SSL-Tools

SSL check results of posteo.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for posteo.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Tue, 28 Oct 2025 22:22:11 +0000

No connection to the mailservers of posteo.de could be established.

Servers

Incoming Mails

These servers are responsible for incoming mails to @posteo.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx01.posteo.de
185.67.36.62
Results incomplete
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
7 s
mx01.posteo.de
185.67.36.61
Results incomplete
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
7 s
mx03.posteo.de
185.67.36.63
Results incomplete
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
7 s
mx03.posteo.de
185.67.36.70
Results incomplete
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
7 s
mx04.posteo.de
185.67.36.71
Results incomplete
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
7 s
mx04.posteo.de
185.67.36.64
Results incomplete
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
7 s

Outgoing Mails

We have received emails from these servers with @posteo.de sender addresses. Test mail delivery

Host TLS Version & Cipher
mout01.posteo.de (185.67.36.65)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout02.posteo.de (185.67.36.66)
TLSv1.3 TLS_AES_256_GCM_SHA384

Certificates

First seen at:

CN=mx01.posteo.de,O=Posteo e.K.,L=Berlin,ST=Berlin,C=DE,serialNumber=HRA 47592,businessCategory=Private Organization,jurisdictionL=Charlottenburg,jurisdictionST=Berlin,jurisdictionC=DE

Certificate chain
Subject
jurisdictionC
  • DE
jurisdictionST
  • Berlin
jurisdictionL
  • Charlottenburg
Business category
  • Private Organization
Serial number
  • HRA 47592
Country (C)
  • DE
State (ST)
  • Berlin
Locality (L)
  • Berlin
Organization (O)
  • Posteo e.K.
Common Name (CN)
  • mx01.posteo.de
Alternative Names
  • mx01.posteo.de
  • mx02.posteo.de
  • mx03.posteo.de
  • mx04.posteo.de
  • mxv6.posteo.de
Issuer
Country (C)
  • US
Organization (O)
  • DigiCert Inc
Common Name (CN)
  • GeoTrust EV RSA CA G2
validity period
Not valid before
2025-10-02
Not valid after
2026-10-06
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
Fingerprints
SHA256
24:0F:6C:7A:1C:0A:62:9F:4F:F6:97:59:F2:AE:5F:4A:AB:30:E6:B0:E5:5F:A3:1E:D4:65:F9:0C:A4:94:61:D3
SHA1
8A:E8:39:D8:2A:18:A9:1A:A9:71:A3:5B:52:40:4B:F6:48:BE:FA:00
X509v3 extensions
authorityKeyIdentifier
  • keyid:28:D2:CF:EE:09:84:75:DD:B5:B2:B5:BF:3C:D5:A0:C6:73:88:5D:1F
subjectKeyIdentifier
  • D8:28:32:D9:03:A7:98:85:CE:71:74:1C:75:CF:A1:4D:FB:83:FE:B9
certificatePolicies
  • Policy: 2.16.840.1.114412.2.1
  • Policy: 2.23.140.1.1
  • CPS: http://www.digicert.com/CPS
crlDistributionPoints
  • Full Name:
  • URI:http://crl3.digicert.com/GeoTrustEVRSACAG2.crl
  • Full Name:
  • URI:http://crl4.digicert.com/GeoTrustEVRSACAG2.crl
authorityInfoAccess
  • OCSP - URI:http://ocsp.digicert.com
  • CA Issuers - URI:http://cacerts.digicert.com/GeoTrustEVRSACAG2.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : D7:6D:7D:10:D1:A7:F5:77:C2:C7:E9:5F:D7:00:BF:F9:
  • 82:C9:33:5A:65:E1:D0:B3:01:73:17:C0:C8:C5:69:77
  • Timestamp : Oct 2 06:52:07.966 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:18:45:16:D3:2E:F4:32:0A:90:9C:DB:DC:
  • 40:29:83:CD:B7:3C:E6:1E:9F:74:D9:83:FF:0B:5E:8D:
  • E5:59:AA:CE:02:21:00:A6:4B:E2:D8:C8:22:4A:69:2F:
  • 07:61:53:B1:B0:AE:69:65:70:0C:7B:1C:E3:53:E8:EC:
  • 41:98:4B:DD:98:35:5B
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : C2:31:7E:57:45:19:A3:45:EE:7F:38:DE:B2:90:41:EB:
  • C7:C2:21:5A:22:BF:7F:D5:B5:AD:76:9A:D9:0E:52:CD
  • Timestamp : Oct 2 06:52:08.012 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:7D:8B:4D:0A:72:B0:AA:F9:1A:DF:60:B7:
  • 15:64:5C:82:53:25:1D:D1:F1:18:FA:D9:EE:BC:3B:10:
  • 2F:0E:8A:DD:02:20:0C:65:3F:AC:91:04:2F:5B:05:74:
  • A3:D2:B9:65:59:92:D4:13:6D:23:7B:D8:CC:F5:09:DC:
  • 57:C6:96:E2:11:B8
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 94:4E:43:87:FA:EC:C1:EF:81:F3:19:24:26:A8:18:65:
  • 01:C7:D3:5F:38:02:01:3F:72:67:7D:55:37:2E:19:D8
  • Timestamp : Oct 2 06:52:08.033 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:73:15:AB:F6:CD:B9:EF:87:E0:94:71:84:
  • 4E:C1:94:8D:56:B3:2A:A0:9A:2C:E6:46:13:B0:35:C1:
  • 3E:1A:3A:E6:02:21:00:84:26:94:23:11:36:06:FD:AE:
  • E7:97:30:D1:97:F9:3C:7B:51:CD:A9:66:E6:5A:05:12:
  • BA:6F:58:20:A2:FF:E9

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx01.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx01.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx01.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx01.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx01.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx03.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx03.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx03.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx03.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx03.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx04.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx04.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx04.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx04.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx04.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid