spambarrier.de - TLS / STARTTLS Test

Discover if the mail servers for spambarrier.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Wed, 19 Mar 2025 20:27:04 +0000

Certificates

Trustworthy
Protocol

Secure
DANE

Problems found

The mailservers of spambarrier.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @spambarrier.de addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
mail.kundenserver.jetzt 159.69.18.25	5	supported	mail.kundenserver.jetzt	DANE missing PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~	2025-03-19 1 s
mx1.spambarrier.de 78.46.139.117 Results incomplete	10	supported	not checked	DANE errors PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2025-03-19 1 s
mx2.spambarrier.de 5.189.136.147 Results incomplete	20	supported	not checked	DANE errors PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2025-03-19 1 s

Outgoing Mails

We have not received any emails from a @spambarrier.de address so far. Test mail delivery

Certificates

First seen at: 2025-03-19

CN=mail.kundenserver.jetzt

Certificate chain

mail.kundenserver.jetzt
- 2025-05-05 remaining
- 4096 bit
- sha256WithRSAEncryption

Subject

Common Name (CN)

mail.kundenserver.jetzt

Alternative Names

mail.kundenserver.jetzt

Issuer

Country (C)

Organization (O)

Let's Encrypt

Common Name (CN)

validity period

Not valid before: 2025-02-04
Not valid after: 2025-05-05

This certifcate has been verified for the following usages:

Digital Signature
Key Encipherment
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: 61:60:34:AA:7A:30:F2:09:25:27:C4:9D:10:2C:D0:18:F3:5A:47:5C:2F:98:E8:43:8E:A9:80:B3:2B:10:74:F0
SHA1: 1D:D7:1C:63:7F:6A:C5:8A:32:5B:26:58:1F:01:2F:FB:6A:5D:DE:EC

X509v3 extensions

subjectKeyIdentifier

B7:BD:E6:BC:F0:99:5E:E0:3B:46:07:56:7A:08:FC:42:12:2E:1F:7B

authorityKeyIdentifier

keyid:BB:BC:C3:47:A5:E4:BC:A9:C6:C3:A4:72:0C:10:8D:A2:35:E1:C8:E8

authorityInfoAccess

OCSP - URI:http://r10.o.lencr.org
CA Issuers - URI:http://r10.i.lencr.org/

certificatePolicies

Policy: 2.23.140.1.2.1

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : A2:E3:0A:E4:45:EF:BD:AD:9B:7E:38:ED:47:67:77:53:
D7:82:5B:84:94:D7:2B:5E:1B:2C:C4:B9:50:A4:47:E7
Timestamp : Feb 4 21:44:25.927 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:97:C0:4A:60:EB:73:11:CC:74:85:FC:
A9:C1:FD:19:89:F3:72:79:B6:38:35:4A:D0:B4:C9:24:
8D:64:C5:B8:F9:02:20:4C:98:64:0B:07:D3:06:F9:CE:
B8:6B:21:C6:FF:EA:EA:C0:18:34:CF:93:F1:B0:3B:83:
FA:0A:01:1D:01:B6:CF
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : CC:FB:0F:6A:85:71:09:65:FE:95:9B:53:CE:E9:B2:7C:
22:E9:85:5C:0D:97:8D:B6:A9:7E:54:C0:FE:4C:0D:B0
Timestamp : Feb 4 21:44:25.936 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:22:0C:81:2B:43:A5:52:C3:1E:83:AD:F7:
81:B7:72:A9:45:6F:EB:93:10:1B:18:25:6C:70:A7:8C:
E8:4B:94:0F:02:20:66:25:10:07:77:6C:16:5C:81:C3:
81:76:A2:00:7F:FD:2D:19:26:65:EE:5D:3B:9E:88:44:
E7:6F:5A:E0:75:F6

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.mx1.spambarrier.de	DANE-EE: Domain Issued Certificate Use full certificate SHA-256 Hash	valid	—
_25._tcp.mx2.spambarrier.de	DANE-EE: Domain Issued Certificate Use full certificate SHA-256 Hash	valid	—

SSL check results of spambarrier.de