SSL check results of mail24.vip

NEW You can also bulk check multiple servers.

Discover if the mail servers for mail24.vip can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Thu, 05 Jun 2025 11:44:53 +0000

The mailservers of mail24.vip can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @mail24.vip addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
server.ist-immer-online.de
2003:cc:f701:4d00:9209:d0ff:fe25:a7aa
10
supported
server.ist-immer-online.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
8 s
server.ist-immer-online.de
79.196.252.2
10
supported
server.ist-immer-online.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
9 s

Outgoing Mails

We have received emails from these servers with @mail24.vip sender addresses. Test mail delivery

Host TLS Version & Cipher
mout-p-102.mailbox.org (80.241.56.152)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout01.posteo.de (185.67.36.141)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
mout02.posteo.de (185.67.36.142)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

Certificates

First seen at:

CN=server.ist-immer-online.de

Certificate chain
  • server.ist-immer-online.de
    • remaining
    • 2048 bit
    • sha256WithRSAEncryption

      • R11
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption

          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption

Subject
Common Name (CN)
  • server.ist-immer-online.de
Alternative Names
  • server.ist-immer-online.de
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R11
validity period
Not valid before
2025-05-12
Not valid after
2025-08-10
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
92:55:9A:C5:A5:91:58:53:7D:77:24:43:28:12:2E:D7:F4:EC:F5:3F:14:AF:DD:FB:09:8A:B5:2D:73:53:F7:0E
SHA1
6D:49:63:F1:B5:9F:51:B7:5D:C6:73:08:D7:9E:82:33:1C:83:F5:E1
X509v3 extensions
subjectKeyIdentifier
  • 54:06:87:4C:05:D6:12:F6:98:B3:35:FC:A8:CA:D5:2E:BC:B5:9C:B9
authorityKeyIdentifier
  • keyid:C5:CF:46:A4:EA:F4:C3:C0:7A:6C:95:C4:2D:B0:5E:92:2F:26:E3:B9
authorityInfoAccess
  • CA Issuers - URI:http://r11.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
crlDistributionPoints
  • Full Name:
  • URI:http://r11.c.lencr.org/42.crl
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : A4:42:C5:06:49:60:61:54:8F:0F:D4:EA:9C:FB:7A:2D:
  • 26:45:4D:87:A9:7F:2F:DF:45:59:F6:27:4F:3A:84:54
  • Timestamp : May 12 04:08:37.167 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:8B:D8:7E:03:2F:E3:2D:92:A6:2E:51:
  • 72:47:78:19:3D:26:77:F6:F2:AD:C7:CE:07:8C:D7:2C:
  • 1A:C1:C6:92:4A:02:20:57:1A:C0:CA:5A:CC:7E:E3:4A:
  • 9C:07:A6:A1:E6:E4:60:24:3B:43:5D:8C:95:D2:CF:24:
  • 43:87:66:47:55:0B:23
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : AF:18:1A:28:D6:8C:A3:E0:A9:8A:4C:9C:67:AB:09:F8:
  • BB:BC:22:BA:AE:BC:B1:38:A3:A1:9D:D3:F9:B6:03:0D
  • Timestamp : May 12 04:08:42.119 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:ED:E2:28:14:6E:31:2D:5A:02:D2:89:
  • 25:FA:CE:93:C4:72:26:A3:27:90:A2:A3:90:04:20:68:
  • 63:E9:7D:5C:E2:02:21:00:88:0D:33:EE:31:97:60:44:
  • 8F:F9:C5:83:89:A1:CF:26:2E:F9:BC:1A:97:32:59:07:
  • 6C:27:09:88:5B:69:BB:14

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.server.ist-immer-online.de
  • DANE-TA: Trust Anchor Assertion
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.server.ist-immer-online.de
  • DANE-TA: Trust Anchor Assertion
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.server.ist-immer-online.de
  • DANE-TA: Trust Anchor Assertion
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.server.ist-immer-online.de
  • DANE-TA: Trust Anchor Assertion
  • Use subject public key
  • SHA-256 Hash
valid