After upgrading from Sierra to Mojave (macOS 10.14), Apple mail started to display the warning Unable to verify message signature above all signed and encrypted emails. When clicking on Details, it says:
The digital signature is incorrect. The message may have been tampered with or corrupted since signed by (sender's name).
We are using S/MIME certificates signed by a self-signed root CA, but I doubt that this is the problem. When checking the certificates in the Keychain app, they are reported to be valid and good. However, if in Apple Mail, I get the above message and click on Show Certificate, the root certificate is reported to be valid and trusted, but the S/MIME certificate is nonetheless invalid for no obvious reason.
Note that some report similar problems for emails with attachments only.
Best Answer
This seems to be due to a bug in Apple Mail, at least in macOS 10.14.1, but possibly introduced in macOS 10.13.5 as an attempt to mitigate the EFAIL security hole.
When Mail is set to not automatically load remote content (Preferences > Viewing > Load remote content in messages is not checked), then the warning message Unable to verify message signature is displayed for every S/MIME signed message.
You can get rid of the warning by either
However, for security reasons, it is not recommended to load remote content unless it is from a trusted source.
I consider this a major bug for the following reasons:
I even consider this a severe security problem because:
The fix was originally intended to stop the Mail app from loading HTML content without the user's consent. However, the way it is implemented now, this leads to also not loading the signature attachment.