SSL check results of posteo.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for posteo.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Thu, 21 Jun 2018 08:40:45 +0000

The mailservers of posteo.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @posteo.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx01.posteo.de
185.67.36.61
10
supported
posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
11.0 s
mx01.posteo.de
185.67.36.62
10
supported
posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
11.0 s
mx03.posteo.de
185.67.36.63
10
supported
posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
11.0 s
mx04.posteo.de
185.67.36.64
10
supported
posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
11.0 s

Outgoing Mails

We have received emails from these servers with @posteo.de sender addresses. Test mail delivery

Host TLS Version & Cipher
mout01.posteo.de (185.67.36.65)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
mout02.posteo.de (185.67.36.66)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
mout01.posteo.de (185.67.36.141)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

Certificates

First seen at:

posteo.de

Certificate chain
Subject
Business category
  • Private Organization
jurisdictionC
  • DE
jurisdictionST
  • Berlin
Serial number
  • HRA 47592
Country (C)
  • DE
Locality (L)
  • Berlin
Organization (O)
  • Posteo e.K.
Common Name (CN)
  • posteo.de
Alternative Names
  • posteo.de
  • www.posteo.de
  • payment.posteo.de
  • m.posteo.de
  • mx03.posteo.de
  • mx02.posteo.de
  • status.posteo.de
  • api.posteo.de
  • autodiscover.posteo.de
  • cdn.posteo.de
  • lists.posteo.de
  • mx04.posteo.de
  • mx01.posteo.de
Issuer
Country (C)
  • US
Organization (O)
  • DigiCert Inc
Organizational Unit (OU)
  • www.digicert.com
Common Name (CN)
  • GeoTrust EV RSA CA 2018
validity period
Not valid before
2017-12-29
Not valid after
2019-01-22
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
FB:28:42:1E:23:AD:8A:23:8B:AB:C1:ED:FD:86:FD:F5:30:C6:D9:35:E0:E6:D8:91:CD:F3:77:66:05:C5:75:33
SHA1
AC:9D:4C:F6:36:78:FE:D6:EB:5C:CE:F9:DA:CB:69:CE:0A:93:F4:58
X509v3 extensions
authorityKeyIdentifier
  • keyid:CA:92:67:52:61:DE:AE:FC:BA:22:2B:7F:1C:87:4C:25:FB:6F:99:58
subjectKeyIdentifier
  • 99:B9:FB:1D:70:35:A9:98:F8:E3:C4:CE:2A:82:B3:0D:AD:46:05:64
crlDistributionPoints
  • Full Name:
  • URI:http://cdp.geotrust.com/GeoTrustEVRSACA2018.crl
certificatePolicies
  • Policy: 2.16.840.1.114412.2.1
  • CPS: https://www.digicert.com/CPS
  • Policy: 2.23.140.1.1
authorityInfoAccess
  • OCSP - URI:http://status.geotrust.com
  • CA Issuers - URI:http://cacerts.geotrust.com/GeoTrustEVRSACA2018.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1(0)
  • Log ID : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A:
  • 3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10
  • Timestamp : Dec 29 14:26:05.235 2017 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:78:F4:E3:BA:77:67:1B:88:21:2E:60:F7:
  • C0:E4:AE:43:82:8A:3F:66:D7:1C:3F:44:3D:C2:FE:94:
  • 72:6F:65:CA:02:20:4E:61:AE:E0:97:6E:FC:16:12:5C:
  • 71:9A:46:EC:B5:B6:50:A0:18:21:39:7D:34:FF:A2:77:
  • 5F:08:15:0B:D7:1C
  • Signed Certificate Timestamp:
  • Version : v1(0)
  • Log ID : 56:14:06:9A:2F:D7:C2:EC:D3:F5:E1:BD:44:B2:3E:C7:
  • 46:76:B9:BC:99:11:5C:C0:EF:94:98:55:D6:89:D0:DD
  • Timestamp : Dec 29 14:26:05.421 2017 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:67:82:8A:2F:74:8B:55:29:65:1C:23:B2:
  • 31:A7:04:FD:56:36:FC:FE:DF:BA:40:3E:78:2B:13:79:
  • 32:4F:5E:44:02:21:00:9A:A9:4A:4B:9A:BA:3A:6D:14:
  • 45:2F:C8:4D:7E:67:10:C8:0F:FF:D0:09:85:24:82:09:
  • 4D:59:CE:09:63:FF:89
  • Signed Certificate Timestamp:
  • Version : v1(0)
  • Log ID : EE:4B:BD:B7:75:CE:60:BA:E1:42:69:1F:AB:E1:9E:66:
  • A3:0F:7E:5F:B0:72:D8:83:00:C4:7B:89:7A:A8:FD:CB
  • Timestamp : Dec 29 14:26:05.307 2017 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:1F:4E:FE:46:52:1D:FB:43:C4:85:22:94:
  • 39:C7:27:71:C9:13:B0:A0:48:51:F6:14:6C:84:E2:28:
  • 70:08:94:91:02:20:4C:57:0F:AF:53:63:6C:78:1F:ED:
  • FB:E0:23:D5:21:2A:2A:29:D9:74:98:4A:8C:AE:4B:24:
  • 15:1F:DA:91:EC:5F
  • Signed Certificate Timestamp:
  • Version : v1(0)
  • Log ID : BB:D9:DF:BC:1F:8A:71:B5:93:94:23:97:AA:92:7B:47:
  • 38:57:95:0A:AB:52:E8:1A:90:96:64:36:8E:1E:D1:85
  • Timestamp : Dec 29 14:26:05.291 2017 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:92:A2:BD:D4:0B:C8:F5:ED:B7:A4:30:
  • 6E:5F:EB:4C:FB:6D:0F:6F:B8:D9:F9:E8:49:36:E4:75:
  • D2:EE:28:04:6E:02:21:00:CA:4B:B5:2D:F4:AC:7A:8A:
  • 66:DF:4B:3F:49:B2:E7:5B:C1:DE:05:37:61:52:87:00:
  • 9D:E7:8F:1B:99:48:BC:ED

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx01.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx01.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx01.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx03.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx03.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx03.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx04.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx04.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx04.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid