\u30af\u30b9\u30c1\u30a7\u30c3\u30af<\/em> \u3092\u5177\u4f53\u7684\u306b\u898b\u3066\u307f\u3088\u3046\u3002 <strong>smtpd_tls_logle \u30ec\u30d9\u30eb<\/strong>, \u3092\u4f7f\u7528\u3057\u3066\u30a8\u30e9\u30fc\u30d1\u30bf\u30fc\u30f3\u3092\u5206\u96e2\u3059\u308b\u3002\u5916\u90e8\u306eTLS\u30b9\u30ad\u30e3\u30ca\u306f\u3001\u7279\u306b\u8a3c\u660e\u66f8\u306e\u5909\u66f4\u5f8c\u306b\u3001\u516c\u958b\u3055\u308c\u305f\u53ef\u8996\u6027\u3092\u5206\u985e\u3059\u308b\u306e\u306b\u5f79\u7acb\u3064\u3002\u5b9a\u671f\u7684\u306a\u76e3\u67fb\u30b5\u30a4\u30af\u30eb\u306f\u3001\u4f8b\u3048\u3070\u30e9\u30a4\u30d6\u30e9\u30ea\u306e\u5909\u66f4\u304c\u6697\u53f7\u306e\u512a\u5148\u9806\u4f4d\u306b\u5f71\u97ff\u3057\u305f\u5834\u5408\u306a\u3069\u3001\u5fcd\u3073\u5bc4\u308b\u60aa\u5316\u304b\u3089\u4fdd\u8b77\u3059\u308b\u3002.<\/p>\n\n\n<figure class=\"wp-block-image size-full is-resized\">\n  <img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/webhosting.de\/wp-content\/uploads\/2026\/04\/mailserver_tls_guide_nacht_4523.png\" alt=\"\" width=\"1536\" height=\"1024\"\/>\n<\/figure>\n\n\n<h2>\u983b\u7e41\u306a\u8a2d\u5b9a\u30df\u30b9\u3068\u8fc5\u901f\u306a\u4fee\u6b63<\/h2>\n\n<p>\u306e\u3088\u3046\u306a\u6642\u4ee3\u9045\u308c\u306e\u6697\u53f7\u3092\u3088\u304f\u76ee\u306b\u3059\u308b\u3002 <strong>AES128-SHA<\/strong>, \u306f\u307e\u3060\u6709\u52b9\u3067\u3042\u308a\u3001PFS \u3092\u9632\u3050\u3002\u53b3\u5bc6\u306a\u6697\u53f7\u6587\u5b57\u5217\u3068LOW\/MD5\/RC4\/3DES\u306e\u660e\u78ba\u306a\u30d6\u30ed\u30c3\u30af\u304c\u3053\u3053\u3067\u5f79\u7acb\u3064\u30022\u3064\u76ee\u306e\u30d1\u30bf\u30fc\u30f3\uff1a\u4e2d\u9593\u8a3c\u660e\u66f8\u304c\u898b\u3064\u304b\u3089\u306a\u3044\u305f\u3081\u3001\u30ea\u30e2\u30fc\u30c8\u30b9\u30c6\u30fc\u30b7\u30e7\u30f3\u304c\u30c1\u30a7\u30fc\u30f3\u3092\u691c\u8a3c\u3067\u304d\u306a\u3044\u3002\u30d0\u30f3\u30c9\u30eb\u30d5\u30a1\u30a4\u30eb\u3092\u8ffd\u52a0\u3057\u3066\u3001\u518d\u5ea6\u30c6\u30b9\u30c8\u3059\u308b\u3002Synology\u306e\u3088\u3046\u306a\u30a2\u30d7\u30e9\u30a4\u30a2\u30f3\u30b9\u3067\u306f\u3001TLS\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u3092\u6700\u65b0\u306b\u8a2d\u5b9a\u3057\u3001SMTP\u30b5\u30fc\u30d0\u30fc\u304c\u6700\u65b0\u3092\u8a71\u3059\u3088\u3046\u306b\u30ec\u30ac\u30b7\u30fc\u30aa\u30d7\u30b7\u30e7\u30f3\u3092\u524a\u9664\u3059\u308b\u3002Microsoft Exchange\u306e\u5834\u5408\u3001\u7279\u306bTLS 1.2\/1.3\u30dd\u30ea\u30b7\u30fc\u3001\u30b3\u30cd\u30af\u30bf\u3054\u3068\u306e\u8a3c\u660e\u66f8\u5272\u308a\u5f53\u3066\u3001\u30db\u30b9\u30c8\u8a2d\u5b9a\u306e\u6697\u53f7\u30aa\u30fc\u30d0\u30fc\u30e9\u30a4\u30c9\u3092\u30c1\u30a7\u30c3\u30af\u3057\u3001SMTP\u30b5\u30fc\u30d0\u30fc\u304c\u30e2\u30c0\u30f3\u3092\u8a71\u3059\u3088\u3046\u306b\u3057\u307e\u3059\u3002 <strong>\u63e1\u624b<\/strong>-\u30bb\u30ec\u30af\u30b7\u30e7\u30f3\u306f\u6b63\u3057\u3044\u3002.<\/p>\n\n<h2>\u30d7\u30ec\u30d3\u30e5\u30fcTLS 1.3\u30010-RTT\u3001\u30dd\u30b9\u30c8\u91cf\u5b50<\/h2>\n\n<p>\u79c1\u306fTLS 1.3\u306e\u65b9\u304c\u597d\u304d\u3060\u3002\u30cf\u30f3\u30c9\u30b7\u30a7\u30a4\u30af\u304c\u77ed\u304f\u306a\u308a\u3001\u53e4\u3044\u30aa\u30d7\u30b7\u30e7\u30f3\u304c\u7701\u7565\u3055\u308c\u3066\u653b\u6483\u5bfe\u8c61\u304c\u6e1b\u308b\u304b\u3089\u3060\u3002\u30cf\u30f3\u30c9\u30b7\u30a7\u30a4\u30af\u306e <strong>\u6697\u53f7<\/strong> \u30ea\u30d7\u30ec\u30a4\u653b\u6483\u306f\u4e0d\u5fc5\u8981\u306a\u30ea\u30b9\u30af\u3092\u3082\u305f\u3089\u3059\u306e\u3067\u3001\u79c1\u306fSMTP\u30b3\u30f3\u30c6\u30ad\u30b9\u30c8\u3067\u306f0-RTT\u3092\u4f7f\u7528\u3057\u306a\u3044\u3002\u5c06\u6765\u7684\u306b\u306f\u3001\u6a19\u6e96\u5316\u3068\u30b5\u30dd\u30fc\u30c8\u304c\u6210\u719f\u3057\u6b21\u7b2c\u3001\u30e1\u30fc\u30eb\u74b0\u5883\u306b\u3082\u5c0e\u5165\u3055\u308c\u308b\u53ef\u80fd\u6027\u306e\u3042\u308b\u30cf\u30a4\u30d6\u30ea\u30c3\u30c9\u30dd\u30b9\u30c8\u30af\u30a9\u30f3\u30bf\u30e0\u30d7\u30ed\u30b7\u30fc\u30b8\u30e3\u306b\u6ce8\u76ee\u3057\u3066\u3044\u308b\u3002\u65b0\u3057\u3044\u624b\u7d9a\u304d\u3092\u5f8c\u3067\u6df7\u4e71\u306a\u304f\u7d71\u5408\u3067\u304d\u308b\u3088\u3046\u306b\u3001\u30dd\u30ea\u30b7\u30fc\u3068\u76e3\u8996\u3092\u8a2d\u5b9a\u3059\u308b\u3053\u3068\u304c\u91cd\u8981\u3067\u3042\u308b\u3053\u3068\u306b\u5909\u308f\u308a\u306f\u306a\u3044\u3002.<\/p>\n\n\n<figure class=\"wp-block-image size-full is-resized\">\n  <img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/webhosting.de\/wp-content\/uploads\/2026\/04\/mailserver_tls_guide_7492.png\" alt=\"\" width=\"1536\" height=\"1024\"\/>\n<\/figure>\n\n\n<h2>\u30d1\u30d5\u30a9\u30fc\u30de\u30f3\u30b9\u3068\u7d0d\u54c1\u7387\u304c\u4e00\u76ee\u3067\u308f\u304b\u308b<\/h2>\n\n<p>\u3092\u6e2c\u5b9a\u3059\u308b\u3002 <strong>\u30ec\u30a4\u30c6\u30f3\u30b7\u30fc<\/strong> \u306eTLS\u30cf\u30f3\u30c9\u30b7\u30a7\u30a4\u30af\u3068\u3001\u518d\u5229\u7528\u3092\u53ef\u80fd\u306b\u3059\u308b\u30ad\u30e3\u30c3\u30b7\u30e5\u306e\u6700\u9069\u5316\u3002\u30bb\u30c3\u30b7\u30e7\u30f3\u518d\u958b(\u30c1\u30b1\u30c3\u30c8\/ID)\u306f\u3001\u8a08\u7b97\u8ca0\u8377\u3092\u8efd\u6e1b\u3057\u3001MTA\u9593\u306e\u7e70\u308a\u8fd4\u3057\u63a5\u7d9a\u3092\u9ad8\u901f\u5316\u3059\u308b\u3002\u8a3c\u660e\u66f8\u306e\u5931\u52b9\u306b\u3064\u3044\u3066\u306f\u3001\u5229\u7528\u53ef\u80fd\u3067\u3042\u308c\u3070\u3001\u30a2\u30c3\u30d7\u30b9\u30c8\u30ea\u30fc\u30e0\u30d7\u30ed\u30ad\u30b7\u3067\u306e\u30b9\u30bf\u30c3\u30ab\u30d6\u30eb\u60c5\u5831\u306b\u4f9d\u5b58\u3057\u3001\u8ffd\u52a0\u306e\u30a2\u30af\u30bb\u30b9\u3092\u7bc0\u7d04\u3059\u308b\u3002\u5927\u53e3\u306e\u53d7\u4fe1\u8005\u306f\u5b89\u5168\u306a\u30c8\u30e9\u30f3\u30b9\u30dd\u30fc\u30c8\u3092\u597d\u610f\u7684\u306b\u8a55\u4fa1\u3059\u308b\u305f\u3081\u3001\u914d\u4fe1\u7387\u304c\u5411\u4e0a\u3059\u308b\u304c\u3001\u5b89\u5168\u3067\u306a\u3044\u30d1\u30b9\u306f\u30b9\u30d1\u30e0\u3084\u62d2\u7d76\u306e\u30ea\u30b9\u30af\u3092\u5897\u5927\u3055\u305b\u308b\u3002\u660e\u78ba\u306aTLS\u30dd\u30ea\u30b7\u30fc\u3001\u78ba\u5b9f\u306aDNS\u30a8\u30f3\u30c8\u30ea\u30fc\u3001\u30af\u30ea\u30fc\u30f3\u306a\u7f72\u540d\u30c1\u30a7\u30fc\u30f3\u306b\u3088\u308a\u3001\u79c1\u306f\u4ee5\u4e0b\u306e\u3088\u3046\u306a\u4fe1\u983c\u3067\u304d\u308b\u57fa\u76e4\u3092\u69cb\u7bc9\u3057\u3066\u3044\u308b\u3002 <strong>\u914d\u9054\u53ef\u80fd\u6027<\/strong>.<\/p>\n\n<h2>\u79c1\u306e\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7\u30fb\u30b9\u30b1\u30b8\u30e5\u30fc\u30eb<\/h2>\n\n<p>\u307e\u305a\u4fe1\u983c\u3067\u304d\u308bCA\u304b\u3089\u8a3c\u660e\u66f8\u3092\u53d6\u5f97\u3057\u3001ECDSA\u3068RSA\u3092\u751f\u6210\u3057\u3066\u3001\u305d\u306e\u4e21\u65b9\u3092\u30db\u30b9\u30c8\u306b\u304d\u308c\u3044\u306b\u4fdd\u5b58\u3057\u307e\u3059\u3002\u305d\u308c\u304b\u3089 <strong>\u30e1\u30a4\u30f3CF<\/strong> \u3092 TLS \u30d1\u30e9\u30e1\u30fc\u30bf\u30fc\u3067\u8a2d\u5b9a\u3057\u3001\u5f37\u529b\u306a\u6697\u53f7\u3092\u8a2d\u5b9a\u3057\u3001\u53e4\u3044\u30d7\u30ed\u30c8\u30b3\u30eb\u3092\u7121\u52b9\u306b\u3059\u308b\u30024096\u30d3\u30c3\u30c8\u306e\u65b0\u3057\u3044DH\u30d5\u30a1\u30a4\u30eb\u3092\u8ffd\u52a0\u3057\u3001\u30ea\u30ed\u30fc\u30c9\u3057\u3066\u6700\u521d\u306eOpenSSL\u30c1\u30a7\u30c3\u30af\u3092\u884c\u3044\u307e\u3059\u3002\u305d\u306e\u5f8c\u3001DANE\u3092\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7\u3057\u3001MTA-STS\u3092\u8ffd\u52a0\u3057\u3001SPF\/DKIM\/DMARC\u306e\u6709\u52b9\u6027\u3092\u691c\u8a3c\u3059\u308b\u3002\u6700\u5f8c\u306b\u3001\u5916\u90e8\u30bf\u30fc\u30b2\u30c3\u30c8\u306b\u5bfe\u3057\u3066\u30c6\u30b9\u30c8\u3092\u5b9f\u884c\u3057\u3001\u904b\u7528\u4e2d\u306e\u30ed\u30b0\u3092\u30c1\u30a7\u30c3\u30af\u3057\u3001\u5b9a\u671f\u7684\u306a\u76e3\u67fb\u3092\u30b9\u30b1\u30b8\u30e5\u30fc\u30eb\u3057\u3066 <strong>\u69cb\u6210<\/strong> \u306f\u9577\u671f\u7684\u306b\u5b89\u5b9a\u3057\u3066\u3044\u308b\u3002.<\/p>\n\n\n<figure class=\"wp-block-image size-full is-resized\">\n  <img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/webhosting.de\/wp-content\/uploads\/2026\/04\/tls-einstellungen-leitfaden-8421.png\" alt=\"\" width=\"1536\" height=\"1024\"\/>\n<\/figure>\n\n\n<h2>\u6b20\u843d\u30e2\u30b8\u30e5\u30fc\u30eb\uff1aSubmission\u3001SMTPS\u3001SNI<\/h2>\n\n<p>\u30dd\u30fc\u30c825\u3060\u3051\u3067\u306a\u304f\u3001\u30b5\u30d6\u30df\u30c3\u30b7\u30e7\u30f3\uff08587\uff09\u3084\u30aa\u30d7\u30b7\u30e7\u30f3\u3067SMTPS\uff08465\uff09\u3082\u30bb\u30ad\u30e5\u30a2\u306b\u3057\u3066\u3044\u307e\u3059\u3002\u9001\u4fe1\u306b\u95a2\u3057\u3066\u306f\u3001\u6697\u53f7\u5316\u3068\u8a8d\u8a3c\u3092\u5f37\u5236\u3057\u3001\u30e6\u30fc\u30b6\u30fc\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u304c\u5e73\u6587\u3067\u9001\u4fe1\u3055\u308c\u308b\u3053\u3068\u304c\u306a\u3044\u3088\u3046\u306b\u3057\u3066\u3044\u307e\u3059\u3002\u307e\u305f <em>master.cf<\/em> \u79c1\u306f\u30b5\u30fc\u30d3\u30b9\u3092\u6709\u52b9\u5316\u3057\u3001\u7279\u5b9a\u306e\u30aa\u30fc\u30d0\u30fc\u30e9\u30a4\u30c9\u3092\u8a2d\u5b9a\u3059\u308b\uff1a<\/p>\n\n<pre><code>STARTTLS\u3068\u8a8d\u8a3c\u7fa9\u52d9\u3092\u6301\u3064#\u30b5\u30d6\u30df\u30c3\u30b7\u30e7\u30f3(\u30dd\u30fc\u30c8587)\n\u30b5\u30d6\u30df\u30c3\u30b7\u30e7\u30f3 inet n - y - - smtpd\n  -o syslog_name=postfix\/submission\n  -o smtpd_tls_security_level=encrypt\n  -o smtpd_tls_auth_only=yes\n  -o smtpd_sasl_auth_enable=yes\n  -o milter_macro_daemon_name=ORIGINATING\n\n# SMTPS(\u30dd\u30fc\u30c8465)\u3092\u30e9\u30c3\u30d1\u30fc\u30e2\u30fc\u30c9\u306b\u3059\u308b(\u5fc5\u8981\u306a\u5834\u5408)\nsmtps inet n - y - - smtpd\n  -o syslog_name=postfix\/smtps\n  -o smtpd_tls_wrappermode=yes\n  -o smtpd_sasl_auth_enable=yes\n  -o milter_macro_daemon_name=ORIGINATING\n<\/code><\/pre>\n\n<p>1\u3064\u306e\u30db\u30b9\u30c8\u3067\u8907\u6570\u306e\u30e1\u30fc\u30eb\u30fb\u30c9\u30e1\u30a4\u30f3\u306b\u72ec\u81ea\u306e\u8a3c\u660e\u66f8\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\u306f\u3001\u6b21\u306e\u3088\u3046\u306b\u3057\u307e\u3059\u3002 <strong>\u30a8\u30b9\u30a8\u30cc\u30a2\u30a4<\/strong>. .SNI\u30de\u30c3\u30d7\u3092\u4f7f\u7528\u3057\u3066\u3001\u5404\u30bf\u30fc\u30b2\u30c3\u30c8\u30db\u30b9\u30c8\u306b\u9069\u5207\u306a\u8a3c\u660e\u66f8\u30d1\u30b9\u3092\u5272\u308a\u5f53\u3066\u3001MUA\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306b\u3082\u6b63\u3057\u3044\u8a3c\u660e\u66f8\u304c\u8868\u793a\u3055\u308c\u308b\u3088\u3046\u306b\u3057\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u3088\u3046\u306b\u3057\u3066\u3001\u4e00\u8cab\u3057\u305fTLS ID\u3067\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3092\u5206\u96e2\u3057\u3066\u3044\u308b\u3002.<\/p>\n\n<h2>\u30c9\u30e1\u30a4\u30f3\u5358\u4f4d\u306e\u30dd\u30ea\u30b7\u30fc\uff1a\u304d\u3081\u7d30\u304b\u306a\u5236\u5fa1<\/h2>\n\n<p>\u30b0\u30ed\u30fc\u30d0\u30eb\u30fb\u30dd\u30ea\u30b7\u30fc\u306b\u52a0\u3048\u3001\u79c1\u306f\u6b21\u306e\u3088\u3046\u306a\u7ba1\u7406\u3082\u884c\u3063\u3066\u3044\u308b\u3002 <strong>smtp_tls_policy_maps<\/strong> \u53d7\u4fe1\u8005\u30c9\u30e1\u30a4\u30f3\u3054\u3068\u306e\u4f8b\u5916\u3068\u53b3\u683c\u5316\u3002\u3053\u308c\u306b\u3088\u308a\u3001\u30ec\u30ac\u30b7\u30fc\u30d1\u30fc\u30c8\u30ca\u30fc\u3092\u5f90\u3005\u306b\u79fb\u884c\u3055\u305b\u305f\u308a\u3001\u6a5f\u5bc6\u6027\u306e\u9ad8\u3044\u30bf\u30fc\u30b2\u30c3\u30c8\u306b\u7279\u306b\u53b3\u3057\u3044\u8981\u4ef6\u3092\u8ab2\u3059\u3053\u3068\u304c\u3067\u304d\u308b\u3002.<\/p>\n\n<pre><code># main.cf\nsmtp_tls_policy_maps = hash:\/etc\/postfix\/tls_policy\n\n# \/etc\/postfix\/tls_policy (\u30a8\u30f3\u30c8\u30ea\u4f8b)\nexample.org dane-only\nlegacy.example.net may\nsecure.example.com secure\n<\/code><\/pre>\n\n<p><em>\u30c7\u30fc\u30f3\u30aa\u30f3\u30ea\u30fc<\/em> \u306f\u3001CA\u306b\u4f9d\u5b58\u3059\u308b\u3053\u3068\u306a\u304fDANE\u4fdd\u8b77\u3092\u5b9f\u65bd\u3059\u308b\u3001, <em>\u30bb\u30ad\u30e5\u30a2<\/em> \u306f\u6709\u52b9\u306aCA\u30c1\u30a7\u30fc\u30f3\u3092\u8981\u6c42\u3057\u3001\u30d7\u30ec\u30fc\u30f3\u30c6\u30ad\u30b9\u30c8\u306e\u914d\u4fe1\u3092\u62d2\u5426\u3059\u308b\u3001, <em>\u304b\u3082\u3057\u308c\u306a\u3044<\/em> \u3054\u90fd\u5408\u4e3b\u7fa9\u306e\u307e\u307e\u3002\u5909\u66f4\u5f8c\u3001\u79c1\u306f <em>\u30dd\u30b9\u30c8\u30de\u30c3\u30d7<\/em> \u3092\u5b9f\u884c\u3057\u3001Postfix\u3092\u30ea\u30ed\u30fc\u30c9\u3059\u308b\u3002.<\/p>\n\n<h2>DANE\u3068MTA-STS\uff1a\u5177\u4f53\u7684\u306a\u5b9f\u88c5<\/h2>\n\n<p>\u306e\u305f\u3081\u306b <strong>DANE<\/strong> DNSSEC\u3067TLSA\u30ec\u30b3\u30fc\u30c9\u3092\u516c\u958b\u3057\u3066\u3044\u308b\u3002\u79c1\u306fDANE-EE (3 1 1)\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3092\u597d\u3080\u304c\u3001\u305d\u308c\u306f\u516c\u958b\u9375\u3078\u306e\u30d4\u30f3\u7559\u3081\u3092\u53ef\u80fd\u306b\u3057\u3001\u540c\u3058\u9375\u3067\u306e\u8a3c\u660e\u66f8\u306e\u5909\u66f4\u3092\u5bb9\u6613\u306b\u3059\u308b\u304b\u3089\u3067\u3042\u308b\u3002TLSA\u30ec\u30b3\u30fc\u30c9\u306e\u4f8b <em>_25._tcp.mail.example.de<\/em> \u3053\u3093\u306a\u611f\u3058\u3060\uff1a<\/p>\n\n<pre><code>_25._tcp.mail.example.de.IN TLSA 3 1 1 .\n<\/code><\/pre>\n\n<p>ECDSA\u307e\u305f\u306fRSA\u8a3c\u660e\u66f8\u304b\u3089\u30cf\u30c3\u30b7\u30e5\u3092\u751f\u6210\u3057\u3001\u6709\u52b9\u671f\u9650\u304c\u5207\u308c\u308b\u524d\u306b\u30ed\u30fc\u30c6\u30fc\u30b7\u30e7\u30f3\u3059\u308b\u3088\u3046\u306b\u3057\u3066\u3044\u307e\u3059\u3002DNS\u30be\u30fc\u30f3\u304c\u7f72\u540d\u3055\u308c\u3001\u59d4\u4efb\u306e\u30c1\u30a7\u30fc\u30f3\u304c\u9699\u9593\u306a\u304f\u691c\u8a3c\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u304c\u91cd\u8981\u3067\u3059\u3002.<\/p>\n\n<p>\u306e\u305f\u3081\u306b <strong>MTA-STS<\/strong> \u30dd\u30ea\u30b7\u30fc\u30d5\u30a1\u30a4\u30eb\u3092HTTPS\u3067\u30db\u30b9\u30c8\u3057\u3001TXT DNS\u30a8\u30f3\u30c8\u30ea\u30fc\u3092\u8ffd\u52a0\u3059\u308b\u3002\u3053\u3046\u3059\u308b\u3053\u3068\u3067\u3001\u30ea\u30e2\u30fc\u30c8\u306e\u30d4\u30a2\u304cTLS\u3092\u8a71\u3057\u3001\u5b9a\u7fa9\u3055\u308c\u305fMX\u3067\u306e\u307f\u53d7\u3051\u5165\u308c\u3089\u308c\u308b\u3088\u3046\u306b\u6307\u5b9a\u3057\u307e\u3059\u3002\u6700\u5c0f\u9650\u306e\u30dd\u30ea\u30b7\u30fc\u30d5\u30a1\u30a4\u30eb<\/p>\n\n<pre><code>\u30d0\u30fc\u30b8\u30e7\u30f3: STSv1\n\u30e2\u30fc\u30c9\uff1a\u5f37\u5236\nmx: mail.example.de\n\u6700\u5927\u5e74\u9f62: 604800\n<\/code><\/pre>\n\n<p>TXT\u30a8\u30f3\u30c8\u30ea\u30fc\u306f\u3001DNS\u306e <em>_mta-sts.example.de<\/em> \u73fe\u5728\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u3067\u3002\u30aa\u30d7\u30b7\u30e7\u30f3\u3067 <em>TLS-RPT<\/em> TXT\u7d4c\u7531 <em>_smtp._tls.example.de<\/em> \u30dd\u30ea\u30b7\u30fc\u9055\u53cd\u306b\u95a2\u3059\u308b\u30ec\u30dd\u30fc\u30c8\u3092\u53d7\u3051\u53d6\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002\u3053\u306e\u9060\u9694\u6e2c\u5b9a\u306f\u3001\u969c\u5bb3\u3001\u683c\u4e0b\u3052\u3001\u6b20\u9665\u306e\u3042\u308b\u8a3c\u660e\u66f8\u3092\u65e9\u3044\u6bb5\u968e\u3067\u8a8d\u8b58\u3059\u308b\u306e\u306b\u5f79\u7acb\u3064\u3002.<\/p>\n\n<h2>\u30d7\u30ed\u30c8\u30b3\u30eb\u306e\u53b3\u683c\u5316\u3001\u6697\u53f7\u306e\u6307\u5b9a<\/h2>\n\n<p>\u30d7\u30ed\u30c8\u30b3\u30eb\u306e\u5236\u9650\u3092\u53b3\u3057\u304f\u3057\u3001\u30b5\u30fc\u30d0\u30fc\u306e\u512a\u5148\u9806\u4f4d\u3092\u5f37\u5236\u3059\u308b\u3002TLS 1.0\/1.1\u306f\u73fe\u5728\u3067\u306f\u4e0d\u8981\u3067\u3042\u308b\u3002 TLS 1.2\u30681.3\u306f\u6df1\u304f\u3001\u304b\u3064\u767a\u4fe1\u30d9\u30fc\u30b9\u3067\u306e\u307f\u8a31\u53ef\u3057\u3066\u3044\u308b\u3002 TLS 1.2\u306b\u3064\u3044\u3066\u306f\u3001\u53e4\u3044\u6697\u53f7\u306e\u6df7\u5408\u30b9\u30c8\u30c3\u30af\u3092\u9664\u5916\u3059\u308b\u305f\u3081\u306b\u3001\u660e\u793a\u7684\u306a\u30dd\u30b8\u30c6\u30a3\u30d6\u30ea\u30b9\u30c8\u3092\u5b9a\u7fa9\u3057\u3066\u3044\u308b\uff1a<\/p>\n\n<pre><code># \u8ffd\u52a0\u306e\u30cf\u30fc\u30c9\u30cb\u30f3\u30b0 (main.cf)\nsmtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1\nsmtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1\nsmtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1\nsmtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1\n\n# \u660e\u793a\u7684\u306a TLS 1.2 \u6697\u53f7\u30ea\u30b9\u30c8\uff08PFS + AEAD \u306e\u307f\uff09\ntls_high_cipherlist = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:!MD5:!RC4:!3DES:!CAMELLIA\n\n# \u30b5\u30fc\u30d0\u30fc\u306e\u512a\u5148\u9806\u4f4d\u3092\u4f7f\u7528\u3059\u308b\ntls_preempt_cipherlist = yes\n<\/code><\/pre>\n\n<p>ECDHE\u304c\u512a\u5148\u3055\u308c\u3001DHE\u306f\u30d5\u30a9\u30fc\u30eb\u30d0\u30c3\u30af\u306b\u904e\u304e\u306a\u3044\u3002TLS 1.3\u3067\u306f\u3001DH\u30d5\u30a1\u30a4\u30eb\u306f\u5f79\u5272\u3092\u679c\u305f\u3057\u307e\u305b\u3093\u304c\u3001\u307e\u308c\u306bDHE\u3092\u4f7f\u7528\u3059\u308b\u3068\u304d\u306b\u306f\u4fbf\u5229\u3067\u3059\u3002.<\/p>\n\n<h2>\u30bb\u30c3\u30b7\u30e7\u30f3\u306e\u518d\u958b\u3068\u30ad\u30e3\u30c3\u30b7\u30e5<\/h2>\n\n<p>\u30b9\u30d4\u30fc\u30c9\u30a2\u30c3\u30d7\u306e\u305f\u3081\u306b\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3068\u30b5\u30fc\u30d0\u30fc\u306e\u30bb\u30c3\u30b7\u30e7\u30f3\u30ad\u30e3\u30c3\u30b7\u30e5\u3092\u6709\u52b9\u306b\u3057\u3066\u3001\u518d\u63a5\u7d9a\u3092\u3088\u308a\u6709\u5229\u306b\u3057\u3066\u3044\u307e\u3059\u3002CPU\u306e\u8ca0\u8377\u3068\u5f85\u3061\u6642\u9593\u306f\u3001\u7279\u306b\u30e1\u30fc\u30eb\u306e\u30b9\u30eb\u30fc\u30d7\u30c3\u30c8\u304c\u9ad8\u3044\u5834\u5408\u306b\u9855\u8457\u306b\u6e1b\u5c11\u3057\u307e\u3059\uff1a<\/p>\n\n<pre><code># \u30bb\u30c3\u30b7\u30e7\u30f3\u30ad\u30e3\u30c3\u30b7\u30e5 (main.cf)\nsmtpd_tls_session_cache_database = btree:\/var\/lib\/postfix\/smtpd_scache\nsmtp_tls_session_cache_database = btree:\/var\/lib\/postfix\/smtp_scache\nsmtp_tls_connection_reuse = yes\n<\/code><\/pre>\n\n<p>\u79c1\u306f\u30ed\u30b0\u3067\u30d2\u30c3\u30c8\u7387\u3092\u76e3\u8996\u3057\u3001\u77ed\u3059\u304e\u308b\u3082\u306e\u304c\u306a\u3044\u3053\u3068\u3092\u78ba\u8a8d\u3057\u3066\u3044\u308b\u3002 <em>\u30c1\u30b1\u30c3\u30c8\u6709\u52b9\u671f\u9650<\/em> \u3092TLS\u30e9\u30a4\u30d6\u30e9\u30ea\u306b\u8ffd\u52a0\u3059\u308b\u3053\u3068\u3067\u3001\u518d\u958b\u3092\u9045\u304f\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u308b\u3002\u91cd\u8981\uff1a\u518d\u958b\u306f\u30dd\u30ea\u30b7\u30fc\u3092\u5f31\u3081\u308b\u3082\u306e\u3067\u3042\u3063\u3066\u306f\u306a\u3089\u306a\u3044\u3002.<\/p>\n\n<h2>\u8a8d\u5b9a\u4f1a\u793e\uff1a\u30ed\u30fc\u30c6\u30fc\u30b7\u30e7\u30f3\u3068\u30c1\u30a7\u30fc\u30f3\u30e1\u30f3\u30c6\u30ca\u30f3\u30b9<\/h2>\n\n<p>\u79c1\u306fMTA\u306e\u66f4\u65b0\u3068\u518d\u30ed\u30fc\u30c9\u3092\u81ea\u52d5\u5316\u3057\u3001\u671f\u9650\u5207\u308c\u306e\u8a3c\u660e\u66f8\u304c\u904b\u7528\u3055\u308c\u306a\u3044\u3088\u3046\u306b\u3057\u3066\u3044\u308b\u3002\u66f4\u65b0\u306e\u305f\u3073\u306b\u3001\u30ea\u30fc\u30d5\u8a3c\u660e\u66f8\u3068\u4e2d\u9593\u8a3c\u660e\u66f8\u304c\u5b8c\u5168\u306b\u30d0\u30f3\u30c9\u30eb\u3055\u308c\u3066\u3044\u308b\u304b\u3069\u3046\u304b\u3092\u30c1\u30a7\u30c3\u30af\u3059\u308b\u3002ECDSA\/RSA\u306e\u4e8c\u91cd\u904b\u7528\u306e\u5834\u5408\u306f\u3001\u5927\u91cf\u306e\u5909\u66f4\u306b\u3088\u3063\u3066\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306b\u554f\u984c\u304c\u767a\u751f\u3059\u308b\u524d\u306b\u3001\u4e21\u65b9\u306e\u30da\u30a2\u304c\u30ed\u30fc\u30c6\u30fc\u30b7\u30e7\u30f3\u3057\u3066\u3044\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3059\u308b\u3002MUA\u306fMTA\u3068\u306f\u7570\u306a\u308b\u30a8\u30e9\u30fc\u30d1\u30bf\u30fc\u30f3\u3092\u793a\u3059\u53ef\u80fd\u6027\u304c\u3042\u308b\u305f\u3081\u3001SNI\u30d1\u30b9\u3068\u30b5\u30d6\u30df\u30c3\u30b7\u30e7\u30f3\u3092\u5225\u3005\u306b\u30c6\u30b9\u30c8\u3057\u3066\u3044\u308b\u3002.<\/p>\n\n<h2>\u30ed\u30ae\u30f3\u30b0\u3068\u8a3a\u65ad\u306e\u5f37\u5316<\/h2>\n\n<p>\u79c1\u306f\u554f\u984c\u304c\u767a\u751f\u3057\u305f\u3068\u304d\u306b\u4e00\u6642\u7684\u306b\u30ed\u30b0\u306e\u6df1\u3055\u3092\u5897\u3084\u3057\u3001\u30af\u30ed\u30b9\u30c1\u30a7\u30c3\u30af\u306e\u305f\u3081\u306b\u30aa\u30f3\u30dc\u30fc\u30c9\u30c4\u30fc\u30eb\u3092\u4f7f\u7528\u3059\u308b\uff1a<\/p>\n\n<pre><code>#\u3092\u5bfe\u8c61\u3068\u3057\u305f\u30ed\u30ae\u30f3\u30b0 (main.cf)\nsmtp_tls_logle \u30ec\u30d9\u30eb = 1\nsmtp_tls_note_starttls_offer = yes\n<\/code><\/pre>\n\n<p>\u3068\u4e00\u7dd2\u306b <em>posttls-finger target.example.com<\/em> \u30ea\u30e2\u30fc\u30c8MTA\u304c\u3069\u306e\u30dd\u30ea\u30b7\u30fc\u3092\u671f\u5f85\u3057\u3001\u3069\u306e\u6697\u53f7\/\u30d7\u30ed\u30c8\u30b3\u30eb\u304c\u30cd\u30b4\u30b7\u30a8\u30fc\u30c8\u3055\u308c\u3066\u3044\u308b\u304b\u3092\u30c1\u30a7\u30c3\u30af\u3059\u308b\u3002\u79c1\u306f <em>postconf -n | grep tls<\/em>, \u660e\u793a\u7684\u306b\u8a2d\u5b9a\u3055\u308c\u305fTLS\u30d1\u30e9\u30e1\u30fc\u30bf\u30fc\u3060\u3051\u3092\u898b\u308b\u3053\u3068\u304c\u3067\u304d\u308b\u3002\u3053\u306e\u65b9\u6cd5\u306a\u3089\u3001\u30c7\u30d5\u30a9\u30eb\u30c8\u304b\u3089\u306e\u9038\u8131\u3092\u3088\u308a\u8fc5\u901f\u306b\u898b\u3064\u3051\u308b\u3053\u3068\u304c\u3067\u304d\u308b\u3002\u30ed\u30b0\u3067\u306f\u3001\u6b21\u306e\u3088\u3046\u306a\u7528\u8a9e\u3092\u691c\u7d22\u3057\u3066\u3044\u308b\u3002 <em>\u5171\u6709\u6697\u53f7\u306a\u3057<\/em>, <em>\u8a3c\u660e\u66f8\u306e\u691c\u8a3c\u306b\u5931\u6557\u3057\u307e\u3057\u305f<\/em> \u6216\u3044\u306f <em>\u30d7\u30ed\u30c8\u30b3\u30eb\u30d0\u30fc\u30b8\u30e7\u30f3<\/em>, \u3053\u308c\u306f\u3001\u6697\u53f7\u306e\u4e0d\u4e00\u81f4\u3001\u30c1\u30a7\u30fc\u30f3\u306e\u554f\u984c\u3001\u30d7\u30ed\u30c8\u30b3\u30eb\u306e\u5236\u9650\u304c\u53b3\u3057\u3059\u304e\u305f\u308a\u7de9\u3059\u304e\u305f\u308a\u3059\u308b\u3053\u3068\u3092\u76f4\u63a5\u793a\u3057\u3066\u3044\u308b\u3002.<\/p>\n\n<h2>\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3092\u72a0\u7272\u306b\u3059\u308b\u3053\u3068\u306a\u304f\u4e92\u63db\u6027\u3092\u7ba1\u7406<\/h2>\n\n<p>\u79c1\u306f\u610f\u8b58\u7684\u306b\u30c8\u30e9\u30f3\u30b8\u30b7\u30e7\u30f3\u3092\u8a08\u753b\u3057\u3066\u3044\u308b\u3002 <em>\u304b\u3082\u3057\u308c\u306a\u3044<\/em>, \u30ec\u30ac\u30b7\u30fc\u30b5\u30fc\u30d0\u30fc\u304b\u3089\u306e\u30e1\u30fc\u30eb\u304c\u3059\u3079\u3066\u5931\u308f\u308c\u308b\u306e\u3092\u907f\u3051\u308b\u305f\u3081\u3001\u30d7\u30ec\u30fc\u30f3\u30c6\u30ad\u30b9\u30c8\u306e\u914d\u4fe1\u3092\u8a18\u9332\u3057\u3066\u3044\u307e\u3059\u3002\u9001\u4fe1\u306f\u53b3\u5bc6\u306a\u307e\u307e\uff08DANE\/MTA-STS\/secure\uff09\u306b\u3057\u3066\u3044\u307e\u3059\u3002 <em>smtp_tls_policy_maps<\/em> \u500b\u3005\u306e\u30b1\u30fc\u30b9\u306b\u3064\u3044\u3066\u3082\u3057\u500b\u3005\u306e\u30d1\u30fc\u30c8\u30ca\u30fc\u304cAES-GCM\u3067TLS 1.2\u3057\u304b\u7ba1\u7406\u3067\u304d\u306a\u3044\u306e\u3067\u3042\u308c\u3070\u3001\u3053\u308c\u306f\u8a31\u5bb9\u7bc4\u56f2\u3067\u3059\u3002\u79c1\u306f\u3053\u308c\u4ee5\u4e0b\u306e\u3082\u306e\u306f\u3059\u3079\u3066\u3001\u9650\u3089\u308c\u305f\u30e9\u30f3\u30bf\u30a4\u30e0\u3067\u5408\u610f\u3055\u308c\u305f\u4f8b\u5916\u306b\u3088\u3063\u3066\u7ba1\u7406\u3057\u3001\u6587\u66f8\u5316\u3057\u3066\u79fb\u884c\u8a08\u753b\u306b\u542b\u3081\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u306b\u3088\u308a\u3001\u696d\u52d9\u3092\u59a8\u3052\u308b\u3053\u3068\u306a\u304f\u3001\u5168\u4f53\u306e\u30ec\u30d9\u30eb\u3092\u9ad8\u304f\u4fdd\u3064\u3053\u3068\u304c\u3067\u304d\u308b\u3002.<\/p>\n\n<h2>\u30b7\u30b9\u30c6\u30e0\u306eTLS\u30c7\u30d5\u30a9\u30eb\u30c8\u4e00\u89a7<\/h2>\n\n<p>Postfix\u306f\u30b7\u30b9\u30c6\u30e0\u306eTLS\u30e9\u30a4\u30d6\u30e9\u30ea\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u3053\u3068\u306b\u6ce8\u610f\u3057\u3066\u304f\u3060\u3055\u3044\u3002OpenSSL\/LibreSSL\u306e\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u306b\u3088\u308a\u3001\u6697\u53f7\u306e\u512a\u5148\u9806\u4f4d\u3084TLS 1.3\u306e\u52d5\u4f5c\u304c\u5909\u66f4\u3055\u308c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u305d\u306e\u305f\u3081\u3001\u30b7\u30b9\u30c6\u30e0\u306e\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u5f8c\u306f\u3001\u30e9\u30f3\u30c0\u30e0\u306b\u30cf\u30f3\u30c9\u30b7\u30a7\u30a4\u30af\u3092\u30c1\u30a7\u30c3\u30af\u3057 <em>\u30dd\u30b9\u30c8\u30b3\u30f3\u30d5 -n<\/em> \u3092\u76ee\u6a19\u5024\u3067\u8a2d\u5b9a\u3057\u305f\u3002A\u30bb\u30c3\u30c8 <em>\u4e92\u63db\u6027\u30ec\u30d9\u30eb<\/em> \u306f\u5b89\u5b9a\u3057\u305f\u30c7\u30d5\u30a9\u30eb\u30c8\u3092\u7dad\u6301\u3059\u308b\u306e\u306b\u5f79\u7acb\u3061\u307e\u3059\u304c\u3001\u79c1\u306f\u76f2\u76ee\u7684\u306b\u3053\u308c\u306b\u983c\u3089\u305a\u3001main.cf\/master.cf\u3067\u660e\u793a\u7684\u306b\u9038\u8131\u3092\u6587\u66f8\u5316\u3057\u3066\u3044\u307e\u3059\u3002.<\/p>\n\n<h2>\u7ba1\u7406\u8005\u5411\u3051\u6982\u8981<\/h2>\n\n<p>PFS\u306b\u3088\u308b\u5f37\u529b\u306a\u6697\u53f7\u3001\u30af\u30ea\u30fc\u30f3\u306a\u8a3c\u660e\u66f8\u3001\u305d\u3057\u3066\u660e\u78ba\u306a\u30dd\u30ea\u30b7\u30fc\u306f\u3001\u6b21\u306e\u3088\u3046\u306a\u5834\u5408\u306b\u4e0d\u53ef\u6b20\u3067\u3042\u308b\u3053\u3068\u3092\u5f37\u8abf\u3057\u305f\u3044\u3002 <strong>\u30a8\u30b9\u30a8\u30e0\u30c6\u30a3\u30fc\u30d4\u30fc<\/strong> \u6975\u3081\u3066\u91cd\u8981\u3060\u3002TLS 1.3\u306f\u30ec\u30ac\u30b7\u30fc\u306a\u554f\u984c\u304b\u3089\u89e3\u653e\u3057\u3001TLS 1.2\u306f\u898f\u5f8b\u3042\u308b\u6697\u53f7\u30ea\u30b9\u30c8\u3092\u8981\u6c42\u3059\u308b\u3002DANE\u3068MTA-STS\u306f\u30c8\u30e9\u30f3\u30b9\u30dd\u30fc\u30c8\u30fb\u30d1\u30b9\u3092\u5f37\u56fa\u306b\u3057\u3001SPF\/DKIM\/DMARC\u306f\u30a2\u30a4\u30c7\u30f3\u30c6\u30a3\u30c6\u30a3\u3068\u30ec\u30dd\u30fc\u30c8\u3092\u5b89\u5168\u306b\u3059\u308b\u3002\u5b9a\u671f\u7684\u306a\u30c6\u30b9\u30c8\u3068\u30ed\u30b0\u5206\u6790\u306b\u3088\u3063\u3066\u3001\u5909\u66f4\u304c\u671b\u307e\u3057\u304f\u306a\u3044\u526f\u4f5c\u7528\u3092\u3082\u305f\u3089\u3059\u304b\u3069\u3046\u304b\u304c\u65e9\u671f\u306b\u308f\u304b\u308a\u307e\u3059\u3002\u3053\u306e\u30ac\u30a4\u30c9\u3092\u8aad\u3081\u3070\u3001\u4e0d\u5fc5\u8981\u306a\u5909\u66f4\u3092\u3059\u308b\u3053\u3068\u306a\u304f\u3001\u5b89\u5168\u3067\u3001\u6027\u80fd\u304c\u9ad8\u304f\u3001\u5c06\u6765\u6027\u306e\u3042\u308b\u30e1\u30fc\u30eb\u30b5\u30fc\u30d0\u30fc\u3092\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 <strong>\u30ea\u30b9\u30af<\/strong>.<\/p>","protected":false},"excerpt":{"rendered":"<p>\u30e1\u30fc\u30eb\u30b5\u30fc\u30d0\u30fc\u306eTLS\u8a2d\u5b9a\u3068\u6697\u53f7\u306e\u9078\u629e\uff1a\u6700\u9069\u306a\u30e1\u30fc\u30eb\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3068\u96fb\u5b50\u30e1\u30fc\u30eb\u6697\u53f7\u5316\u30db\u30b9\u30c6\u30a3\u30f3\u30b0\u306e\u305f\u3081\u306esmtp TLS\u8a2d\u5b9a\u3002\u5b8c\u5168\u306a\u30a8\u30ad\u30b9\u30d1\u30fc\u30c8\u30ac\u30a4\u30c9\u3002.<\/p>","protected":false},"author":1,"featured_media":18962,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_crdt_document":"","inline_featured_image":false,"footnotes":""},"categories":[708],"tags":[],"class_list":["post-18969","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-email"],"acf":[],"_wp_attached_file":null,"_wp_attachment_metadata":null,"litespeed-optimize-size":null,"litespeed-optimize-set":null,"_elementor_source_image_hash":null,"_wp_attachment_image_alt":null,"stockpack_author_name":null,"stockpack_author_url":null,"stockpack_provider":null,"stockpack_image_url":null,"stockpack_license":null,"stockpack_license_url":null,"stockpack_modification":null,"color":null,"original_id":null,"original_url":null,"original_link":null,"unsplash_location":null,"unsplash_sponsor":null,"unsplash_exif":null,"unsplash_attachment_metadata":null,"_elementor_is_screenshot":null,"surfer_file_name":null,"surfer_file_original_url":null,"envato_tk_source_kit":null,"envato_tk_source_index":null,"envato_tk_manifest":null,"envato_tk_folder_name":null,"envato_tk_builder":null,"envato_elements_download_event":null,"_menu_item_type":null,"_menu_item_menu_item_parent":null,"_menu_item_object_id":null,"_menu_item_object":null,"_menu_item_target":null,"_menu_item_classes":null,"_menu_item_xfn":null,"_menu_item_url":null,"_trp_menu_languages":null,"rank_math_primary_category":null,"rank_math_title":null,"inline_featured_image":null,"_yoast_wpseo_primary_category":null,"rank_math_schema_blogposting":null,"rank_math_schema_videoobject":null,"_oembed_049c719bc4a9f89deaead66a7da9fddc":null,"_oembed_time_049c719bc4a9f89deaead66a7da9fddc":null,"_yoast_wpseo_focuskw":null,"_yoast_wpseo_linkdex":null,"_oembed_27e3473bf8bec795fbeb3a9d38489348":null,"_oembed_c3b0f6959478faf92a1f343d8f96b19e":null,"_trp_translated_slug_en_us":null,"_wp_desired_post_slug":null,"_yoast_wpseo_title":null,"tldname":null,"tldpreis":null,"tldrubrik":null,"tldpolicylink":null,"tldsize":null,"tldregistrierungsdauer":null,"tldtransfer":null,"tldwhoisprivacy":null,"tldregistrarchange":null,"tldregistrantchange":null,"tldwhoisupdate":null,"tldnameserverupdate":null,"tlddeletesofort":null,"tlddeleteexpire":null,"tldumlaute":null,"tldrestore":null,"tldsubcategory":null,"tldbildname":null,"tldbildurl":null,"tldclean":null,"tldcategory":null,"tldpolicy":null,"tldbesonderheiten":null,"tld_bedeutung":null,"_oembed_d167040d816d8f94c072940c8009f5f8":null,"_oembed_b0a0fa59ef14f8870da2c63f2027d064":null,"_oembed_4792fa4dfb2a8f09ab950a73b7f313ba":null,"_oembed_33ceb1fe54a8ab775d9410abf699878d":null,"_oembed_fd7014d14d919b45ec004937c0db9335":null,"_oembed_21a029d076783ec3e8042698c351bd7e":null,"_oembed_be5ea8a0c7b18e658f08cc571a909452":null,"_oembed_a9ca7a298b19f9b48ec5914e010294d2":null,"_oembed_f8db6b27d08a2bb1f920e7647808899a":null,"_oembed_168ebde5096e77d8a89326519af9e022":null,"_oembed_cdb76f1b345b42743edfe25481b6f98f":null,"_oembed_87b0613611ae54e86e8864265404b0a1":null,"_oembed_27aa0e5cf3f1bb4bc416a4641a5ac273":null,"_oembed_time_27aa0e5cf3f1bb4bc416a4641a5ac273":null,"_tldname":null,"_tldclean":null,"_tldpreis":null,"_tldcategory":null,"_tldsubcategory":null,"_tldpolicy":null,"_tldpolicylink":null,"_tldsize":null,"_tldregistrierungsdauer":null,"_tldtransfer":null,"_tldwhoisprivacy":null,"_tldregistrarchange":null,"_tldregistrantchange":null,"_tldwhoisupdate":null,"_tldnameserverupdate":null,"_tlddeletesofort":null,"_tlddeleteexpire":null,"_tldumlaute":null,"_tldrestore":null,"_tldbildname":null,"_tldbildurl":null,"_tld_bedeutung":null,"_tldbesonderheiten":null,"_oembed_ad96e4112edb9f8ffa35731d4098bc6b":null,"_oembed_8357e2b8a2575c74ed5978f262a10126":null,"_oembed_3d5fea5103dd0d22ec5d6a33eff7f863":null,"_eael_widget_elements":null,"_oembed_0d8a206f09633e3d62b95a15a4dd0487":null,"_oembed_time_0d8a206f09633e3d62b95a15a4dd0487":null,"_aioseo_description":null,"_eb_attr":null,"_eb_data_table":null,"_oembed_819a879e7da16dd629cfd15a97334c8a":null,"_oembed_time_819a879e7da16dd629cfd15a97334c8a":null,"_acf_changed":null,"_wpcode_auto_insert":null,"_edit_last":null,"_edit_lock":null,"_oembed_e7b913c6c84084ed9702cb4feb012ddd":null,"_oembed_bfde9e10f59a17b85fc8917fa7edf782":null,"_oembed_time_bfde9e10f59a17b85fc8917fa7edf782":null,"_oembed_03514b67990db061d7c4672de26dc514":null,"_oembed_time_03514b67990db061d7c4672de26dc514":null,"rank_math_news_sitemap_robots":null,"rank_math_robots":null,"_eael_post_view_count":"512","_trp_automatically_translated_slug_ru_ru":null,"_trp_automatically_translated_slug_et":null,"_trp_automatically_translated_slug_lv":null,"_trp_automatically_translated_slug_fr_fr":null,"_trp_automatically_translated_slug_en_us":null,"_wp_old_slug":null,"_trp_automatically_translated_slug_da_dk":null,"_trp_automatically_translated_slug_pl_pl":null,"_trp_automatically_translated_slug_es_es":null,"_trp_automatically_translated_slug_hu_hu":null,"_trp_automatically_translated_slug_fi":null,"_trp_automatically_translated_slug_ja":null,"_trp_automatically_translated_slug_lt_lt":null,"_elementor_edit_mode":null,"_elementor_template_type":null,"_elementor_version":null,"_elementor_pro_version":null,"_wp_page_template":null,"_elementor_page_settings":null,"_elementor_data":null,"_elementor_css":null,"_elementor_conditions":null,"_happyaddons_elements_cache":null,"_oembed_75446120c39305f0da0ccd147f6de9cb":null,"_oembed_time_75446120c39305f0da0ccd147f6de9cb":null,"_oembed_3efb2c3e76a18143e7207993a2a6939a":null,"_oembed_time_3efb2c3e76a18143e7207993a2a6939a":null,"_oembed_59808117857ddf57e478a31d79f76e4d":null,"_oembed_time_59808117857ddf57e478a31d79f76e4d":null,"_oembed_965c5b49aa8d22ce37dfb3bde0268600":null,"_oembed_time_965c5b49aa8d22ce37dfb3bde0268600":null,"_oembed_81002f7ee3604f645db4ebcfd1912acf":null,"_oembed_time_81002f7ee3604f645db4ebcfd1912acf":null,"_elementor_screenshot":null,"_oembed_7ea3429961cf98fa85da9747683af827":null,"_oembed_time_7ea3429961cf98fa85da9747683af827":null,"_elementor_controls_usage":null,"_elementor_page_assets":[],"_elementor_screenshot_failed":null,"theplus_transient_widgets":null,"_eael_custom_js":null,"_wp_old_date":null,"_trp_automatically_translated_slug_it_it":null,"_trp_automatically_translated_slug_pt_pt":null,"_trp_automatically_translated_slug_zh_cn":null,"_trp_automatically_translated_slug_nl_nl":null,"_trp_automatically_translated_slug_pt_br":null,"_trp_automatically_translated_slug_sv_se":null,"rank_math_analytic_object_id":null,"rank_math_internal_links_processed":"1","_trp_automatically_translated_slug_ro_ro":null,"_trp_automatically_translated_slug_sk_sk":null,"_trp_automatically_translated_slug_bg_bg":null,"_trp_automatically_translated_slug_sl_si":null,"litespeed_vpi_list":null,"litespeed_vpi_list_mobile":null,"rank_math_seo_score":null,"rank_math_contentai_score":null,"ilj_limitincominglinks":null,"ilj_maxincominglinks":null,"ilj_limitoutgoinglinks":null,"ilj_maxoutgoinglinks":null,"ilj_limitlinksperparagraph":null,"ilj_linksperparagraph":null,"ilj_blacklistdefinition":null,"ilj_linkdefinition":null,"_eb_reusable_block_ids":null,"rank_math_focus_keyword":"Mailserver TLS","rank_math_og_content_image":null,"_yoast_wpseo_metadesc":null,"_yoast_wpseo_content_score":null,"_yoast_wpseo_focuskeywords":null,"_yoast_wpseo_keywordsynonyms":null,"_yoast_wpseo_estimated-reading-time-minutes":null,"rank_math_description":null,"surfer_last_post_update":null,"surfer_last_post_update_direction":null,"surfer_keywords":null,"surfer_location":null,"surfer_draft_id":null,"surfer_permalink_hash":null,"surfer_scrape_ready":null,"_thumbnail_id":"18962","footnotes":null,"_links":{"self":[{"href":"https:\/\/webhosting.de\/ja\/wp-json\/wp\/v2\/posts\/18969","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/webhosting.de\/ja\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webhosting.de\/ja\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webhosting.de\/ja\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/webhosting.de\/ja\/wp-json\/wp\/v2\/comments?post=18969"}],"version-history":[{"count":0,"href":"https:\/\/webhosting.de\/ja\/wp-json\/wp\/v2\/posts\/18969\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webhosting.de\/ja\/wp-json\/wp\/v2\/media\/18962"}],"wp:attachment":[{"href":"https:\/\/webhosting.de\/ja\/wp-json\/wp\/v2\/media?parent=18969"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webhosting.de\/ja\/wp-json\/wp\/v2\/categories?post=18969"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webhosting.de\/ja\/wp-json\/wp\/v2\/tags?post=18969"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}