SSL check results of posteo.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for posteo.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Thu, 09 Jul 2020 09:23:59 +0000

The mailservers of posteo.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @posteo.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx04.posteo.de
185.67.36.64
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
13 s
mx04.posteo.de
185.67.36.71
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
13 s
mx01.posteo.de
185.67.36.62
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
13 s
mx01.posteo.de
185.67.36.61
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
13 s
mx03.posteo.de
185.67.36.70
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
13 s
mx03.posteo.de
185.67.36.63
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
13 s

Outgoing Mails

We have received emails from these servers with @posteo.de sender addresses. Test mail delivery

Host TLS Version & Cipher
mout02.posteo.de (185.67.36.66)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
mout01.posteo.de (185.67.36.65)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

Certificates

First seen at:

CN=mx01.posteo.de,O=Posteo e.K.,L=Berlin,ST=Berlin,C=DE,serialNumber=HRA 47592,jurisdictionL=Berlin,jurisdictionST=Berlin,jurisdictionC=DE,businessCategory=Private Organization

Certificate chain
Subject
Business category
  • Private Organization
jurisdictionC
  • DE
jurisdictionST
  • Berlin
jurisdictionL
  • Berlin
Serial number
  • HRA 47592
Country (C)
  • DE
State (ST)
  • Berlin
Locality (L)
  • Berlin
Organization (O)
  • Posteo e.K.
Common Name (CN)
  • mx01.posteo.de
Alternative Names
  • mx01.posteo.de
  • mx02.posteo.de
  • mx03.posteo.de
  • mx04.posteo.de
Issuer
Country (C)
  • US
Organization (O)
  • DigiCert Inc
Organizational Unit (OU)
  • www.digicert.com
Common Name (CN)
  • GeoTrust EV RSA CA 2018
validity period
Not valid before
2019-09-09
Not valid after
2020-08-27
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
27:11:0C:C8:72:BD:18:D2:44:AA:E0:18:1F:56:52:4D:82:66:25:4C:DC:78:02:CC:EF:72:E9:84:37:5D:19:3C
SHA1
3C:28:C0:52:39:46:D2:3E:05:5E:E8:6B:DE:7C:E3:B9:96:8C:6B:40
X509v3 extensions
authorityKeyIdentifier
  • keyid:CA:92:67:52:61:DE:AE:FC:BA:22:2B:7F:1C:87:4C:25:FB:6F:99:58
subjectKeyIdentifier
  • 61:B4:F1:B6:84:2D:AC:D7:86:D3:C0:71:E9:CB:56:44:4D:C2:C6:41
crlDistributionPoints
  • Full Name:
  • URI:http://cdp.geotrust.com/GeoTrustEVRSACA2018.crl
certificatePolicies
  • Policy: 2.16.840.1.114412.2.1
  • CPS: https://www.digicert.com/CPS
  • Policy: 2.23.140.1.1
authorityInfoAccess
  • OCSP - URI:http://status.geotrust.com
  • CA Issuers - URI:http://cacerts.geotrust.com/GeoTrustEVRSACA2018.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : EE:4B:BD:B7:75:CE:60:BA:E1:42:69:1F:AB:E1:9E:66:
  • A3:0F:7E:5F:B0:72:D8:83:00:C4:7B:89:7A:A8:FD:CB
  • Timestamp : Sep 9 16:21:53.876 2019 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:F9:17:93:EC:CC:85:F3:6B:DF:76:83:
  • 5A:9F:55:57:84:28:DE:98:1D:FA:43:9D:AF:21:57:3B:
  • 98:5A:9B:CB:0C:02:20:2C:4D:C6:7F:71:53:8C:10:4C:
  • 4A:B0:13:53:CF:E4:1B:28:E1:DB:94:32:AA:EA:31:CE:
  • 83:AD:B1:78:94:0E:2D
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 56:14:06:9A:2F:D7:C2:EC:D3:F5:E1:BD:44:B2:3E:C7:
  • 46:76:B9:BC:99:11:5C:C0:EF:94:98:55:D6:89:D0:DD
  • Timestamp : Sep 9 16:21:53.938 2019 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:55:99:92:45:8D:CB:A4:C9:28:CD:BF:C7:
  • D3:EE:37:11:9C:E4:B1:20:06:23:DB:0E:B4:C5:D3:07:
  • 11:12:20:F6:02:20:31:DD:89:C9:08:17:93:5D:4E:0F:
  • B0:13:8E:45:E9:77:2C:95:49:54:17:F6:FD:18:CB:1D:
  • 44:21:4D:89:21:DC

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx04.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx04.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx04.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx04.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx04.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx01.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx01.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx01.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx01.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx01.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx03.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx03.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx03.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx03.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx03.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid