kalmar.net - TLS / STARTTLS Test

Discover if the mail servers for kalmar.net can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Thu, 10 Jul 2025 10:14:09 +0000

Certificates

Trustworthy
Protocol

Problems found
DANE

Problems found

We can not guarantee a secure connection to the mailservers of kalmar.net!

Please contact the operator of kalmar.net and ask him or her to solve this problem. This result stays accessible under the following address:

/mailservers/kalmar.net

Servers

Incoming Mails

These servers are responsible for incoming mails to @kalmar.net addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
mail.mellstrand.se 2001:9b1:9bce::10 Results incomplete	1	unsupported	not checked	DANE errors PFS not checked Heartbleed not checked Weak ciphers not checked		2025-07-10 1 s
mail.mellstrand.se 85.24.228.174	1	supported	mail.mellstrand.net	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2025-07-10 2 s

Outgoing Mails

We have not received any emails from a @kalmar.net address so far. Test mail delivery

Certificates

First seen at: 2025-07-10

CN=mail.mellstrand.net

Certificate chain

mail.mellstrand.net
- 2025-10-07 remaining
- 2048 bit
- sha256WithRSAEncryption

Subject

Common Name (CN)

mail.mellstrand.net

Alternative Names

mail.mellstrand.net
mail.mellstrand.se
mail4.mellstrand.net
mail4.mellstrand.se
mail6.mellstrand.net
mail6.mellstrand.se

Issuer

Country (C)

Organization (O)

Let's Encrypt

Common Name (CN)

validity period

Not valid before: 2025-07-09
Not valid after: 2025-10-07

This certifcate has been verified for the following usages:

Digital Signature
Key Encipherment
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: FF:B8:7E:D2:21:57:F8:D6:4B:1F:F5:28:74:EF:B1:7C:0A:52:31:28:72:31:EE:0B:80:75:A0:3C:CD:70:98:05
SHA1: 13:D2:F2:E1:C8:C0:0D:04:BA:8B:E8:88:CB:56:28:C8:C9:5B:77:F7

X509v3 extensions

subjectKeyIdentifier

81:FA:4B:04:11:E7:34:AE:A6:74:D7:9C:5E:C0:75:D4:0D:8C:1D:6D

authorityKeyIdentifier

keyid:C5:CF:46:A4:EA:F4:C3:C0:7A:6C:95:C4:2D:B0:5E:92:2F:26:E3:B9

authorityInfoAccess

CA Issuers - URI:http://r11.i.lencr.org/

certificatePolicies

Policy: 2.23.140.1.2.1

crlDistributionPoints

Full Name:
URI:http://r11.c.lencr.org/51.crl

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7D:59:1E:12:E1:78:2A:7B:1C:61:67:7C:5E:FD:F8:D0:
87:5C:14:A0:4E:95:9E:B9:03:2F:D9:0E:8C:2E:79:B8
Timestamp : Jul 9 14:09:10.829 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:B8:8D:07:FB:55:B7:21:57:39:AC:9B:
AD:4D:CE:7E:49:00:47:AD:15:17:84:95:25:84:18:1B:
6C:8F:73:45:1D:02:20:05:FA:84:66:7F:20:89:C1:00:
94:C0:41:2F:84:EF:1D:6D:F6:D8:75:AB:01:86:46:E7:
5A:75:48:A1:E4:BF:6D
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 1A:04:FF:49:D0:54:1D:40:AF:F6:A0:C3:BF:F1:D8:C4:
67:2F:4E:EC:EE:23:40:68:98:6B:17:40:2E:DC:89:7D
Timestamp : Jul 9 14:09:11.013 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:96:09:D0:34:6A:3B:C1:DD:27:0D:2A:
3E:F3:FA:08:4A:95:0C:DB:90:60:DB:DC:ED:11:F4:60:
61:E8:61:4C:94:02:20:53:F6:5D:25:DC:E6:A9:21:89:
76:9F:78:79:05:A9:4D:EB:11:2C:5B:88:59:2C:9A:03:
7A:F4:BD:E4:F3:6B:B5

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.mail.mellstrand.se	DANE-EE: Domain Issued Certificate Use subject public key SHA-256 Hash	valid	valid

SSL check results of kalmar.net