SSL check results of websteps.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for websteps.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Sat, 31 Jan 2026 09:13:21 +0000

The mailservers of websteps.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @websteps.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail.postix.email
2a01:4f8:211:1752::2
10
supported
mail.postix.email
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
mail.postix.email
148.251.182.83
10
supported
mail.postix.email
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s

Outgoing Mails

We have not received any emails from a @websteps.de address so far. Test mail delivery

Certificates

First seen at:

CN=mail.postix.email

Certificate chain
  • mail.postix.email
    • remaining
    • 4096 bit
    • sha256WithRSAEncryption

      • R13
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption

          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption

Subject
Common Name (CN)
  • mail.postix.email
Alternative Names
  • autoconfig.postix.email
  • autodiscover.postix.email
  • imap.postix.email
  • mail.postix.email
  • pop3.postix.email
  • smtp.postix.email
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R13
validity period
Not valid before
2025-12-23
Not valid after
2026-03-23
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
36:D5:52:34:91:F7:0D:9A:B7:B2:6B:61:2B:E5:6F:6C:CE:57:87:16:4A:14:8A:2B:35:F2:2D:00:71:A3:52:62
SHA1
47:52:0E:E2:81:29:13:80:91:C0:70:72:8C:89:DC:B7:A5:0D:C4:47
X509v3 extensions
subjectKeyIdentifier
  • EE:F4:97:9F:43:9F:77:20:36:CF:69:22:67:85:83:11:00:4F:B4:E5
authorityKeyIdentifier
  • keyid:E7:AB:9F:0F:2C:33:A0:53:D3:5E:4F:78:C8:B2:84:0E:3B:D6:92:33
authorityInfoAccess
  • CA Issuers - URI:http://r13.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
crlDistributionPoints
  • Full Name:
  • URI:http://r13.c.lencr.org/15.crl
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : D1:6E:A9:A5:68:07:7E:66:35:A0:3F:37:A5:DD:BC:03:
  • A5:3C:41:12:14:D4:88:18:F5:E9:31:B3:23:CB:95:04
  • Timestamp : Dec 23 14:23:47.613 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:83:33:5E:65:D3:41:67:2D:35:F5:82:
  • 97:9E:44:1E:20:4C:D0:33:12:4E:FA:D4:85:1B:3C:80:
  • 3C:5B:11:42:B8:02:20:36:26:30:32:9D:E9:73:96:9F:
  • 31:3A:4B:4F:E2:78:CE:4A:96:B4:B6:D3:3F:95:BE:C2:
  • 67:DD:A6:B7:F2:18:9D
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : A5:C9:78:92:5D:57:46:17:82:87:0D:D8:89:66:0B:5C:
  • 55:64:8B:7D:00:40:F2:EC:07:68:51:D1:88:69:19:F7
  • Timestamp : Dec 23 14:23:47.830 2025 GMT
  • Extensions: 00:00:05:00:2C:8D:49:00
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:62:3A:11:F6:0F:91:04:AA:3D:E5:BC:D0:
  • 5C:44:A0:33:05:8E:5B:A0:30:B1:73:A8:0C:60:0C:5D:
  • 0B:A1:44:F3:02:21:00:8E:AC:12:C5:31:C3:AB:9E:B0:
  • F8:B9:0A:5E:6F:39:54:BB:FF:41:13:5C:5C:0B:F7:74:
  • 08:F1:55:70:72:6D:42

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mail.postix.email
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid