mail24.vip - TLS / STARTTLS Test

Discover if the mail servers for mail24.vip can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Mon, 12 Apr 2021 17:06:04 +0000

Certificates

Trustworthy
Protocol

Secure
DANE

Valid

The mailservers of mail24.vip can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @mail24.vip addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
server.ist-immer-online.de 2003:cc:f707:8b00:211:32ff:fe9e:c477	10	supported	server.ist-immer-online.de	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2021-04-12 10 s
server.ist-immer-online.de 79.196.242.252	10	supported	server.ist-immer-online.de	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2021-04-12 2 s

Outgoing Mails

We have received emails from these servers with @mail24.vip sender addresses. Test mail delivery

Host	TLS Version & Cipher
mout01.posteo.de (185.67.36.141)	TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384	2021-03-24
mout02.posteo.de (185.67.36.142)	TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384	2020-02-09

Certificates

First seen at: 2021-02-12

CN=server.ist-immer-online.de

Certificate chain

server.ist-immer-online.de
- 2021-05-13 remaining
- 2048 bit
- sha256WithRSAEncryption

Subject

Common Name (CN)

server.ist-immer-online.de

Alternative Names

server.ist-immer-online.de

Issuer

Country (C)

Organization (O)

Let's Encrypt

Common Name (CN)

validity period

Not valid before: 2021-02-12
Not valid after: 2021-05-13

This certifcate has been verified for the following usages:

Digital Signature
Key Encipherment
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: 34:54:37:B8:9B:EC:8C:09:0B:5E:EB:70:24:57:A1:90:A3:A7:11:DC:C2:03:8A:68:6E:24:6E:FC:9C:7E:ED:8E
SHA1: 31:4F:B7:DB:65:27:04:2F:91:3D:BB:F1:F3:ED:8F:42:48:82:B2:E1

X509v3 extensions

subjectKeyIdentifier

EA:54:7C:C7:34:53:B2:F2:D4:C6:C4:F1:88:71:27:68:67:7C:9C:A2

authorityKeyIdentifier

keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6

authorityInfoAccess

OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/

certificatePolicies

Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 94:20:BC:1E:8E:D5:8D:6C:88:73:1F:82:8B:22:2C:0D:
D1:DA:4D:5E:6C:4F:94:3D:61:DB:4E:2F:58:4D:A2:C2
Timestamp : Feb 12 09:58:38.240 2021 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:E8:55:5B:26:B4:EE:8A:33:11:A1:BA:
4F:AC:F7:63:7A:6C:14:ED:34:69:F4:D1:D1:07:4D:31:
48:24:8D:76:42:02:21:00:C2:61:78:76:6D:A3:3D:45:
FF:6A:45:F6:A2:23:D9:E2:BA:F8:12:A5:CB:F3:4C:AC:
FC:97:C9:CE:67:3B:A7:A2
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7D:3E:F2:F8:8F:FF:88:55:68:24:C2:C0:CA:9E:52:89:
79:2B:C5:0E:78:09:7F:2E:6A:97:68:99:7E:22:F0:D7
Timestamp : Feb 12 09:58:38.294 2021 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:88:F0:1D:1A:28:18:64:E7:7D:05:9E:
CD:31:EF:4E:D2:29:C5:CB:79:9A:E1:E3:41:33:8E:79:
11:0F:0F:3D:1C:02:21:00:83:CE:55:D1:38:7B:CD:22:
05:0A:B5:69:AB:DD:79:D2:CD:A8:6B:D1:38:C0:3D:5A:
FF:62:A0:0F:8C:52:F8:FF

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.server.ist-immer-online.de	DANE-TA: Trust Anchor Assertion Use full certificate SHA-512 Hash	valid	valid

SSL check results of mail24.vip