search

lieser / dkim_verifier

DKIM Verifier Extension for Mozilla Thunderbird
MIT License
210 stars 35 forks source link

From: field colored GREEN or colored ORANGE, but why in this particular examples #380

Closed bernieEV closed 1 year ago

bernieEV commented 1 year ago

GREEN colored FROM field:

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; s=mailing; d=newsletter.jack-wolfskin.com;
 h=Date:From:Reply-To:To:Message-ID:Subject:MIME-Version:Content-Type:X-ulpe:
 List-Id:X-CSA-Complaints:List-Unsubscribe:List-Unsubscribe-Post:Feedback-ID;
 i=news@newsletter.jack-wolfskin.com;
 bh=0XM5oo51fc6sYs/qEwoa5vxaj/Pv7IRepjvYHh8sQhk=;
 b=cH0rh3zDIWo5rDjYuxA3b1Dw3MwF+A1yQTQPoOL7r/NxcIjO9LRtdW5+2ohyrvlAahLhk42JP4y/
   X7Zsmykk3VKMcT+75vocNNi35gfUOK+f5kqUXEFOXMFzO1/zfuc3rvFkjVHiMaqMADi5ZNw73zaN
   oX/VLeFsstOA9opgqdg=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; s=mailing; d=srv2.de;
 h=Date:From:Reply-To:To:Message-ID:Subject:MIME-Version:Content-Type:X-ulpe:
 List-Id:X-CSA-Complaints:List-Unsubscribe:List-Unsubscribe-Post:Feedback-ID;
 bh=0XM5oo51fc6sYs/qEwoa5vxaj/Pv7IRepjvYHh8sQhk=;
 b=PKLdLv6jcJuuz2qGKTCbJKFSzUx/QCGPASU/TzUnfHjeODEEHx6TAsHXyHf2lsRbbKc9YnYPz3bk
   tEsLHp4OoUf1vCrBiZeZK0cu45r6GMFDzLvQDNaulecrwv6I19mAmUa9GSPiyM18oVjKaFnsbX1K
   QLWvTRJKM2e2Z6geSQQ=
Date: Wed, 12 Jul 2023 09:32:09 +0200 (CEST)
From: Jack Wolfskin <news@newsletter.jack-wolfskin.com>
Reply-To: Jack Wolfskin <news@newsletter.jack-wolfskin.com>
To: riegler.b@A1.net
Message-ID: <re-p2a1UIHPnd2eb_5Fbc2K3eEHxgy-5G5GCHBH-5FTB3EO3-8K011EZ@newsletter.jack-wolfskin.com>
Subject: 30 % Rabatt: Letzte Chance!

ORANGE colored FROM field:

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=inxserver.com;
  s=202007; t=1688997612; r=y;
  bh=6zmwHO42hkD6rZ9qCGn/hw9Li6B8XPjVK29fHh4D9rU=;
  h=DKIM-Signature:Date:From:Reply-To:To:Message-ID:Subject:
   MIME-Version:Content-Type:List-Id:List-Unsubscribe:
   List-Unsubscribe-Post:Feedback-ID:X-CSA-Complaints:X-Mailer;
  b=B31eHzfKxAzousrH2rMvzezvtMFtAZOPEWvNRW8TPeMz2r4qgiTgqArUhpEt1BYx7
   VUwJEjAdfH1odjgQL4FTPKBqmE2IRxxFy+JWRv0ih/uZjrnKXzM4yppgc+sKb0Cnfo
   oVJC4qUBl4Mc/6cV472M3Q3NzguQmpC1DLsiq49tfgm8maJwPlkof5ZY9641P8AeG+
   i6x/i/cba4kRcCcEbPIlhQTtnRwMYLkpTUXR1rUt5v0bD7Od/Us5MxOciswlYEOCwZ
   InaCNdRsvS2ohFKxYDtzEZDdqCFRZngeqagrvJ45dDqs8blAovIV2cgVkwrvxFYuSB
   PeKstIVVV12XQ==
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; t=1688997612;
  s=inx93283317; d=nubert.de; i=info@nubert.de;
  h=Date:From:Reply-To:To:Message-ID:Subject:MIME-Version:Content-Type:List-Id:List-Unsubscribe:List-Unsubscribe-Post:Feedback-ID;
  bh=6zmwHO42hkD6rZ9qCGn/hw9Li6B8XPjVK29fHh4D9rU=;
  b=Wv1cNmLEzMnrqBwGOU7eu6v2s3+TZjAhY/JMGrLTRRyPFflvR/+9HchJcd94YNKF
  iHKi/6TpoLElPGBm5B2jt7wpO2uU6oto0KnBjH63bXbKoaOalUkWRG4jHPU+HHbilw2
  eGQBgesY5nXzGB6Dai7XDeRU4nDMCPdh+jk3434vfNOew6mZ+bYhMFQjUA8y7jaX84L
  8tsrldc6VR2+BC0wr7S9KYutM/dAz59BSGVTnrBj4Ceh/af6yFXIkjtLgManVyXaABd
  9rim9FelFxhSpMPcLL3lpfnf1P8Oe8IScUO7JXsZtVKO2UASIjHHdCU/NVsJLB0DY9q
  uR9BXAx85w==
Date: Mon, 10 Jul 2023 16:00:12 +0200 (CEST)
From: Nubert <info@nubert.de>                                                   
Reply-To: Nubert <info@nubert.de>
To: riegler.b@A1.net
Message-ID: <INX.14019d00bc088aade99e39cd2cc.a80d.5f97.e23.189401a2229c3@news.nubert.de>
Subject: nu's Letter vom 10.07.2023

thanks

bernieEV commented 1 year ago

oops, I forgot the hint for ORANGE case: From is not in the signed domain what is going on here with the i= field ?

lieser commented 1 year ago

If you did not change the color highlights orange means the signature has warnings. Like you seem to have already found out the warnings are shown if as a tooltip of the warning icon.

So why has your second email From is not in the signed domain?

Note that it has two DKIM signatures. One signed by nubert.de, for which this warning does not make sense. And one signed by inxserver.com, which is a different domain than the from address.

You did not mention which of the two signatures the addon shows in the GUI, but my guess would be the one from inxserver.com? This mean that the one signed by nubert.de fails to verify, which is why the add-on rather shows the one that that verifies, even if it is with warnings,

You should take a look at the error console, which should provide more information why the addon fails to verify the DKIM signature by nubert.de. See also https://github.com/lieser/dkim_verifier/wiki/Debug#view-error-and-debug-messages.

bernieEV commented 1 year ago

thanks for the tip with the console and here are the details.

GREEN_Screenshot from 2023-07-14 10-36-38 ORANGE_Screenshot from 2023-07-14 10-34-21 TIBOR_ORANGE Screenshot from 2023-07-14 10-50-34

lieser commented 1 year ago

E-Mail from nubert.de:

At the verification time there was a DNS error for getting the DKIM key for the signature by nubert.de. Unfortunately that result was saved, something that should probably be improve in the future. You need to manually trigger a reverification (https://github.com/lieser/dkim_verifier/wiki/Options#save-result-of-the-verification), in the hopes the DNS error disappears this time.

E-Mail from github.com:

You changed the setting to be warned about more unsigned headers that could affect how the e-mail is shown (https://github.com/lieser/dkim_verifier/wiki/Options#warn-about-unsigned-headers-that-are-recommended-to-be-signed). Unless you are an advanced user you probably don't want to enable the strict mode as it will only distract you from more relevant warnings without you being able to interpret the impact of all this warnings about missing signed headers you will see.

I would recommend you go back to the default recommended mode. Note that here too you will need to manually trigger a reverification.

lieser commented 1 year ago

As you haven't replied yet I'm assuming your questions are answered. If not please reopen the issue.