search

lieser / dkim_verifier

DKIM Verifier Extension for Mozilla Thunderbird
MIT License
213 stars 36 forks source link

Authentication-Results values not shown #466

Open alevesely opened 4 days ago

alevesely commented 4 days ago

I have set both Verify DKIM signatures and Read Authentication-Results header. However, a message having:

Authentication-Results: wmail.tana.it;
  spf=pass smtp.mailfrom=mailop.org;
  dkim=pass reason="Original-From: transformed" header.d=dcrocker.net;
  dmarc=pass header.from=mailop.org;
  arc=fail (1 set(s)) smtp.remote-ip=91.132.147.157

displays DKIM Invalid (E-Mail was modified) despite the signature was previously authenticated. My understanding was that Read Authentication-Results header meant to skip performing a verification when a trusted A-R already has a result. Or is that A-R invalid for some reason? I don't see references to that in the error console, which starts like so:

DKIM_Verifier.AuthVerifier  ERROR    Ignoring error in parsing of ARH DKIM_Error: Parsing error
    match moz-extension://694bf5d4-0ccd-4013-88d6-a4fdb3a218aa/modules/arhParser.mjs.js:354
    parseResInfo moz-extension://694bf5d4-0ccd-4013-88d6-a4fdb3a218aa/modules/arhParser.mjs.js:188
    parse moz-extension://694bf5d4-0ccd-4013-88d6-a4fdb3a218aa/modules/arhParser.mjs.js:158
    getARHResult moz-extension://694bf5d4-0ccd-4013-88d6-a4fdb3a218aa/modules/authVerifier.mjs.js:265
    verify moz-extension://694bf5d4-0ccd-4013-88d6-a4fdb3a218aa/modules/authVerifier.mjs.js:177
[authVerifier.mjs.js:267:8](moz-extension://694bf5d4-0ccd-4013-88d6-a4fdb3a218aa/modules/authVerifier.mjs.js)
DKIM_Verifier.AuthVerifier  DEBUG    ARH result: 
Object { version: "3.1", dkim: [], spf: [], dmarc: [], bimiIndicator: undefined }
[authVerifier.mjs.js:348:6](moz-extension://694bf5d4-0ccd-4013-88d6-a4fdb3a218aa/modules/authVerifier.mjs.js)
DKIM_Verifier.Verifier  DEBUG    1 DKIM-Signatures found. [verifier.mjs.js:1491:8](moz-extension://694bf5d4-0ccd-4013-88d6-a4fdb3a218aa/modules/dkim/verifier.mjs.js)
DKIM_Verifier.Verifier  DEBUG    Verifying DKIM-Signature 1 ... [verifier.mjs.js:1506:9](moz-extension://694bf5d4-0ccd-4013-88d6-a4fdb3a218aa/modules/dkim/verifier.mjs.js)

The signature is indeed invalid, according to the spec. The A-R value is based on a method to undo the transformation done by a mailing list which could verify the author's signature.

Why isn't the A-R value accepted by DKIM Verifier?

ell1e commented 4 days ago

Did you try enabling parsing the Authentication-Results header in the addon preferences? I believe it's disabled by default, which could explain what you're seeing. Nevermind, I misread your first sentence and you seem to be saying that you have it enabled. Sorry for my unhelpful comment.