schnoor.koeln - TLS / STARTTLS Test

Discover if the mail servers for schnoor.koeln can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Tue, 16 Sep 2025 14:09:08 +0000

Certificates

Trustworthy
Protocol

Secure
DANE

Problems found

The mailservers of schnoor.koeln can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @schnoor.koeln addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
mail.schnoor-it.de 2a02:2479:54:fa00::1	10	supported	mail.schnoor-it.de	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2025-09-16 6 s
mail.schnoor-it.de 212.227.189.201	10	supported	mail.schnoor-it.de	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2025-09-16 5 s

Outgoing Mails

We have not received any emails from a @schnoor.koeln address so far. Test mail delivery

Certificates

First seen at: 2025-09-16

CN=mail.schnoor-it.de

Certificate chain

mail.schnoor-it.de
- 2025-11-28 remaining
- 4096 bit
- sha256WithRSAEncryption

Subject

Common Name (CN)

mail.schnoor-it.de

Alternative Names

autoconfig.fc-koeln.eu
autoconfig.hbglan.de
autoconfig.schnoor-it.de
autoconfig.schnoor.koeln
autodiscover.fc-koeln.eu
autodiscover.hbglan.de
autodiscover.schnoor-it.de
autodiscover.schnoor.koeln
mail.schnoor-it.de

Issuer

Country (C)

Organization (O)

Let's Encrypt

Common Name (CN)

validity period

Not valid before: 2025-08-30
Not valid after: 2025-11-28

This certifcate has been verified for the following usages:

Digital Signature
Key Encipherment
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: BD:58:64:CF:41:BD:5E:7B:70:21:85:90:45:B2:C8:8B:5B:8D:FE:68:85:E1:D4:B6:3E:D9:99:02:38:F4:45:96
SHA1: 2F:97:0E:7D:47:F6:52:F0:E6:94:B2:3D:87:9C:2B:92:1A:2B:D6:84

X509v3 extensions

subjectKeyIdentifier

CB:C8:FC:4E:C0:C8:8B:22:71:28:F9:FE:E7:05:B0:F5:B6:44:EE:DC

authorityKeyIdentifier

keyid:00:B5:29:F2:2D:8E:6F:31:E8:9B:4C:AD:78:3E:FA:DC:E9:0C:D1:D2

authorityInfoAccess

CA Issuers - URI:http://r12.i.lencr.org/

certificatePolicies

Policy: 2.23.140.1.2.1

crlDistributionPoints

Full Name:
URI:http://r12.c.lencr.org/40.crl

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : CC:FB:0F:6A:85:71:09:65:FE:95:9B:53:CE:E9:B2:7C:
22:E9:85:5C:0D:97:8D:B6:A9:7E:54:C0:FE:4C:0D:B0
Timestamp : Aug 30 08:47:36.086 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:19:B5:D3:FE:B6:56:EB:E8:FB:E4:55:7D:
E7:6B:05:0F:E9:31:3F:F9:F9:EE:19:92:F5:E9:B6:32:
C3:E4:75:F9:02:20:0C:B1:06:50:AD:54:2B:D1:65:25:
DD:FD:02:DB:A1:CF:16:27:82:51:46:C1:15:84:9B:BB:
5D:EE:93:FA:7E:B0
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 12:F1:4E:34:BD:53:72:4C:84:06:19:C3:8F:3F:7A:13:
F8:E7:B5:62:87:88:9C:6D:30:05:84:EB:E5:86:26:3A
Timestamp : Aug 30 08:47:36.045 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:35:95:F6:AE:B9:34:85:C5:57:23:BC:02:
DC:C4:BA:77:88:AE:39:F6:9B:81:AB:2B:6B:2D:1E:84:
44:76:E5:3D:02:21:00:FD:C6:76:32:15:09:D3:48:AB:
F7:CA:07:C0:85:B8:38:AA:D0:EF:6F:88:CF:D2:14:7B:
2A:78:39:2A:FC:FC:59

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.mail.schnoor-it.de	DANE-EE: Domain Issued Certificate Use subject public key SHA-256 Hash	error Debug	valid

SSL check results of schnoor.koeln