sky-networks.de - TLS / STARTTLS Test

Discover if the mail servers for sky-networks.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Wed, 19 Feb 2025 00:29:26 +0000

Certificates

Trustworthy
Protocol

Secure
DANE

Problems found

The mailservers of sky-networks.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @sky-networks.de addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
mail.snmx.de 2a01:4f8:c2c:24f1::1	10	supported	mail.snmx.de	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2025-02-19 5 s
mail.snmx.de 49.12.236.122	10	supported	mail.snmx.de	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2025-02-19 4 s

Outgoing Mails

We have received emails from these servers with @sky-networks.de sender addresses. Test mail delivery

Host	TLS Version & Cipher
caesium.selfhost.de (185.26.156.237)	TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256	2021-03-27

Certificates

First seen at: 2025-02-19

CN=mail.snmx.de

Certificate chain

mail.snmx.de
- 2025-05-18 remaining
- 4096 bit
- sha256WithRSAEncryption

Subject

Common Name (CN)

mail.snmx.de

Alternative Names

autoconfig.sky-networks.de
autoconfig.snmx.de
autodiscover.sky-networks.de
autodiscover.snmx.de
imap.sky-networks.de
imap.snmx.de
mail.snmx.de
mta-sts.sky-networks.de
mta-sts.snmx.de
pop3.sky-networks.de
pop3.snmx.de
smtp.sky-networks.de
smtp.snmx.de
webmail.sky-networks.de
webmail.snmx.de

Issuer

Country (C)

Organization (O)

Let's Encrypt

Common Name (CN)

validity period

Not valid before: 2025-02-17
Not valid after: 2025-05-18

This certifcate has been verified for the following usages:

Digital Signature
Key Encipherment
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: 0C:6E:BF:A9:62:63:F9:0F:C2:6B:26:13:9A:1A:44:F2:AD:BF:D9:0C:43:2D:3E:3F:1B:A7:84:8E:80:0D:EE:6B
SHA1: 39:3B:7E:12:07:93:8C:37:1C:62:13:77:4C:D9:37:23:58:BB:D2:D3

X509v3 extensions

subjectKeyIdentifier

DC:0C:CF:C1:2C:66:5E:66:DF:F5:07:06:76:9D:A9:DB:B2:AC:E1:3C

authorityKeyIdentifier

keyid:BB:BC:C3:47:A5:E4:BC:A9:C6:C3:A4:72:0C:10:8D:A2:35:E1:C8:E8

authorityInfoAccess

OCSP - URI:http://r10.o.lencr.org
CA Issuers - URI:http://r10.i.lencr.org/

certificatePolicies

Policy: 2.23.140.1.2.1

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : CF:11:56:EE:D5:2E:7C:AF:F3:87:5B:D9:69:2E:9B:E9:
1A:71:67:4A:B0:17:EC:AC:01:D2:5B:77:CE:CC:3B:08
Timestamp : Feb 17 14:50:18.168 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:91:64:52:FF:01:9E:7C:F3:FD:4D:42:
21:6E:44:5D:B0:E3:95:9A:8E:7A:03:57:4D:11:29:54:
DE:11:16:D1:17:02:20:07:DC:31:8B:38:48:B1:C1:69:
D4:69:61:33:24:4F:2B:B0:BE:01:38:EF:F8:69:63:9F:
04:88:6B:4F:29:BF:4B
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E0:92:B3:FC:0C:1D:C8:E7:68:36:1F:DE:61:B9:96:4D:
0A:52:78:19:8A:72:D6:72:C4:B0:4D:A5:6D:6F:54:04
Timestamp : Feb 17 14:50:18.279 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:29:0E:70:5E:21:E1:70:45:1E:26:44:A9:
81:9D:C0:86:D1:E4:03:C5:95:D1:5E:66:DA:A0:03:66:
7F:FF:E1:5E:02:20:0C:19:3D:13:30:4F:97:9D:FE:6F:
61:59:F5:FC:93:E5:99:40:DF:BA:1C:90:F0:FF:C7:F8:
2B:1C:A8:77:59:30

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.mail.snmx.de	DANE-EE: Domain Issued Certificate Use subject public key SHA-256 Hash	error Debug	valid

SSL check results of sky-networks.de