SSL check results of posteo.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for posteo.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Fri, 14 Feb 2025 20:58:04 +0000

No connection to the mailservers of posteo.de could be established.

Servers

Incoming Mails

These servers are responsible for incoming mails to @posteo.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx03.posteo.de
185.67.36.70
Results incomplete
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
6 s
mx03.posteo.de
185.67.36.63
Results incomplete
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
7 s
mx01.posteo.de
185.67.36.61
Results incomplete
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
7 s
mx01.posteo.de
185.67.36.62
Results incomplete
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
7 s
mx04.posteo.de
185.67.36.71
Results incomplete
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
7 s
mx04.posteo.de
185.67.36.64
Results incomplete
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
7 s

Outgoing Mails

We have received emails from these servers with @posteo.de sender addresses. Test mail delivery

Host TLS Version & Cipher
mout01.posteo.de (185.67.36.65)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout02.posteo.de (185.67.36.66)
TLSv1.3 TLS_AES_256_GCM_SHA384

Certificates

First seen at:

CN=mx01.posteo.de,O=Posteo e.K.,L=Berlin,ST=Berlin,C=DE,serialNumber=HRA 47592,businessCategory=Private Organization,jurisdictionL=Charlottenburg,jurisdictionST=Berlin,jurisdictionC=DE

Certificate chain
Subject
jurisdictionC
  • DE
jurisdictionST
  • Berlin
jurisdictionL
  • Charlottenburg
Business category
  • Private Organization
Serial number
  • HRA 47592
Country (C)
  • DE
State (ST)
  • Berlin
Locality (L)
  • Berlin
Organization (O)
  • Posteo e.K.
Common Name (CN)
  • mx01.posteo.de
Alternative Names
  • mx01.posteo.de
  • mx02.posteo.de
  • mx03.posteo.de
  • mx04.posteo.de
  • mxv6.posteo.de
Issuer
Country (C)
  • US
Organization (O)
  • DigiCert Inc
Common Name (CN)
  • GeoTrust EV RSA CA G2
validity period
Not valid before
2024-09-20
Not valid after
2025-10-03
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
BE:24:3B:4A:7D:29:FA:1E:96:CF:72:07:CB:E0:67:A6:EF:AE:1B:50:43:EA:A4:11:B3:31:B3:D5:BA:1F:4B:91
SHA1
D8:AA:38:84:5F:94:42:3A:78:A1:FB:99:29:F7:0D:FC:69:1A:39:3A
X509v3 extensions
authorityKeyIdentifier
  • keyid:28:D2:CF:EE:09:84:75:DD:B5:B2:B5:BF:3C:D5:A0:C6:73:88:5D:1F
subjectKeyIdentifier
  • 76:C4:91:43:84:39:89:EA:B4:60:ED:21:94:0C:F8:26:11:2F:6E:AF
certificatePolicies
  • Policy: 2.16.840.1.114412.2.1
  • Policy: 2.23.140.1.1
  • CPS: http://www.digicert.com/CPS
crlDistributionPoints
  • Full Name:
  • URI:http://crl3.digicert.com/GeoTrustEVRSACAG2.crl
  • Full Name:
  • URI:http://crl4.digicert.com/GeoTrustEVRSACAG2.crl
authorityInfoAccess
  • OCSP - URI:http://ocsp.digicert.com
  • CA Issuers - URI:http://cacerts.digicert.com/GeoTrustEVRSACAG2.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : DD:DC:CA:34:95:D7:E1:16:05:E7:95:32:FA:C7:9F:F8:
  • 3D:1C:50:DF:DB:00:3A:14:12:76:0A:2C:AC:BB:C8:2A
  • Timestamp : Sep 20 19:29:30.967 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:99:37:AB:57:AA:6E:AD:22:1B:58:FE:
  • AA:64:28:FE:56:3C:C1:A3:50:2C:C9:71:8E:AD:B1:98:
  • FB:9B:08:F2:D7:02:20:6C:5A:18:33:F8:08:C3:16:9B:
  • BC:08:06:94:7A:57:1A:E8:53:C9:02:81:93:02:68:1F:
  • 3F:93:2A:41:78:7C:D5
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 7D:59:1E:12:E1:78:2A:7B:1C:61:67:7C:5E:FD:F8:D0:
  • 87:5C:14:A0:4E:95:9E:B9:03:2F:D9:0E:8C:2E:79:B8
  • Timestamp : Sep 20 19:29:30.902 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:C0:60:DB:D4:65:F6:DB:1C:1F:2C:4C:
  • 09:33:9B:BC:23:2C:D1:52:C1:4F:CD:27:F0:0D:65:E3:
  • CE:99:2B:F8:3A:02:21:00:E1:12:DC:07:AE:98:61:52:
  • 9C:A9:18:0A:19:B0:6B:94:B5:24:3F:89:26:2D:BE:CE:
  • 59:6C:C4:49:A7:40:C7:B4
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : E6:D2:31:63:40:77:8C:C1:10:41:06:D7:71:B9:CE:C1:
  • D2:40:F6:96:84:86:FB:BA:87:32:1D:FD:1E:37:8E:50
  • Timestamp : Sep 20 19:29:30.915 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:34:76:01:71:1A:AD:4F:30:6E:B4:42:45:
  • 3F:02:21:C6:4D:CC:25:26:34:E9:F4:C7:16:B5:96:9C:
  • 6C:7C:40:EA:02:20:12:D6:D3:42:F8:8E:99:B1:11:49:
  • 10:8A:59:A6:98:FE:F0:3B:A5:6B:21:53:E4:BC:C8:20:
  • 97:48:E5:EF:F6:D9

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx03.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx03.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx03.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx03.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx01.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx01.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx01.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx01.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx04.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx04.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx04.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx04.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid