SSL-Tools

SSL check results of kopie.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for kopie.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Sun, 26 Apr 2026 00:30:19 +0000

We can not guarantee a secure connection to the mailservers of kopie.de!

Please contact the operator of kopie.de and ask him or her to solve this problem. This result stays accessible under the following address:

/mailservers/kopie.de

Servers

Incoming Mails

These servers are responsible for incoming mails to @kopie.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mxext2.mailbox.org
2001:67c:2050:104::2:25:1
 10
supported
*.mailbox.org
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s
mxext2.mailbox.org
80.241.60.215
 10
supported
*.mailbox.org
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
1 s
mxext1.mailbox.org
2001:67c:2050:104::1:25:1
 10
supported
*.mailbox.org
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
5 s
mxext1.mailbox.org
80.241.60.212
Results incomplete
10
unsupported
not checked
DANE
errors
PFS
not checked
Heartbleed
not checked
Weak ciphers
not checked
5 s
mxext3.mailbox.org
2001:67c:2050:104::3:25:1
 20
supported
*.mailbox.org
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s
mxext3.mailbox.org
80.241.60.216
 20
supported
*.mailbox.org
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
1 s
mxe8c9.netcup.net
2a03:4000::382:d422:b4ff:fe2b:41e
Results incomplete
50
supported
*.netcup.net
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
mxe8c9.netcup.net
202.61.232.201
Results incomplete
50
supported
*.netcup.net
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s

Outgoing Mails

We have not received any emails from a @kopie.de address so far. Test mail delivery

Certificates

First seen at:

CN=*.mailbox.org

Certificate chain
Subject
Common Name (CN)
  • *.mailbox.org
Alternative Names
  • *.mailbox.org
  • mailbox.org
Issuer
Country (C)
  • US
Organization (O)
  • DigiCert Inc
Organizational Unit (OU)
  • www.digicert.com
Common Name (CN)
  • Thawte TLS RSA CA G1
validity period
Not valid before
2025-05-13
Not valid after
2026-06-10
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
68:A2:7F:14:D4:D6:48:5F:4E:7B:A2:22:AA:AF:62:97:C2:49:74:EE:64:6F:19:ED:AC:8C:99:43:DC:F5:13:82
SHA1
E1:A4:6D:CB:6A:A1:1F:19:10:54:9E:18:62:FB:F7:B7:7D:E2:DE:0B
X509v3 extensions
authorityKeyIdentifier
  • keyid:A5:8C:FE:32:CC:EB:0F:2C:D4:19:C6:08:B8:00:24:88:5D:C3:C5:B7
subjectKeyIdentifier
  • 67:75:75:39:E5:87:FF:BB:FA:13:96:E9:08:A1:B5:55:C8:61:AA:08
certificatePolicies
  • Policy: 2.23.140.1.2.1
  • CPS: http://www.digicert.com/CPS
crlDistributionPoints
  • Full Name:
  • URI:http://cdp.thawte.com/ThawteTLSRSACAG1.crl
authorityInfoAccess
  • OCSP - URI:http://status.thawte.com
  • CA Issuers - URI:http://cacerts.thawte.com/ThawteTLSRSACAG1.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 0E:57:94:BC:F3:AE:A9:3E:33:1B:2C:99:07:B3:F7:90:
  • DF:9B:C2:3D:71:32:25:DD:21:A9:25:AC:61:C5:4E:21
  • Timestamp : May 13 09:30:29.091 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:42:7C:76:F4:61:A7:D7:AC:56:39:3D:70:
  • 1D:29:FD:EA:85:70:9A:48:F0:33:23:57:B9:21:1E:78:
  • ED:01:9D:8D:02:21:00:CA:32:D1:3E:1F:35:0A:72:89:
  • 91:42:1C:57:23:60:BE:9A:0F:F6:84:A2:85:81:20:1A:
  • 67:1F:3B:2D:88:47:CD
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 64:11:C4:6C:A4:12:EC:A7:89:1C:A2:02:2E:00:BC:AB:
  • 4F:28:07:D4:1E:35:27:AB:EA:FE:D5:03:C9:7D:CD:F0
  • Timestamp : May 13 09:30:29.002 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:EA:C8:8F:A6:25:5D:34:CB:3B:C6:C8:
  • 46:AF:77:BC:3B:3A:46:BE:82:02:48:85:5F:48:2A:AC:
  • BD:FD:4B:3D:6A:02:21:00:F0:17:97:87:20:D4:9B:43:
  • BD:E6:EE:C3:4F:EC:68:20:3D:40:EB:9C:E6:E1:1D:F0:
  • 0A:4B:50:F3:B5:DD:5C:0C
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 49:9C:9B:69:DE:1D:7C:EC:FC:36:DE:CD:87:64:A6:B8:
  • 5B:AF:0A:87:80:19:D1:55:52:FB:E9:EB:29:DD:F8:C3
  • Timestamp : May 13 09:30:29.024 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:23:18:C0:DA:9B:36:26:B4:61:36:1B:4A:
  • CE:99:83:15:3E:0F:C1:54:3D:D3:92:53:D4:7E:86:B7:
  • 2D:89:70:58:02:20:1E:87:AF:81:95:5D:53:51:3D:4C:
  • 62:30:DF:1B:86:54:F0:B1:75:DD:89:21:44:81:FE:45:
  • B2:47:76:81:90:E8
First seen at:

CN=*.netcup.net

Certificate chain
Subject
Common Name (CN)
  • *.netcup.net
Alternative Names
  • *.netcup.net
  • netcup.net
Issuer
Country (C)
  • US
Organization (O)
  • DigiCert Inc
Organizational Unit (OU)
  • www.digicert.com
Common Name (CN)
  • RapidSSL TLS RSA CA G1
validity period
Not valid before
2025-09-10
Not valid after
2026-09-09
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
8A:29:49:62:7A:4A:EC:13:4D:6C:08:E7:1C:E7:80:03:3A:28:78:99:D3:38:61:ED:D2:7C:43:CD:8E:F4:2C:C9
SHA1
6F:67:22:0F:D1:AB:AD:51:CC:C4:C1:B0:9E:FA:CF:32:30:B9:90:AC
X509v3 extensions
authorityKeyIdentifier
  • keyid:0C:DB:6C:82:49:0F:4A:67:0A:B8:14:EE:7A:C4:48:52:88:EB:56:38
subjectKeyIdentifier
  • EA:D7:B6:20:A8:5D:53:51:0D:5B:24:EB:07:67:13:21:0A:BD:2F:E4
certificatePolicies
  • Policy: 2.23.140.1.2.1
  • CPS: http://www.digicert.com/CPS
crlDistributionPoints
  • Full Name:
  • URI:http://cdp.rapidssl.com/RapidSSLTLSRSACAG1.crl
authorityInfoAccess
  • OCSP - URI:http://status.rapidssl.com
  • CA Issuers - URI:http://cacerts.rapidssl.com/RapidSSLTLSRSACAG1.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : D8:09:55:3B:94:4F:7A:FF:C8:16:19:6F:94:4F:85:AB:
  • B0:F8:FC:5E:87:55:26:0F:15:D1:2E:72:BB:45:4B:14
  • Timestamp : Sep 10 11:14:38.524 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:DE:06:5F:85:E3:10:AE:0F:E6:94:86:
  • C5:47:27:4A:C0:53:89:7A:BC:E5:DC:54:03:81:90:F4:
  • 3B:17:43:77:CB:02:21:00:A0:BD:07:6D:B8:D9:62:7A:
  • 08:20:2F:C6:D4:CC:FC:B1:80:14:B1:DD:D1:D5:43:F5:
  • CD:E3:BD:4B:A3:82:0D:E4
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : C2:31:7E:57:45:19:A3:45:EE:7F:38:DE:B2:90:41:EB:
  • C7:C2:21:5A:22:BF:7F:D5:B5:AD:76:9A:D9:0E:52:CD
  • Timestamp : Sep 10 11:14:38.513 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:BB:C6:0F:33:9B:33:5F:42:24:EA:4C:
  • AF:58:32:DA:B1:60:2B:7D:F7:1F:A2:E4:D5:BC:8B:F7:
  • E3:54:3E:A3:92:02:20:21:85:F5:96:6B:E3:23:7E:77:
  • E4:60:AF:40:F1:14:D1:F8:9E:FA:38:C4:F2:3D:67:E1:
  • 00:C5:2A:DB:9E:22:CB
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 94:4E:43:87:FA:EC:C1:EF:81:F3:19:24:26:A8:18:65:
  • 01:C7:D3:5F:38:02:01:3F:72:67:7D:55:37:2E:19:D8
  • Timestamp : Sep 10 11:14:38.528 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:34:D2:0B:43:4A:AB:3E:6A:A3:D0:3D:44:
  • 09:72:B8:D7:0E:F9:28:8D:88:9C:EC:BA:A3:39:1E:62:
  • AB:20:0C:7F:02:20:41:C8:49:AD:F8:8D:A8:8D:B7:0F:
  • 2C:49:8F:E5:60:66:FB:15:5C:A6:8D:4B:A8:19:36:E8:
  • 14:2A:BC:26:60:2C

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mxext1.mailbox.org
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mxext1.mailbox.org
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mxext1.mailbox.org
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mxext3.mailbox.org
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mxext3.mailbox.org
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mxext3.mailbox.org
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mxext2.mailbox.org
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mxext2.mailbox.org
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mxext2.mailbox.org
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid