SSL check results of posteo.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for posteo.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Mon, 15 May 2023 13:20:44 +0000

The mailservers of posteo.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @posteo.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx01.posteo.de
185.67.36.61
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
7 s
mx01.posteo.de
185.67.36.62
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
7 s
mx03.posteo.de
185.67.36.70
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
7 s
mx03.posteo.de
185.67.36.63
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
7 s
mx04.posteo.de
185.67.36.64
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
7 s
mx04.posteo.de
185.67.36.71
10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
7 s

Outgoing Mails

We have received emails from these servers with @posteo.de sender addresses. Test mail delivery

Host TLS Version & Cipher
mout01.posteo.de (185.67.36.65)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout02.posteo.de (185.67.36.66)
TLSv1.3 TLS_AES_256_GCM_SHA384

Certificates

First seen at:

CN=mx01.posteo.de,O=Posteo e.K.,L=Berlin,ST=Berlin,C=DE,serialNumber=HRA 47592,businessCategory=Private Organization,jurisdictionL=Charlottenburg,jurisdictionST=Berlin,jurisdictionC=DE

Certificate chain
Subject
jurisdictionC
  • DE
jurisdictionST
  • Berlin
jurisdictionL
  • Charlottenburg
Business category
  • Private Organization
Serial number
  • HRA 47592
Country (C)
  • DE
State (ST)
  • Berlin
Locality (L)
  • Berlin
Organization (O)
  • Posteo e.K.
Common Name (CN)
  • mx01.posteo.de
Alternative Names
  • mx01.posteo.de
  • mx02.posteo.de
  • mx03.posteo.de
  • mx04.posteo.de
  • mxv6.posteo.de
Issuer
Country (C)
  • US
Organization (O)
  • DigiCert Inc
Organizational Unit (OU)
  • www.digicert.com
Common Name (CN)
  • GeoTrust EV RSA CA 2018
validity period
Not valid before
2022-09-07
Not valid after
2023-10-04
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
45:E8:C9:FB:AE:14:48:3B:3D:D6:CD:F6:E5:60:60:38:1D:70:17:0F:59:2B:0F:22:73:C6:CC:5E:1A:74:C2:CD
SHA1
C1:93:2F:F8:36:3B:26:87:CF:D0:00:13:30:5A:7F:2E:AD:4D:D7:B5
X509v3 extensions
authorityKeyIdentifier
  • keyid:CA:92:67:52:61:DE:AE:FC:BA:22:2B:7F:1C:87:4C:25:FB:6F:99:58
subjectKeyIdentifier
  • 53:F9:A5:12:7B:FE:E4:25:93:2A:C6:D3:71:C9:87:95:E3:34:AA:A6
crlDistributionPoints
  • Full Name:
  • URI:http://cdp.geotrust.com/GeoTrustEVRSACA2018.crl
certificatePolicies
  • Policy: 2.16.840.1.114412.2.1
  • Policy: 2.23.140.1.1
  • CPS: http://www.digicert.com/CPS
authorityInfoAccess
  • OCSP - URI:http://status.geotrust.com
  • CA Issuers - URI:http://cacerts.geotrust.com/GeoTrustEVRSACA2018.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
  • 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
  • Timestamp : Sep 7 17:24:45.596 2022 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:81:83:78:51:61:82:09:6E:24:FF:A3:
  • F1:E0:63:A0:A5:BB:82:0E:59:A8:60:D7:BB:E7:2F:98:
  • 0F:56:BD:57:A1:02:20:71:F0:0A:D4:84:7B:99:26:12:
  • 67:FF:01:FC:9F:E8:00:89:AE:17:84:82:02:61:0A:90:
  • 95:EC:59:F5:DB:58:2C
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 35:CF:19:1B:BF:B1:6C:57:BF:0F:AD:4C:6D:42:CB:BB:
  • B6:27:20:26:51:EA:3F:E1:2A:EF:A8:03:C3:3B:D6:4C
  • Timestamp : Sep 7 17:24:45.643 2022 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:F7:BA:B6:2C:5B:D2:6A:0F:D8:2C:AC:
  • 41:E0:61:B0:F4:C1:D6:0C:E9:09:52:51:D6:B9:47:99:
  • 71:1F:E4:D8:19:02:21:00:DA:54:B3:62:69:6E:58:EB:
  • 09:04:92:BF:2C:2B:5B:75:B2:3C:A3:88:34:71:EC:4F:
  • F6:97:2F:10:04:2C:87:33
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : B3:73:77:07:E1:84:50:F8:63:86:D6:05:A9:DC:11:09:
  • 4A:79:2D:B1:67:0C:0B:87:DC:F0:03:0E:79:36:A5:9A
  • Timestamp : Sep 7 17:24:45.704 2022 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:8E:F4:2E:3C:30:6C:8D:BF:E2:ED:E2:
  • 5E:7C:F8:FD:02:B1:99:53:4A:D2:8F:80:4D:13:C6:59:
  • 4F:BD:0D:8E:F1:02:20:6A:9F:ED:CF:AF:C9:00:04:D8:
  • BC:15:0D:CF:48:54:E8:6E:8D:0A:B3:1F:78:11:70:1D:
  • 9A:E0:57:72:98:65:15

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx01.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx01.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx01.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx03.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx03.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx03.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx04.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx04.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx04.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid