An email with multiple signatures throws an error
If somebody signs their email with multiple keys, schleuder is at the moment not able to handle the multiple signaures and will just throw an error:
Such an email will be bounced. We had someone who (accidentally) signed their message with 2 keys and wasn't able to send mails to any schleuder.
The major issue with it, is that bouncing the mail is technicall (as we are throwing an error) the right thing to happen. However, it is not very userfriendly and requires involvment of a superadmin to interprete the thrown error message. At least this should have a much better message for users to be able to detect what went wrong.
Additionally, we should probably discuss if throwing an error is the right thing to do. While I can think of reasons why an error should be raised - e.g. as the multiple signatures were for different parts - I still think we can do better. Also I think, we actually slightly changed how we work now and the double signatures should be less of a problem, since we merged !172 (merged)
We should make sure, that we only verify signatures around the whole message (or only treat correctly signed parts of the message as trusted), but still allow for multiple signatures on them. We should still be able to match for the right signature, while making sure you cannot craft messages to inject content that we trust to be signed properly, although the signature was for a different part.
While the reason for this report was an accident, I still think there is someone out there who has legitimate reasons to sign an email with 2 keys.