{"id":18969,"date":"2026-04-12T15:05:59","date_gmt":"2026-04-12T13:05:59","guid":{"rendered":"https:\/\/webhosting.de\/blog-mailserver-tls-konfiguration-cipher-auswahl-optimierung-server\/"},"modified":"2026-04-12T15:05:59","modified_gmt":"2026-04-12T13:05:59","slug":"blog-mailserver-tls-configuration-cipher-selection-optimization-server","status":"publish","type":"post","link":"https:\/\/webhosting.de\/en\/blog-mailserver-tls-konfiguration-cipher-auswahl-optimierung-server\/","title":{"rendered":"Mail server TLS configuration and cipher selection: Ultimate Guide"},"content":{"rendered":"<p>I'll show you how to <strong>Mail server TLS<\/strong> in Postfix and select strong cipher suites so that SMTP connections are consistently protected. Based on proven parameters for TLS 1.2\/1.3, DANE, MTA-STS and modern key pairs, I will guide you step by step through configuration, testing and tuning so that your <strong>mail security<\/strong> grips cleanly.<\/p>\n\n<h2>Key points<\/h2>\n\n<ul>\n  <li><strong>Postfix<\/strong> Configure securely: Activate TLS, restrict protocols, set logging.<\/li>\n  <li><strong>Cipher<\/strong> prioritize: ECDHE + GCM\/CHACHA20, enforce PFS, block legacy data.<\/li>\n  <li><strong>Certificates<\/strong> keep clean: RSA+ECDSA, full chain, strong curves.<\/li>\n  <li><strong>DANE\/MTA-STS<\/strong> use: Anchoring guidelines and reducing downgrade risks.<\/li>\n  <li><strong>Tests<\/strong> and monitoring: Check OpenSSL, TLS scanner, MTA logs regularly.<\/li>\n<\/ul>\n\n\n<figure class=\"wp-block-image size-full is-resized\">\n  <img fetchpriority=\"high\" decoding=\"async\" src=\"https:\/\/webhosting.de\/wp-content\/uploads\/2026\/04\/mailserver-konfiguration-4721.png\" alt=\"\" width=\"1536\" height=\"1024\"\/>\n<\/figure>\n\n\n<h2>SMTP via TLS: what is really secured<\/h2>\n\n<p>I secure SMTP with <strong>STARTTLS<\/strong>, so that e-mail transport does not take place in plain text. Opportunistic TLS via <strong>smtpd_tls_security_level = may<\/strong> ensures that incoming connections use encryption as soon as the remote station offers it. For outgoing deliveries, I use <strong>smtp_tls_security_level = dane<\/strong> DNSSEC-supported policy checks to make downgrade attacks more difficult. Without TLS, emails could be read and manipulated in transit, which is particularly dangerous for forms, orders or account data. With TLS active throughout, I significantly reduce the risk of eavesdropping and MITM, and I achieve better delivery rates because large providers rate secure connections positively.<\/p>\n\n<h2>Keys, certificates and protocols in Postfix<\/h2>\n\n<p>I have two certificates ready: one <strong>RSA<\/strong>-certificate and an ECDSA certificate so that old and new MTAs are optimally connected. I set the paths in Postfix clearly, for example <strong>smtpd_tls_cert_file<\/strong> for RSA and <strong>smtpd_tls_eccert_file<\/strong> for ECDSA, each with a matching key. For clean authentication, I pay attention to the complete chain, a CN\/SAN that matches the host exactly, and a curve like <strong>secp384r1<\/strong> for the ECDSA key. I strictly deactivate older protocols, i.e. SSLv2 and SSLv3, to prevent forced downgrades. If you are weighing up the type of certificate, a quick look at <a href=\"https:\/\/webhosting.de\/en\/tls-certificates-dv-ov-ev-hosting-security-comparison\/\">DV, OV or EV<\/a>, so that you choose the right level of confidence.<\/p>\n\n\n<figure class=\"wp-block-image size-full is-resized\">\n  <img decoding=\"async\" src=\"https:\/\/webhosting.de\/wp-content\/uploads\/2026\/04\/tls_configuration_guide_4928.png\" alt=\"\" width=\"1536\" height=\"1024\"\/>\n<\/figure>\n\n\n<h2>Cipher selection: Priorities for TLS 1.2\/1.3<\/h2>\n\n<p>I prioritize cipher suites with <strong>PFS<\/strong>, i.e. ECDHE before DHE, and use GCM or CHACHA20-POLY1305. Under TLS 1.3, the stack relieves you of many legacy tasks, while TLS 1.2 still requires a clear list. Insecure or weak suites like <strong>RC4<\/strong>, I delete 3DES, CAMELLIA, aNULL, eNULL. For Postfix I use <strong>smtpd_tls_ciphers = high<\/strong> and a restrictive <em>tls_high_cipherlist<\/em>, so that no outdated algorithms slip through. If you go deeper, the <a href=\"https:\/\/webhosting.de\/en\/tls-cipher-suites-hosting-security-serverboost\/\">Cipher Suites Guide<\/a> an easy-to-understand classification without ballast.<\/p>\n\n<table>\n  <thead>\n    <tr>\n      <th>TLS version<\/th>\n      <th>Preferred cipher suites<\/th>\n      <th>Status<\/th>\n      <th>Note<\/th>\n    <\/tr>\n  <\/thead>\n  <tbody>\n    <tr>\n      <td><strong>TLS 1.3<\/strong><\/td>\n      <td>TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_GCM_SHA256<\/td>\n      <td>active<\/td>\n      <td>Selection firmly in the protocol, no more legacy issues.<\/td>\n    <\/tr>\n    <tr>\n      <td><strong>TLS 1.2<\/strong><\/td>\n      <td>ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-ECDSA-CHACHA20-POLY1305<\/td>\n      <td>active<\/td>\n      <td>Prioritize PFS, prefer GCM\/CHACHA.<\/td>\n    <\/tr>\n    <tr>\n      <td><strong>Obsolete<\/strong><\/td>\n      <td>RC4, 3DES, CAMELLIA, AES128-SHA, aNULL\/eNULL<\/td>\n      <td>locked<\/td>\n      <td>Deactivate completely for security reasons.<\/td>\n    <\/tr>\n  <\/tbody>\n<\/table>\n\n<h2>Postfix: concrete parameters for main.cf<\/h2>\n\n<p>I set a clear configuration so that the MTA speaks securely both inbound and outbound. For ephemeral ECDH, I use <strong>smtpd_tls_eecdh_grade<\/strong> the curve quality and I deactivate compression to avoid CRIME-like attacks. A strong DH file with 4096 bits prevents weak DHE negotiations. I place hard restrictions on protocols and enforce high cipher quality, preferring to use TLS 1.3. At the start, a moderate log level helps me to check handshakes without flooding the journal.<\/p>\n\n<pre><code># Activation and policy\nsmtpd_tls_security_level = may\nsmtp_tls_security_level = dane\n\n# Certificates (example paths)\nsmtpd_tls_cert_file = \/etc\/ssl\/certs\/mail.example.de.cer\nsmtpd_tls_key_file = \/etc\/ssl\/private\/mail.example.de.key\nsmtpd_tls_eccert_file = \/etc\/ssl\/certs\/mail.example.de_ecc.cer\nsmtpd_tls_eckey_file = \/etc\/ssl\/private\/mail.example.de_ecc.key\n\n# protocols and ciphers\nsmtpd_tls_protocols = !SSLv2, !SSLv3\nsmtpd_tls_mandatory_protocols = !SSLv2, !SSLv3\nsmtpd_tls_ciphers = high\ntls_high_cipherlist = !aNULL:!eNULL:!RC4:!3DES:!CAMELLIA:HIGH:@STRENGTH\ntls_ssl_options = NO_COMPRESSION\nsmtpd_tls_eecdh_grade = ultra\n\n# DH parameters\nsmtpd_tls_dh1024_param_file = \/etc\/postfix\/dh_4096.pem\n\n# DNSSEC\/DANE (if available)\nsmtp_dns_support_level = dnssec\n\n# Logging\nsmtpd_tls_loglevel = 1\n<\/code><\/pre>\n\n<p>I keep the certificate chain complete, pay attention to correct rights for <strong>private<\/strong> key files and check the logs after the reload. If TLS 1.2 is required for legacy partners, I stick strictly to GCM\/CHACHA and block everything else. For TLS 1.3, I rely on the standards of the stack and avoid special paths that make maintenance more difficult. OCSP stapling only plays a role with SMTP if an upstream proxy provides it, so I only check this for corresponding setups. After every change, I validate with OpenSSL to detect side effects early on and to check the <strong>email encryption<\/strong> consistent.<\/p>\n\n\n<figure class=\"wp-block-image size-full is-resized\">\n  <img decoding=\"async\" src=\"https:\/\/webhosting.de\/wp-content\/uploads\/2026\/04\/mailserver-tls-guide-cipher-tips-6954.png\" alt=\"\" width=\"1536\" height=\"1024\"\/>\n<\/figure>\n\n\n<h2>Transport authenticity with DANE, MTA-STS, SPF, DKIM and DMARC<\/h2>\n\n<p>I combine TLS with <strong>DANE<\/strong>, by publishing signed TLSA records under DNSSEC. In addition, I set MTA-STS so that remote peers know that my host requires TLS and which MX they should adhere to. For identity binding, I sign outgoing mails with <strong>DKIM<\/strong> and secure domain delivery via SPF rules. Finally, DMARC defines how recipients should deal with deviations, which makes spoofing much more difficult. These components work together: TLS protects the transport, while authentication strengthens the sender and noticeably increases the delivery rate.<\/p>\n\n<p>If performance is a bottleneck, I optimize session resumption, hardware features and the handshake itself. You can get started with practical tricks with <a href=\"https:\/\/webhosting.de\/en\/optimize-tls-handshake-performance-with-quicboost\/\">TLS handshake faster<\/a>, to reduce the latency when establishing a connection. Important: I keep cipher selection and resumption in balance, because weak compromises do not pay off in terms of security. Especially with high mail volumes, fast TLS negotiation brings significant savings. This way <strong>Throughput<\/strong> and security in balance.<\/p>\n\n<h2>Testing, monitoring and audits<\/h2>\n\n<p>I check handshakes locally with <strong>openssl<\/strong> and check the protocol version, cipher and certificate chain. The command <em>openssl s_client -connect mail.example.de:25 -starttls smtp<\/em> shows me live what the remote server is negotiating. After configuration changes, I use <em>postfix check<\/em> and look specifically at <strong>smtpd_tls_loglevel<\/strong>, to isolate error patterns. External TLS scanners help to classify public visibility, especially after certificate changes. A regular audit cycle protects against creeping deterioration, for example if a library change affects cipher priorities.<\/p>\n\n\n<figure class=\"wp-block-image size-full is-resized\">\n  <img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/webhosting.de\/wp-content\/uploads\/2026\/04\/mailserver_tls_guide_nacht_4523.png\" alt=\"\" width=\"1536\" height=\"1024\"\/>\n<\/figure>\n\n\n<h2>Frequent misconfigurations and quick fixes<\/h2>\n\n<p>I often see outdated ciphers like <strong>AES128-SHA<\/strong>, which are still active and prevent PFS. A strict cipher string and the clear blocking of LOW\/MD5\/RC4\/3DES helps here. Second pattern: missing intermediate certificates, which prevents remote stations from verifying the chain; I add the bundle file and test again. On appliances such as a Synology, I set the TLS profile to modern and remove legacy options so that the SMTP server speaks modern. With Microsoft Exchange, I specifically check TLS 1.2\/1.3 policies, certificate assignment per connector and any cipher overrides in the host configuration so that the <strong>Handshake<\/strong>-selection is right.<\/p>\n\n<h2>Preview: TLS 1.3, 0-RTT and Post-Quantum<\/h2>\n\n<p>I prefer TLS 1.3 because the handshake is shorter and old options are eliminated, which reduces attack surfaces. The selection of the <strong>cipher<\/strong> is clearly limited there, and modern stacks provide good defaults. I do not use 0-RTT in the SMTP context, as replay attacks bring unnecessary risks here. For the future, I am keeping an eye on hybrid post-quantum procedures, which could find their way into the mail environment as soon as standardization and support mature. It remains important that I set up policies and monitoring in such a way that new procedures can be integrated later without disruption.<\/p>\n\n\n<figure class=\"wp-block-image size-full is-resized\">\n  <img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/webhosting.de\/wp-content\/uploads\/2026\/04\/mailserver_tls_guide_7492.png\" alt=\"\" width=\"1536\" height=\"1024\"\/>\n<\/figure>\n\n\n<h2>Performance and delivery rate at a glance<\/h2>\n\n<p>I measure the <strong>Latency<\/strong> of the TLS handshake and optimize caches to enable reuse. Session resumption (tickets\/IDs) reduces the computing load and speeds up recurring connections between MTAs. For certificate revocation, I rely on stackable information at the upstream proxy, if available, to save additional accesses. Large recipients rate secure transports positively, which increases the delivery rate, while insecure paths increase the risk of spam and rejection. With a clear TLS policy, solid DNS entries and a clean signature chain, I create a reliable basis for <strong>Deliverability<\/strong>.<\/p>\n\n<h2>My setup schedule<\/h2>\n\n<p>I start by obtaining the certificate from a trustworthy CA, generate ECDSA and RSA and store both cleanly on the host. Then I customize the <strong>main.cf<\/strong> with the TLS parameters, set strong ciphers and deactivate old protocols. A fresh DH file with 4096 bits is added, followed by a reload and the first OpenSSL checks. I then set up DANE, add MTA-STS and verify SPF\/DKIM\/DMARC for validity. Finally, I run tests against external targets, check logs during operation and schedule regular audits so that the <strong>Configuration<\/strong> remains secure in the long term.<\/p>\n\n\n<figure class=\"wp-block-image size-full is-resized\">\n  <img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/webhosting.de\/wp-content\/uploads\/2026\/04\/tls-einstellungen-leitfaden-8421.png\" alt=\"\" width=\"1536\" height=\"1024\"\/>\n<\/figure>\n\n\n<h2>Missing modules: Submission, SMTPS and SNI<\/h2>\n\n<p>I not only secure port 25, but also submission (587) and optionally SMTPS (465). For submission, I enforce encryption and authentication so that user passwords are never sent in plain text. In <em>master.cf<\/em> I activate the services and set targeted overrides:<\/p>\n\n<pre><code># submission (port 587) with STARTTLS and auth obligation\nsubmission inet n - y - - smtpd\n  -o syslog_name=postfix\/submission\n  -o smtpd_tls_security_level=encrypt\n  -o smtpd_tls_auth_only=yes\n  -o smtpd_sasl_auth_enable=yes\n  -o milter_macro_daemon_name=ORIGINATING\n\n# SMTPS (port 465) as wrapper mode, if required\nsmtps inet n - y - - smtpd\n  -o syslog_name=postfix\/smtps\n  -o smtpd_tls_wrappermode=yes\n  -o smtpd_sasl_auth_enable=yes\n  -o milter_macro_daemon_name=ORIGINATING\n<\/code><\/pre>\n\n<p>If I serve several mail domains on one host with my own certificates, I use <strong>SNI<\/strong>. I use an SNI map to assign the appropriate certificate path for each target host and ensure that MUA clients also see the correct certificate. This is how I ensure client separation with consistent TLS identity.<\/p>\n\n<h2>Per-domain policies: fine-grained control<\/h2>\n\n<p>In addition to the global policy, I also manage <strong>smtp_tls_policy_maps<\/strong> Exceptions and tightening per recipient domain. This allows me to gradually migrate legacy partners or enforce particularly strict requirements for sensitive targets.<\/p>\n\n<pre><code># main.cf\nsmtp_tls_policy_maps = hash:\/etc\/postfix\/tls_policy\n\n# \/etc\/postfix\/tls_policy (example entries)\nexample.org dane-only\nlegacy.example.net may\nsecure.example.com secure\n<\/code><\/pre>\n\n<p><em>dane-only<\/em> enforces DANE protection without CA dependency, <em>secure<\/em> requires a valid CA chain and refuses plain text delivery, <em>may<\/em> remains opportunistic. After changes, I build the map with <em>postmap<\/em> and reload Postfix.<\/p>\n\n<h2>DANE and MTA-STS: concrete implementation<\/h2>\n\n<p>For <strong>DANE<\/strong> I publish TLSA records under DNSSEC. I prefer to use DANE-EE (3 1 1) because it allows pinning to the public key and facilitates certificate changes with the same key. An exemplary TLSA record under <em>_25._tcp.mail.example.de<\/em> looks like this:<\/p>\n\n<pre><code>_25._tcp.mail.example.de. IN TLSA 3 1 1\n<\/code><\/pre>\n\n<p>I generate the hash from the ECDSA or RSA certificate and make sure to rotate it before it expires. It is important that the DNS zone is signed and that the chain of delegations is validated without gaps.<\/p>\n\n<p>For <strong>MTA-STS<\/strong> I host the policy file via HTTPS and add the TXT DNS entry. This way, I specify that remote peers speak TLS and are only accepted with a defined MX. A minimalist policy file:<\/p>\n\n<pre><code>version: STSv1\nmode: enforce\nmx: mail.example.de\nmax_age: 604800\n<\/code><\/pre>\n\n<p>A TXT entry is added in the DNS under <em>_mta-sts.example.de<\/em> with the current version. Optionally I set up <em>TLS-RPT<\/em> via TXT under <em>_smtp._tls.example.de<\/em> to receive reports on policy violations. This telemetry helps me to detect failures, downgrades and faulty certificates at an early stage.<\/p>\n\n<h2>Tighten protocols, specify cipher<\/h2>\n\n<p>I tighten protocol limits and enforce server preference. TLS 1.0\/1.1 are dispensable today; I only allow TLS 1.2 and 1.3 in depth and on an outgoing basis. For TLS 1.2, I define an explicit positive list to exclude mixed stocks of old ciphers:<\/p>\n\n<pre><code># Additional hardening (main.cf)\nsmtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1\nsmtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1\nsmtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1\nsmtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1\n\n# Explicit TLS 1.2 cipher list (PFS + AEAD only)\ntls_high_cipherlist = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:!aNULL:!eNULL:!MD5:!RC4:!3DES:!CAMELLIA\n\n# Use server preference\ntls_preempt_cipherlist = yes\n<\/code><\/pre>\n\n<p>I make sure that ECDHE is preferred and DHE is only a fallback. I keep my DH file up to date; under TLS 1.3 it doesn't play a role, but it is still useful for rare DHE actions.<\/p>\n\n<h2>Session resumption and caches<\/h2>\n\n<p>To speed things up, I activate session caches for the client and server to make reconnections cheaper. CPU load and latency are noticeably reduced, especially with high mail throughput:<\/p>\n\n<pre><code># Session cache (main.cf)\nsmtpd_tls_session_cache_database = btree:\/var\/lib\/postfix\/smtpd_scache\nsmtp_tls_session_cache_database = btree:\/var\/lib\/postfix\/smtp_scache\nsmtp_tls_connection_reuse = yes\n<\/code><\/pre>\n\n<p>I monitor the hit rate in the logs and make sure that none are too short. <em>ticket_lifetimes<\/em> in the TLS library to slow down resumption. Important: Resumption must not weaken the policy; I stick to the same cipher requirements.<\/p>\n\n<h2>Certified company: Rotation and chain maintenance<\/h2>\n\n<p>I automate the renewal and reload of the MTA so that no expired certificates end up in operation. After each renewal, I check whether the leaf and intermediate certificates are completely in the bundle. For ECDSA\/RSA dual operation, I make sure that both pairs rotate before a mass change causes problems for clients. I test the SNI path and submission separately because MUAs can show different error patterns than MTAs.<\/p>\n\n<h2>Deepen logging and diagnostics<\/h2>\n\n<p>I temporarily increase the log depth when a problem occurs and use on-board tools for cross-checks:<\/p>\n\n<pre><code># targeted logging (main.cf)\nsmtp_tls_loglevel = 1\nsmtp_tls_note_starttls_offer = yes\n<\/code><\/pre>\n\n<p>With <em>posttls-finger target.example.com<\/em> I check which policy a remote MTA expects and which ciphers\/protocols are negotiated. I use <em>postconf -n | grep tls<\/em>, to see only explicitly set TLS parameters; I can find deviations from defaults more quickly this way. In the logs, I search for terms such as <em>no shared cipher<\/em>, <em>certificate verify failed<\/em> or <em>protocol version<\/em>, that directly indicate cipher mismatch, chain problems or protocol limits that are too strict\/too lax.<\/p>\n\n<h2>Managing compatibility without sacrificing security<\/h2>\n\n<p>I plan transitions consciously: I stay in-depth with <em>may<\/em>, to avoid losing mails from legacy servers across the board, but log plain text deliveries. Outgoing I remain strict (DANE\/MTA-STS\/secure) and use <em>smtp_tls_policy_maps<\/em> for individual cases. If individual partners can only manage TLS 1.2 with AES-GCM, that is acceptable; I manage everything below that via agreed exceptions with a limited runtime, document them and include them in the migration planning. This keeps the overall level high without blocking business operations.<\/p>\n\n<h2>TLS defaults of the system at a glance<\/h2>\n\n<p>Note that Postfix uses the system's TLS library. Updates to OpenSSL\/LibreSSL can change cipher priorities and TLS 1.3 behavior. After system updates, I therefore randomly check handshakes and compare output from <em>postconf -n<\/em> with my target values. A set <em>compatibility_level<\/em> in Postfix helps to maintain stable defaults, but I do not blindly rely on it and document explicit deviations in main.cf\/master.cf.<\/p>\n\n<h2>Quick summary for administrators<\/h2>\n\n<p>I would like to emphasize that strong ciphers with PFS, clean certificates and clear policies are essential for <strong>SMTP<\/strong> crucial. TLS 1.3 relieves you of legacy issues, while TLS 1.2 requires a disciplined cipher list. DANE and MTA-STS harden the transport path, SPF\/DKIM\/DMARC secure identity and reporting. Regular tests and log analyses show early on whether a change has undesirable side effects. With this guide, you can set up your mail server to be secure, high-performance and future-proof - without unnecessary <strong>Risks<\/strong>.<\/p>","protected":false},"excerpt":{"rendered":"<p>Mail server TLS configuration and cipher selection: smtp tls config for optimal mail security and email encryption hosting. Complete expert guide.<\/p>","protected":false},"author":1,"featured_media":18962,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_crdt_document":"","inline_featured_image":false,"footnotes":""},"categories":[708],"tags":[],"class_list":["post-18969","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-email"],"acf":[],"_wp_attached_file":null,"_wp_attachment_metadata":null,"litespeed-optimize-size":null,"litespeed-optimize-set":null,"_elementor_source_image_hash":null,"_wp_attachment_image_alt":null,"stockpack_author_name":null,"stockpack_author_url":null,"stockpack_provider":null,"stockpack_image_url":null,"stockpack_license":null,"stockpack_license_url":null,"stockpack_modification":null,"color":null,"original_id":null,"original_url":null,"original_link":null,"unsplash_location":null,"unsplash_sponsor":null,"unsplash_exif":null,"unsplash_attachment_metadata":null,"_elementor_is_screenshot":null,"surfer_file_name":null,"surfer_file_original_url":null,"envato_tk_source_kit":null,"envato_tk_source_index":null,"envato_tk_manifest":null,"envato_tk_folder_name":null,"envato_tk_builder":null,"envato_elements_download_event":null,"_menu_item_type":null,"_menu_item_menu_item_parent":null,"_menu_item_object_id":null,"_menu_item_object":null,"_menu_item_target":null,"_menu_item_classes":null,"_menu_item_xfn":null,"_menu_item_url":null,"_trp_menu_languages":null,"rank_math_primary_category":null,"rank_math_title":null,"inline_featured_image":null,"_yoast_wpseo_primary_category":null,"rank_math_schema_blogposting":null,"rank_math_schema_videoobject":null,"_oembed_049c719bc4a9f89deaead66a7da9fddc":null,"_oembed_time_049c719bc4a9f89deaead66a7da9fddc":null,"_yoast_wpseo_focuskw":null,"_yoast_wpseo_linkdex":null,"_oembed_27e3473bf8bec795fbeb3a9d38489348":null,"_oembed_c3b0f6959478faf92a1f343d8f96b19e":null,"_trp_translated_slug_en_us":null,"_wp_desired_post_slug":null,"_yoast_wpseo_title":null,"tldname":null,"tldpreis":null,"tldrubrik":null,"tldpolicylink":null,"tldsize":null,"tldregistrierungsdauer":null,"tldtransfer":null,"tldwhoisprivacy":null,"tldregistrarchange":null,"tldregistrantchange":null,"tldwhoisupdate":null,"tldnameserverupdate":null,"tlddeletesofort":null,"tlddeleteexpire":null,"tldumlaute":null,"tldrestore":null,"tldsubcategory":null,"tldbildname":null,"tldbildurl":null,"tldclean":null,"tldcategory":null,"tldpolicy":null,"tldbesonderheiten":null,"tld_bedeutung":null,"_oembed_d167040d816d8f94c072940c8009f5f8":null,"_oembed_b0a0fa59ef14f8870da2c63f2027d064":null,"_oembed_4792fa4dfb2a8f09ab950a73b7f313ba":null,"_oembed_33ceb1fe54a8ab775d9410abf699878d":null,"_oembed_fd7014d14d919b45ec004937c0db9335":null,"_oembed_21a029d076783ec3e8042698c351bd7e":null,"_oembed_be5ea8a0c7b18e658f08cc571a909452":null,"_oembed_a9ca7a298b19f9b48ec5914e010294d2":null,"_oembed_f8db6b27d08a2bb1f920e7647808899a":null,"_oembed_168ebde5096e77d8a89326519af9e022":null,"_oembed_cdb76f1b345b42743edfe25481b6f98f":null,"_oembed_87b0613611ae54e86e8864265404b0a1":null,"_oembed_27aa0e5cf3f1bb4bc416a4641a5ac273":null,"_oembed_time_27aa0e5cf3f1bb4bc416a4641a5ac273":null,"_tldname":null,"_tldclean":null,"_tldpreis":null,"_tldcategory":null,"_tldsubcategory":null,"_tldpolicy":null,"_tldpolicylink":null,"_tldsize":null,"_tldregistrierungsdauer":null,"_tldtransfer":null,"_tldwhoisprivacy":null,"_tldregistrarchange":null,"_tldregistrantchange":null,"_tldwhoisupdate":null,"_tldnameserverupdate":null,"_tlddeletesofort":null,"_tlddeleteexpire":null,"_tldumlaute":null,"_tldrestore":null,"_tldbildname":null,"_tldbildurl":null,"_tld_bedeutung":null,"_tldbesonderheiten":null,"_oembed_ad96e4112edb9f8ffa35731d4098bc6b":null,"_oembed_8357e2b8a2575c74ed5978f262a10126":null,"_oembed_3d5fea5103dd0d22ec5d6a33eff7f863":null,"_eael_widget_elements":null,"_oembed_0d8a206f09633e3d62b95a15a4dd0487":null,"_oembed_time_0d8a206f09633e3d62b95a15a4dd0487":null,"_aioseo_description":null,"_eb_attr":null,"_eb_data_table":null,"_oembed_819a879e7da16dd629cfd15a97334c8a":null,"_oembed_time_819a879e7da16dd629cfd15a97334c8a":null,"_acf_changed":null,"_wpcode_auto_insert":null,"_edit_last":null,"_edit_lock":null,"_oembed_e7b913c6c84084ed9702cb4feb012ddd":null,"_oembed_bfde9e10f59a17b85fc8917fa7edf782":null,"_oembed_time_bfde9e10f59a17b85fc8917fa7edf782":null,"_oembed_03514b67990db061d7c4672de26dc514":null,"_oembed_time_03514b67990db061d7c4672de26dc514":null,"rank_math_news_sitemap_robots":null,"rank_math_robots":null,"_eael_post_view_count":"512","_trp_automatically_translated_slug_ru_ru":null,"_trp_automatically_translated_slug_et":null,"_trp_automatically_translated_slug_lv":null,"_trp_automatically_translated_slug_fr_fr":null,"_trp_automatically_translated_slug_en_us":null,"_wp_old_slug":null,"_trp_automatically_translated_slug_da_dk":null,"_trp_automatically_translated_slug_pl_pl":null,"_trp_automatically_translated_slug_es_es":null,"_trp_automatically_translated_slug_hu_hu":null,"_trp_automatically_translated_slug_fi":null,"_trp_automatically_translated_slug_ja":null,"_trp_automatically_translated_slug_lt_lt":null,"_elementor_edit_mode":null,"_elementor_template_type":null,"_elementor_version":null,"_elementor_pro_version":null,"_wp_page_template":null,"_elementor_page_settings":null,"_elementor_data":null,"_elementor_css":null,"_elementor_conditions":null,"_happyaddons_elements_cache":null,"_oembed_75446120c39305f0da0ccd147f6de9cb":null,"_oembed_time_75446120c39305f0da0ccd147f6de9cb":null,"_oembed_3efb2c3e76a18143e7207993a2a6939a":null,"_oembed_time_3efb2c3e76a18143e7207993a2a6939a":null,"_oembed_59808117857ddf57e478a31d79f76e4d":null,"_oembed_time_59808117857ddf57e478a31d79f76e4d":null,"_oembed_965c5b49aa8d22ce37dfb3bde0268600":null,"_oembed_time_965c5b49aa8d22ce37dfb3bde0268600":null,"_oembed_81002f7ee3604f645db4ebcfd1912acf":null,"_oembed_time_81002f7ee3604f645db4ebcfd1912acf":null,"_elementor_screenshot":null,"_oembed_7ea3429961cf98fa85da9747683af827":null,"_oembed_time_7ea3429961cf98fa85da9747683af827":null,"_elementor_controls_usage":null,"_elementor_page_assets":[],"_elementor_screenshot_failed":null,"theplus_transient_widgets":null,"_eael_custom_js":null,"_wp_old_date":null,"_trp_automatically_translated_slug_it_it":null,"_trp_automatically_translated_slug_pt_pt":null,"_trp_automatically_translated_slug_zh_cn":null,"_trp_automatically_translated_slug_nl_nl":null,"_trp_automatically_translated_slug_pt_br":null,"_trp_automatically_translated_slug_sv_se":null,"rank_math_analytic_object_id":null,"rank_math_internal_links_processed":"1","_trp_automatically_translated_slug_ro_ro":null,"_trp_automatically_translated_slug_sk_sk":null,"_trp_automatically_translated_slug_bg_bg":null,"_trp_automatically_translated_slug_sl_si":null,"litespeed_vpi_list":null,"litespeed_vpi_list_mobile":null,"rank_math_seo_score":null,"rank_math_contentai_score":null,"ilj_limitincominglinks":null,"ilj_maxincominglinks":null,"ilj_limitoutgoinglinks":null,"ilj_maxoutgoinglinks":null,"ilj_limitlinksperparagraph":null,"ilj_linksperparagraph":null,"ilj_blacklistdefinition":null,"ilj_linkdefinition":null,"_eb_reusable_block_ids":null,"rank_math_focus_keyword":"Mailserver TLS","rank_math_og_content_image":null,"_yoast_wpseo_metadesc":null,"_yoast_wpseo_content_score":null,"_yoast_wpseo_focuskeywords":null,"_yoast_wpseo_keywordsynonyms":null,"_yoast_wpseo_estimated-reading-time-minutes":null,"rank_math_description":null,"surfer_last_post_update":null,"surfer_last_post_update_direction":null,"surfer_keywords":null,"surfer_location":null,"surfer_draft_id":null,"surfer_permalink_hash":null,"surfer_scrape_ready":null,"_thumbnail_id":"18962","footnotes":null,"_links":{"self":[{"href":"https:\/\/webhosting.de\/en\/wp-json\/wp\/v2\/posts\/18969","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/webhosting.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webhosting.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webhosting.de\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/webhosting.de\/en\/wp-json\/wp\/v2\/comments?post=18969"}],"version-history":[{"count":0,"href":"https:\/\/webhosting.de\/en\/wp-json\/wp\/v2\/posts\/18969\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webhosting.de\/en\/wp-json\/wp\/v2\/media\/18962"}],"wp:attachment":[{"href":"https:\/\/webhosting.de\/en\/wp-json\/wp\/v2\/media?parent=18969"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webhosting.de\/en\/wp-json\/wp\/v2\/categories?post=18969"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webhosting.de\/en\/wp-json\/wp\/v2\/tags?post=18969"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}