SSL check results of posteo.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for posteo.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Wed, 27 Mar 2024 09:52:53 +0000

No connection to the mailservers of posteo.de could be established.

Servers

Incoming Mails

These servers are responsible for incoming mails to @posteo.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx01.posteo.de
185.67.36.62
Results incomplete
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
7 s
mx01.posteo.de
185.67.36.61
Results incomplete
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
7 s
mx03.posteo.de
185.67.36.63
Results incomplete
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
7 s
mx03.posteo.de
185.67.36.70
Results incomplete
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
7 s
mx04.posteo.de
185.67.36.64
Results incomplete
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
7 s
mx04.posteo.de
185.67.36.71
Results incomplete
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
7 s

Outgoing Mails

We have received emails from these servers with @posteo.de sender addresses. Test mail delivery

Host TLS Version & Cipher
mout01.posteo.de (185.67.36.65)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout02.posteo.de (185.67.36.66)
TLSv1.3 TLS_AES_256_GCM_SHA384

Certificates

First seen at:

CN=mx01.posteo.de,O=Posteo e.K.,L=Berlin,ST=Berlin,C=DE,serialNumber=HRA 47592,businessCategory=Private organization,jurisdictionL=Charlottenburg,jurisdictionST=Berlin,jurisdictionC=DE

Certificate chain
Subject
jurisdictionC
  • DE
jurisdictionST
  • Berlin
jurisdictionL
  • Charlottenburg
Business category
  • Private organization
Serial number
  • HRA 47592
Country (C)
  • DE
State (ST)
  • Berlin
Locality (L)
  • Berlin
Organization (O)
  • Posteo e.K.
Common Name (CN)
  • mx01.posteo.de
Alternative Names
  • mx01.posteo.de
  • mx02.posteo.de
  • mx03.posteo.de
  • mx04.posteo.de
  • mxv6.posteo.de
Issuer
Country (C)
  • US
Organization (O)
  • DigiCert Inc
Common Name (CN)
  • GeoTrust EV RSA CA G2
validity period
Not valid before
2023-09-27
Not valid after
2024-10-03
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
21:61:64:FE:35:32:FB:A0:B9:6D:39:34:7D:D3:A2:66:75:0D:DE:06:A3:1F:E0:B7:36:CE:72:6C:E1:4D:C5:B1
SHA1
09:BC:E4:E6:6C:45:7E:B0:06:96:69:DA:40:01:67:FE:D6:E1:32:96
X509v3 extensions
authorityKeyIdentifier
  • keyid:28:D2:CF:EE:09:84:75:DD:B5:B2:B5:BF:3C:D5:A0:C6:73:88:5D:1F
subjectKeyIdentifier
  • 35:14:E2:53:97:9B:D2:DD:97:3D:BB:A0:F1:5A:A6:AE:04:59:7B:40
certificatePolicies
  • Policy: 2.16.840.1.114412.2.1
  • Policy: 2.23.140.1.1
  • CPS: http://www.digicert.com/CPS
crlDistributionPoints
  • Full Name:
  • URI:http://crl3.digicert.com/GeoTrustEVRSACAG2.crl
  • Full Name:
  • URI:http://crl4.digicert.com/GeoTrustEVRSACAG2.crl
authorityInfoAccess
  • OCSP - URI:http://ocsp.digicert.com
  • CA Issuers - URI:http://cacerts.digicert.com/GeoTrustEVRSACAG2.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
  • 32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
  • Timestamp : Sep 27 18:32:49.414 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:39:39:C8:90:AF:70:AA:BA:80:E7:0D:59:
  • E5:19:8C:19:9E:BA:0E:71:3D:37:F9:AD:E4:E1:96:E0:
  • 52:B7:5C:2F:02:21:00:8C:AD:9C:39:C8:9F:F7:C1:C6:
  • 20:CF:6E:10:84:18:46:DB:1B:47:8F:45:A6:D3:22:13:
  • B6:3B:65:0F:19:9F:A1
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
  • 1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
  • Timestamp : Sep 27 18:32:49.405 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:B7:B4:66:2E:23:8A:82:64:1B:C3:02:
  • 82:34:6D:6D:84:12:2F:EB:89:53:01:D0:F4:2E:3F:93:
  • 5D:60:E1:B9:5F:02:21:00:B1:8D:19:D5:9E:0E:31:1D:
  • C8:38:37:AF:1A:54:24:DD:08:1E:E2:47:9E:92:06:93:
  • 75:58:F8:49:9E:2A:66:9A
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : DA:B6:BF:6B:3F:B5:B6:22:9F:9B:C2:BB:5C:6B:E8:70:
  • 91:71:6C:BB:51:84:85:34:BD:A4:3D:30:48:D7:FB:AB
  • Timestamp : Sep 27 18:32:49.341 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:BB:6F:18:6F:C7:21:7E:FC:A3:BD:E2:
  • 07:51:2E:38:63:A8:B9:A0:DE:13:2A:B7:E2:6C:E9:9C:
  • 51:7A:7B:27:08:02:21:00:DC:C9:AE:84:25:E6:4A:35:
  • B3:99:38:7E:FB:0A:03:1F:E8:29:AE:97:50:0E:55:70:
  • 58:BE:BE:FB:9F:6C:B6:38

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx01.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx01.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx03.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx03.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx04.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid