IMail.CheckSignature(true) checks if the signature is valid. No separate public key is needed. Signature already contains the certificate with the public key.
true means that certificate itself is not validated (its purposes and certificate chain are not validated).
You should either use CheckSignature(false) or additionally use IMail.GetSignedCms() and SignedCms.Certificates / SignedCms.SignerInfos and compare certificate thumbprint to what you have.