from my understanding:
Posteo can 1) intercept in real time your decrypted emails when you are logged in
only if you don’t use their inbound encryption. if the mails stored on their servers are encrypted, then only the key holder (you) can read them. this is the same as mailbox which is currently recommended (though mailbox only supports PGP for its inbox encryption feature and posteo also supports S/MIME which is nice for Apple Mail.app users)
- when you receive an email (no matter if logged in or out).
that’s just how email works. the only way to mitigate this is to force everyone who mails you to encrypt their messages