SSL check results of posteo.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for posteo.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Tue, 20 Oct 2020 10:44:07 +0000

No connection to the mailservers of posteo.de could be established.

Servers

Incoming Mails

These servers are responsible for incoming mails to @posteo.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx04.posteo.de
185.67.36.71
Results incomplete
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
8 s
mx04.posteo.de
185.67.36.64
Results incomplete
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
9 s
mx03.posteo.de
185.67.36.70
Results incomplete
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
8 s
mx03.posteo.de
185.67.36.63
Results incomplete
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
8 s
mx01.posteo.de
185.67.36.61
Results incomplete
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
9 s
mx01.posteo.de
185.67.36.62
Results incomplete
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
9 s

Outgoing Mails

We have received emails from these servers with @posteo.de sender addresses. Test mail delivery

Host TLS Version & Cipher
mout02.posteo.de (185.67.36.66)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
mout01.posteo.de (185.67.36.65)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

Certificates

First seen at:

CN=mx01.posteo.de,O=Posteo e.K.,L=Berlin,ST=Berlin,C=DE,serialNumber=HRA 47592,jurisdictionL=Berlin,jurisdictionST=Berlin,jurisdictionC=DE,businessCategory=Private Organization

Certificate chain
Subject
Business category
  • Private Organization
jurisdictionC
  • DE
jurisdictionST
  • Berlin
jurisdictionL
  • Berlin
Serial number
  • HRA 47592
Country (C)
  • DE
State (ST)
  • Berlin
Locality (L)
  • Berlin
Organization (O)
  • Posteo e.K.
Common Name (CN)
  • mx01.posteo.de
Alternative Names
  • mx01.posteo.de
  • mx02.posteo.de
  • mx03.posteo.de
  • mx04.posteo.de
Issuer
Country (C)
  • US
Organization (O)
  • DigiCert Inc
Organizational Unit (OU)
  • www.digicert.com
Common Name (CN)
  • GeoTrust EV RSA CA 2018
validity period
Not valid before
2020-08-04
Not valid after
2021-09-29
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
26:76:DE:42:54:58:8B:0B:90:B1:45:7E:0D:8A:0A:C2:1A:28:18:2A:28:30:ED:A8:1F:9C:38:EF:F2:49:51:02
SHA1
FB:87:57:6F:A9:99:4F:96:69:09:2D:76:23:C8:5E:09:77:FD:C3:5B
X509v3 extensions
authorityKeyIdentifier
  • keyid:CA:92:67:52:61:DE:AE:FC:BA:22:2B:7F:1C:87:4C:25:FB:6F:99:58
subjectKeyIdentifier
  • 43:CF:0C:32:24:A1:8F:B2:7D:53:A6:D0:3E:06:86:0F:2A:09:55:68
crlDistributionPoints
  • Full Name:
  • URI:http://cdp.geotrust.com/GeoTrustEVRSACA2018.crl
certificatePolicies
  • Policy: 2.16.840.1.114412.2.1
  • CPS: https://www.digicert.com/CPS
  • Policy: 2.23.140.1.1
authorityInfoAccess
  • OCSP - URI:http://status.geotrust.com
  • CA Issuers - URI:http://cacerts.geotrust.com/GeoTrustEVRSACA2018.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : F6:5C:94:2F:D1:77:30:22:14:54:18:08:30:94:56:8E:
  • E3:4D:13:19:33:BF:DF:0C:2F:20:0B:CC:4E:F1:64:E3
  • Timestamp : Aug 4 09:37:05.713 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:D9:CB:84:C2:E4:EA:E0:E3:BA:7E:3A:
  • FA:CF:35:5E:FB:E3:D4:C4:EB:11:2F:2B:D4:C6:BD:BD:
  • 8F:6F:48:87:B5:02:21:00:D0:E5:9E:68:CB:54:6D:85:
  • 36:C2:40:5D:F7:B3:84:9A:43:1E:14:9A:FC:87:BB:CD:
  • A4:4C:18:5D:B9:96:03:66
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 5C:DC:43:92:FE:E6:AB:45:44:B1:5E:9A:D4:56:E6:10:
  • 37:FB:D5:FA:47:DC:A1:73:94:B2:5E:E6:F6:C7:0E:CA
  • Timestamp : Aug 4 09:37:05.747 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:9E:F3:65:49:DE:F2:A0:B4:3F:A5:3D:
  • AB:FD:60:06:21:61:BF:99:BD:1D:5C:99:A8:B7:EE:3F:
  • 35:AA:B1:D2:0D:02:20:39:D0:31:0C:35:11:12:6D:E6:
  • 3C:81:95:AB:C3:73:8B:1C:DF:F8:56:96:B2:7E:05:0F:
  • 9A:FD:5B:12:8A:83:B2

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx04.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx04.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx03.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx03.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx01.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx01.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid