neugemail.de - TLS / STARTTLS Test

Discover if the mail servers for neugemail.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Sun, 07 Jun 2026 00:30:58 +0000

Certificates

Trustworthy
Protocol

Secure
DANE

Valid

The mailservers of neugemail.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @neugemail.de addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
mail.xbauer.com 2a01:4f8:c010:894f::1	10	supported	mail.xbauer.com	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2026-06-07 1 s
mail.xbauer.com 91.99.82.209	10	supported	mail.xbauer.com	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2026-06-07 1 s

Outgoing Mails

We have not received any emails from a @neugemail.de address so far. Test mail delivery

Certificates

First seen at: 2026-05-31

CN=mail.xbauer.com

Certificate chain

mail.xbauer.com
- 2026-08-29 remaining
- 256 bit
- ecdsa-with-SHA384

Subject

Common Name (CN)

mail.xbauer.com

Alternative Names

autoconfig.xbauer.com
autodiscover.xbauer.com
mail.xbauer.com
mta-sts.xbauer.com

Issuer

Country (C)

Organization (O)

Let's Encrypt

Common Name (CN)

validity period

Not valid before: 2026-05-31
Not valid after: 2026-08-29

This certifcate has been verified for the following usages:

Digital Signature
TLS Web Server Authentication

Fingerprints

SHA256: 03:04:20:AA:36:B3:60:0F:0B:81:C7:D0:F7:16:C2:11:38:3B:E7:29:F5:E7:A8:85:84:F6:B2:0D:08:F6:C4:2D
SHA1: 27:62:2C:0B:26:87:9D:BB:44:9B:97:6B:0D:64:CC:B7:BA:DB:71:E7

X509v3 extensions

subjectKeyIdentifier

D9:90:66:10:9E:4B:2F:CA:12:4B:66:15:57:D7:56:39:49:58:14:E8

authorityKeyIdentifier

keyid:B9:59:F2:8E:CF:22:F0:86:D3:37:48:FF:76:14:18:BA:82:D8:55:87

authorityInfoAccess

CA Issuers - URI:http://ye2.i.lencr.org/

certificatePolicies

Policy: 2.23.140.1.2.1

crlDistributionPoints

Full Name:
URI:http://ye2.c.lencr.org/78.crl

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : C8:A3:C4:7F:C7:B3:AD:B9:35:6B:01:3F:6A:7A:12:6D:
E3:3A:4E:43:A5:C6:46:F9:97:AD:39:75:99:1D:CF:9A
Timestamp : May 31 17:03:45.067 2026 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:D4:9D:19:10:24:0A:87:27:75:19:79:
0C:26:E0:48:DD:34:B6:6F:8F:7F:4B:23:2E:BE:F0:01:
0F:1E:1A:9B:14:02:20:07:61:5C:3D:58:DD:5F:26:23:
20:66:49:3C:CF:34:34:5D:7F:53:E6:B3:61:1D:80:DC:
DB:55:2A:02:4B:AB:3B
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 6C:FE:50:19:43:A8:5E:A9:16:BC:52:D1:33:E4:DC:C9:
1E:F1:41:1C:7D:25:84:20:D1:73:80:9E:18:18:EB:3A
Timestamp : May 31 17:03:45.201 2026 GMT
Extensions: 00:00:05:00:0E:48:C0:A4
Signature : ecdsa-with-SHA256
30:44:02:20:62:73:D6:2E:FA:E0:86:FC:3E:67:73:34:
0B:05:2E:E1:84:D5:D9:A4:E4:0A:96:A4:6C:5A:61:EC:
9A:B0:F9:CA:02:20:18:7B:85:A9:D1:D0:31:44:68:96:
B0:D6:40:DE:5E:7F:CF:D0:F2:26:51:77:E5:74:F0:27:
DF:29:23:40:1C:51

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.mail.xbauer.com	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	valid
_25._tcp.mail.xbauer.com	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	valid
_25._tcp.mail.xbauer.com	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	valid
_25._tcp.mail.xbauer.com	DANE-EE: Domain Issued Certificate Use subject public key SHA-256 Hash	valid	valid

SSL check results of neugemail.de