Multiple DKIM signatures not properly handled

[fraenki]

When a mail contains multiple DKIM signatures, the plugin seems to only parse one of them (the first/last). Consider this mail header...

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
    s=AAA; d=example.com;
...
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
    s=ZZZ; d=amazonses.com;
...

In this example the mail originated from example.com, but was delivered through Amazon SES (which added it's own DKIM signature).

In this case this leads to a warning that the DKIM signature for amazonses.com does not belong to this domain (supposedly example.com).

Other DKIM verification tools (like Google Header Analyzer) conclude that everything is fine. So I guess only one of these two DKIM signatures is considered by the plugin, which leads to the incorrect warning.

[lieser]

Note that the add-on does verify all DKIM signatures, but it will only show one signature. Mainly because of space reasons in the GUI. More about it in https://github.com/lieser/dkim_verifier/issues/48#issuecomment-144373585.

My guess is that the signature for example.com fails to verify. The add-on will then consider the valid signature from amazonses.com the "better" one to show.

If you take a look at the log output you should be able to see what happens (best with debug logging enabled) https://github.com/lieser/dkim_verifier/wiki/Debug#view-error-and-debug-messages.

As part of #160, which is planned for the next version, all DKIM signatures will be probably be visible in the GUI. But still not directly in the header. Instead I plan to extend the pop-up for the DKIM button in the header, that currently only has buttons to trigger actions.

[lieser]

As you haven't replied yet I'm assuming your questions are answered. If not please reopen the issue.