npm - Haraka - Versions diffs - 3.1.3 → 3.1.5 - Mend

Haraka 3.1.3 → 3.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (65) hide show

package/.prettierignore +2 -0
package/CONTRIBUTORS.md +23 -1
package/Changes.md +52 -0
package/Plugins.md +81 -64
package/README.md +1 -1
package/bin/haraka +7 -5
package/connection.js +15 -19
package/docs/Plugins.md +1 -1
package/docs/plugins/aliases.md +0 -2
package/docs/plugins/queue/qmail-queue.md +0 -1
package/logger.js +2 -2
package/outbound/hmail.js +76 -83
package/outbound/index.js +36 -34
package/outbound/queue.js +231 -176
package/package.json +26 -29
package/plugins/prevent_credential_leaks.js +2 -2
package/plugins/process_title.js +1 -1
package/plugins/queue/smtp_forward.js +5 -5
package/plugins/status.js +8 -5
package/plugins/tls.js +1 -1
package/plugins.js +19 -14
package/rfc1869.js +10 -10
package/run_tests +8 -2
package/server.js +15 -10
package/smtp_client.js +10 -15
package/test/config/tls/haraka.local.pem +47 -47
package/test/connection.js +286 -147
package/test/endpoint.js +5 -4
package/test/fixtures/line_socket.js +1 -0
package/test/fixtures/util_hmailitem.js +1 -1
package/test/host_pool.js +57 -31
package/test/logger.js +75 -135
package/test/outbound/bounce_net_errors.js +132 -0
package/test/outbound/bounce_rfc3464.js +226 -0
package/test/outbound/hmail.js +140 -104
package/test/outbound/index.js +61 -101
package/test/outbound/qfile.js +25 -25
package/test/outbound/queue.js +233 -0
package/test/plugins/auth/auth_base.js +39 -44
package/test/plugins/auth/auth_vpopmaild.js +8 -9
package/test/plugins/queue/smtp_forward.js +953 -183
package/test/plugins/rcpt_to.host_list_base.js +58 -93
package/test/plugins/rcpt_to.in_host_list.js +126 -175
package/test/plugins/record_envelope_addresses.js +93 -0
package/test/plugins/status.js +10 -10
package/test/plugins/tls.js +11 -21
package/test/plugins/xclient.js +102 -0
package/test/plugins.js +10 -13
package/test/rfc1869.js +71 -48
package/test/server.js +281 -436
package/test/smtp_client.js +1194 -220
package/test/tls_socket.js +74 -243
package/test/transaction.js +486 -201
package/tls_socket.js +19 -23
package/transaction.js +33 -10
package/config/rabbitmq.ini +0 -10
package/config/rabbitmq_amqplib.ini +0 -19
package/docs/plugins/queue/rabbitmq.md +0 -34
package/docs/plugins/queue/rabbitmq_amqplib.md +0 -51
package/plugins/queue/rabbitmq.js +0 -141
package/plugins/queue/rabbitmq_amqplib.js +0 -96
package/test/config/tls/ec.pem +0 -23
package/test/config/tls/mismatched.pem +0 -49
package/test/outbound_bounce_net_errors.js +0 -157
package/test/outbound_bounce_rfc3464.js +0 -366

package/test/transaction.js CHANGED Viewed

@@ -1,3 +1,6 @@
+'use strict'
+const { describe, it, beforeEach } = require('node:test')
 const assert = require('node:assert')
 const fs = require('node:fs')
 const path = require('node:path')
@@ -5,230 +8,315 @@ const path = require('node:path')
 const config = require('haraka-config')
 const transaction = require('../transaction')
-const _set_up = (done) => {
+// ── Helpers ───────────────────────────────────────────────────────────────────
+const endData = (txn) => new Promise((resolve) => txn.end_data(resolve))
+const getData = (stream) => new Promise((resolve) => stream.get_data(resolve))
+const setUp = () => {
     this.transaction = transaction.createTransaction(undefined, config.get('smtp.ini'))
-    done()
 }
+function addLines(txn, lines) {
+    for (const line of lines) txn.add_data(line)
+}
+function write_file_data_to_transaction(test_transaction, filename) {
+    const specimen = fs.readFileSync(filename, 'utf8')
+    const matcher = /[^\n]*([\n]|$)/g
+    let line
+    do {
+        line = matcher.exec(specimen)
+        if (line[0] === '') break
+        test_transaction.add_data(line[0])
+    } while (line[0] !== '')
+    test_transaction.end_data()
+}
+// ── Tests ─────────────────────────────────────────────────────────────────────
 describe('transaction', () => {
-    beforeEach(_set_up)
-    it('add_body_filter', (done) => {
-        this.transaction.add_body_filter('text/plain', (ct, enc, buf) => {
-            // The functionality of these filter functions is tested in
-            // haraka-email-message. This just assures the plumbing is in place.
-            assert.ok(ct.indexOf('text/plain') === 0, 'correct body part')
-            assert.ok(/utf-?8/i.test(enc), 'correct encoding')
-            assert.equal(buf.toString().trim(), 'Text part', 'correct body contents')
-        })
-        ;[
-            'Content-Type: multipart/alternative; boundary=abcd\n',
-            '\n',
-            '--abcd\n',
-            'Content-Type: text/plain\n',
-            '\n',
-            'Text part\n',
-            '--abcd\n',
-            'Content-Type: text/html\n',
-            '\n',
-            '<p>HTML part</p>\n',
-            '--abcd--\n',
-        ].forEach((line) => {
-            this.transaction.add_data(line)
-        })
-        this.transaction.end_data(() => {
-            done()
+    beforeEach(setUp)
+    describe('createTransaction', () => {
+        it('generates a UUID when none is provided', () => {
+            const txn = transaction.createTransaction()
+            assert.ok(txn.uuid, 'uuid is set')
+            assert.match(txn.uuid, /^[0-9A-F-]+$/i, 'uuid looks like a UUID')
         })
-    })
-    it('regression: attachment_hooks before set_banner/add_body_filter', (done) => {
-        this.transaction.attachment_hooks(() => {})
-        this.transaction.set_banner('banner')
-        this.transaction.add_body_filter('', () => {
-            assert.ok(true, 'body filter called')
+        it('uses the provided UUID', () => {
+            const txn = transaction.createTransaction('TEST-UUID')
+            assert.equal(txn.uuid, 'TEST-UUID')
         })
-        ;['Content-Type: text/plain\n', '\n', 'Some text\n'].forEach((line) => {
-            this.transaction.add_data(line)
+        it('initialises header_pos to 0', () => {
+            assert.equal(this.transaction.header_pos, 0)
         })
-        this.transaction.end_data(() => {
-            this.transaction.message_stream.get_data((body) => {
-                assert.ok(/banner$/.test(body.toString().trim()), 'banner applied')
-                done()
-            })
+        it('initialises found_hb_sep to false', () => {
+            assert.equal(this.transaction.found_hb_sep, false)
         })
     })
-    it('correct output encoding when content in non-utf8 #2176', (done) => {
-        // Czech panagram "Příliš žluťoučký kůň úpěl ďábelské ódy." in ISO-8859-2 encoding
-        const message = [
-            0x50, 0xf8, 0xed, 0x6c, 0x69, 0xb9, 0x20, 0xbe, 0x6c, 0x75, 0xbb, 0x6f, 0x76, 0xe8, 0x6b, 0xfd, 0x20, 0x6b,
-            0xf9, 0xf2, 0xfa, 0xec, 0x6c, 0x20, 0xef, 0xe2, 0x62, 0x65, 0x6c, 0x73, 0x6b, 0xe9, 0x20, 0xf3, 0x64, 0x79,
-            0x2e,
-        ]
-        const payload = [
-            Buffer.from('Content-Type: text/plain; charset=iso-8859-2; format=flowed\n'),
-            '\n',
-            Buffer.from([...message, 0x0a]), // Add \n
-        ]
+    describe('add_body_filter', () => {
+        it('filter callback receives correct content-type, encoding, and body', async () => {
+            let called = false
+            this.transaction.add_body_filter('text/plain', (ct, enc, buf) => {
+                assert.ok(ct.startsWith('text/plain'), 'correct content-type')
+                assert.match(enc, /utf-?8/i, 'correct encoding')
+                assert.equal(buf.toString().trim(), 'Text part', 'correct body text')
+                called = true
+            })
+            addLines(this.transaction, [
+                'Content-Type: multipart/alternative; boundary=abcd\n',
+                '\n',
+                '--abcd\n',
+                'Content-Type: text/plain\n',
+                '\n',
+                'Text part\n',
+                '--abcd\n',
+                'Content-Type: text/html\n',
+                '\n',
+                '<p>HTML part</p>\n',
+                '--abcd--\n',
+            ])
+            await endData(this.transaction)
+            await getData(this.transaction.message_stream)
+            assert.ok(called, 'filter was called')
+        })
-        this.transaction.parse_body = true
-        this.transaction.attachment_hooks(function () {})
+        // Issue #2290: add_body_filter called after ensure_body() has already run must still apply.
+        it('filter applied when added after body already initialised', async () => {
+            this.transaction.attachment_hooks(() => {})
+            this.transaction.add_data('Content-Type: text/plain\n')
+            this.transaction.add_data('\n')
-        for (const line of payload) {
-            this.transaction.add_data(line)
-        }
-        this.transaction.end_data(() => {
-            this.transaction.message_stream.get_data(function (body) {
-                assert.ok(body.includes(Buffer.from(message)), 'message not damaged')
-                done()
+            let filter_called = false
+            this.transaction.add_body_filter('text/plain', (ct, enc, buf) => {
+                filter_called = true
+                return buf
             })
+            this.transaction.add_data('Hello\n')
+            await endData(this.transaction)
+            await getData(this.transaction.message_stream)
+            assert.ok(filter_called, 'filter called even when added after body init')
+        })
+        it('filter added after body init can transform content', async () => {
+            this.transaction.attachment_hooks(() => {})
+            this.transaction.add_data('Content-Type: text/plain\n')
+            this.transaction.add_data('\n')
+            this.transaction.add_body_filter('text/plain', (ct, enc, buf) => {
+                return Buffer.from(buf.toString().replace('Hello', 'World'))
+            })
+            this.transaction.add_data('Hello\n')
+            await endData(this.transaction)
+            const body = await getData(this.transaction.message_stream)
+            assert.ok(body.toString().includes('World'), 'filter transformed content')
+            assert.ok(!body.toString().includes('Hello'), 'original content was replaced')
         })
-    })
-    it('no munging of bytes if not parsing body', (done) => {
-        // Czech panagram "Příliš žluťoučký kůň úpěl ďábelské ódy.\n" in ISO-8859-2 encoding
-        const message = Buffer.from([
-            0x50, 0xf8, 0xed, 0x6c, 0x69, 0xb9, 0x20, 0xbe, 0x6c, 0x75, 0xbb, 0x6f, 0x76, 0xe8, 0x6b, 0xfd, 0x20, 0x6b,
-            0xf9, 0xf2, 0xfa, 0xec, 0x6c, 0x20, 0xef, 0xe2, 0x62, 0x65, 0x6c, 0x73, 0x6b, 0xe9, 0x20, 0xf3, 0x64, 0x79,
-            0x2e, 0x0a,
-        ])
-        const payload = ['Content-Type: text/plain; charset=iso-8859-2; format=flowed\n', '\n', message]
-        payload.forEach((line) => {
-            this.transaction.add_data(line)
-        })
-        this.transaction.end_data(() => {
-            this.transaction.message_stream.get_data((body) => {
-                assert.ok(body.includes(message), 'message not damaged')
-                done()
+        it('filter with regex ct_match fires on matching part', async () => {
+            let matched_ct = null
+            this.transaction.add_body_filter(/^text\//, (ct, enc, buf) => {
+                matched_ct = ct
+                return buf
             })
+            addLines(this.transaction, [
+                'Content-Type: multipart/alternative; boundary=X\n',
+                '\n',
+                '--X\n',
+                'Content-Type: text/plain\n',
+                '\n',
+                'Plain\n',
+                '--X--\n',
+            ])
+            await endData(this.transaction)
+            await getData(this.transaction.message_stream)
+            assert.ok(matched_ct && matched_ct.startsWith('text/'), 'regex matched content-type')
         })
     })
-    it('bannering with nested mime structure', (done) => {
-        this.transaction.set_banner('TEXT_BANNER', 'HTML_BANNER')
-        ;[
-            'Content-Type: multipart/mixed; boundary="TOP_LEVEL"',
-            '',
-            '--TOP_LEVEL',
-            'Content-Type: multipart/alternative; boundary="INNER_LEVEL"',
-            '',
-            '--INNER_LEVEL',
-            'Content-Type: text/plain; charset=us-ascii',
-            '',
-            'Hello, this is a text part',
-            '--INNER_LEVEL',
-            'Content-Type: text/html; charset=us-ascii',
-            '',
-            '<p>This is an html part</p>',
-            '--INNER_LEVEL--',
-            '--TOP_LEVEL--',
-        ].forEach((line) => {
-            this.transaction.add_data(`${line}\r\n`)
-        })
-        this.transaction.end_data(() => {
-            this.transaction.message_stream.get_data((body) => {
-                assert.ok(
-                    /Hello, this is a text part/.test(body.toString()),
-                    'text content comes through in final message',
-                )
-                assert.ok(/This is an html part/.test(body.toString()), 'html content comes through in final message')
-                assert.ok(/TEXT_BANNER/.test(body.toString()), 'text banner comes through in final message')
-                assert.ok(/HTML_BANNER/.test(body.toString()), 'html banner comes through in final message')
-                done()
+    describe('attachment_hooks', () => {
+        it('sets parse_body to true', () => {
+            assert.equal(this.transaction.parse_body, false)
+            this.transaction.attachment_hooks(() => {})
+            assert.equal(this.transaction.parse_body, true)
+        })
+        it('attachment_hooks before set_banner and add_body_filter all cooperate', async () => {
+            this.transaction.attachment_hooks(() => {})
+            this.transaction.set_banner('banner')
+            let filter_called = false
+            this.transaction.add_body_filter('', () => {
+                filter_called = true
             })
+            addLines(this.transaction, ['Content-Type: text/plain\n', '\n', 'Some text\n'])
+            await endData(this.transaction)
+            const body = await getData(this.transaction.message_stream)
+            assert.ok(/banner$/.test(body.toString().trim()), 'banner applied')
+            assert.ok(filter_called, 'body filter called')
         })
     })
-    describe('base64_handling', () => {
-        beforeEach(_set_up)
+    describe('set_banner', () => {
+        it('appends text banner to plain-text body', async () => {
+            this.transaction.set_banner('TEXT_BANNER', 'HTML_BANNER')
+            addLines(this.transaction, ['Content-Type: text/plain\n', '\n', 'Hello\n'])
+            await endData(this.transaction)
+            const body = await getData(this.transaction.message_stream)
+            assert.ok(body.toString().includes('TEXT_BANNER'), 'text banner present')
+        })
-        it('varied-base64-fold-lengths-preserve-data', (done) => {
-            const parsed_attachments = {}
+        it('appends banners in nested MIME structure', async () => {
+            this.transaction.set_banner('TEXT_BANNER', 'HTML_BANNER')
+            addLines(this.transaction, [
+                'Content-Type: multipart/mixed; boundary="TOP_LEVEL"\r\n',
+                '\r\n',
+                '--TOP_LEVEL\r\n',
+                'Content-Type: multipart/alternative; boundary="INNER_LEVEL"\r\n',
+                '\r\n',
+                '--INNER_LEVEL\r\n',
+                'Content-Type: text/plain; charset=us-ascii\r\n',
+                '\r\n',
+                'Hello, this is a text part\r\n',
+                '--INNER_LEVEL\r\n',
+                'Content-Type: text/html; charset=us-ascii\r\n',
+                '\r\n',
+                '<p>This is an html part</p>\r\n',
+                '--INNER_LEVEL--\r\n',
+                '--TOP_LEVEL--\r\n',
+            ])
+            await endData(this.transaction)
+            const body = await getData(this.transaction.message_stream)
+            const str = body.toString()
+            assert.ok(/Hello, this is a text part/.test(str), 'text part present')
+            assert.ok(/This is an html part/.test(str), 'html part present')
+            assert.ok(/TEXT_BANNER/.test(str), 'text banner present')
+            assert.ok(/HTML_BANNER/.test(str), 'html banner present')
+        })
+    })
+    describe('encoding', () => {
+        it('correct output when content is non-utf8 (#2176)', async () => {
+            // Czech panagram in ISO-8859-2
+            const message = Buffer.from([
+                0x50, 0xf8, 0xed, 0x6c, 0x69, 0xb9, 0x20, 0xbe, 0x6c, 0x75, 0xbb, 0x6f, 0x76, 0xe8, 0x6b, 0xfd, 0x20,
+                0x6b, 0xf9, 0xf2, 0xfa, 0xec, 0x6c, 0x20, 0xef, 0xe2, 0x62, 0x65, 0x6c, 0x73, 0x6b, 0xe9, 0x20, 0xf3,
+                0x64, 0x79, 0x2e,
+            ])
+            this.transaction.parse_body = true
+            this.transaction.attachment_hooks(() => {})
+            addLines(this.transaction, [
+                Buffer.from('Content-Type: text/plain; charset=iso-8859-2; format=flowed\n'),
+                '\n',
+                Buffer.from([...message, 0x0a]),
+            ])
+            await endData(this.transaction)
+            const body = await getData(this.transaction.message_stream)
+            assert.ok(body.includes(message), 'ISO-8859-2 content not damaged')
+        })
+        it('no munging of bytes when not parsing body', async () => {
+            // Same Czech panagram — verifies raw pass-through
+            const message = Buffer.from([
+                0x50, 0xf8, 0xed, 0x6c, 0x69, 0xb9, 0x20, 0xbe, 0x6c, 0x75, 0xbb, 0x6f, 0x76, 0xe8, 0x6b, 0xfd, 0x20,
+                0x6b, 0xf9, 0xf2, 0xfa, 0xec, 0x6c, 0x20, 0xef, 0xe2, 0x62, 0x65, 0x6c, 0x73, 0x6b, 0xe9, 0x20, 0xf3,
+                0x64, 0x79, 0x2e, 0x0a,
+            ])
+            addLines(this.transaction, ['Content-Type: text/plain; charset=iso-8859-2; format=flowed\n', '\n', message])
+            await endData(this.transaction)
+            const body = await getData(this.transaction.message_stream)
+            assert.ok(body.includes(message), 'raw bytes not damaged')
+        })
+        it('add_data auto-converts string input to Buffer', async () => {
+            // The code path for string input (should never happen but is defensive)
+            this.transaction.add_data('Subject: string-input\n')
+            this.transaction.add_data('\n')
+            this.transaction.add_data('body\n')
+            await endData(this.transaction)
+            const body = await getData(this.transaction.message_stream)
+            assert.ok(body.toString().includes('string-input'), 'string input was processed')
+        })
+    })
+    describe('base64 handling', () => {
+        it('varied fold-lengths preserve data integrity', async () => {
+            const parsed = {}
+            const pendingStreams = []
             this.transaction.parse_body = true
-            //accumulate attachment buffers.
             this.transaction.attachment_hooks((ct, filename, body, stream) => {
-                let attachment = Buffer.alloc(0)
-                stream.on('data', (data) => {
-                    attachment = Buffer.concat([attachment, data])
-                })
-                stream.on('end', () => {
-                    parsed_attachments[filename] = attachment
-                })
+                pendingStreams.push(
+                    new Promise((resolve) => {
+                        let buf = Buffer.alloc(0)
+                        stream.on('data', (d) => {
+                            buf = Buffer.concat([buf, d])
+                        })
+                        stream.on('end', () => {
+                            parsed[filename] = buf
+                            resolve()
+                        })
+                    }),
+                )
             })
-            const specimen_path = path.join(__dirname, 'mail_specimen', 'varied-fold-lengths-preserve-data.txt')
-            write_file_data_to_transaction(this.transaction, specimen_path)
+            const specimen = path.join(__dirname, 'mail_specimen', 'varied-fold-lengths-preserve-data.txt')
+            write_file_data_to_transaction(this.transaction, specimen)
+            await Promise.all(pendingStreams)
             assert.equal(this.transaction.body.children.length, 6)
-            let first_attachment = null
-            for (const i in parsed_attachments) {
-                const current_attachment = parsed_attachments[i]
-                first_attachment = first_attachment || current_attachment
-                // All buffers from data that was encoded with varied line lengths should
-                // still have the same final data.
-                assert.equal(
-                    true,
-                    first_attachment.equals(current_attachment),
-                    `The buffer data for '${i}' doesn't appear to be equal to the other attachments, and is likely corrupted.`,
-                )
+            let first = null
+            for (const name in parsed) {
+                first = first || parsed[name]
+                assert.ok(first.equals(parsed[name]), `buffer for '${name}' matches the others`)
             }
-            done()
         })
-        it('base64-root-html-decodes-correct-number-of-bytes', (done) => {
+        it('base64 root HTML decodes correct byte count', () => {
             this.transaction.parse_body = true
-            const specimen_path = path.join(__dirname, 'mail_specimen', 'base64-root-part.txt')
-            write_file_data_to_transaction(this.transaction, specimen_path)
+            const specimen = path.join(__dirname, 'mail_specimen', 'base64-root-part.txt')
+            write_file_data_to_transaction(this.transaction, specimen)
             assert.equal(this.transaction.body.bodytext.length, 425)
-            done()
         })
     })
-    // Test is to ensure boundary marker just after the headers, is in-tact
-    // Issue:    "User1990" <--abcd
-    // Expected: --abcd
-    describe('boundarymarkercorrupt_test', () => {
-        beforeEach(_set_up)
-        // populate the same email data in transaction (self.transaction.add_data()) and
-        // in raw buffer, then compare
-        it('fix mime boundary corruption issue', (done) => {
-            const self = this
-            let buffer = ''
-            self.transaction.add_data('Content-Type: multipart/alternative; boundary=abcd\r\n')
-            buffer += 'Content-Type: multipart/alternative; boundary=abcd\r\n'
-            self.transaction.add_data(
+    describe('boundary marker corruption (#2244)', () => {
+        it('boundary marker is intact after large folded To header', async () => {
+            let buf = ''
+            this.transaction.add_data('Content-Type: multipart/alternative; boundary=abcd\r\n')
+            buf += 'Content-Type: multipart/alternative; boundary=abcd\r\n'
+            this.transaction.add_data(
                 'To: "User1_firstname_middlename_lastname" <user1_firstname_middlename_lastname@test.com>,\r\n',
             )
-            buffer += 'To: "User1_firstname_middlename_lastname" <user1_firstname_middlename_lastname@test.com>,\r\n'
-            // make sure we add headers so that it exceeds 64k bytes to expose this issue
+            buf += 'To: "User1_firstname_middlename_lastname" <user1_firstname_middlename_lastname@test.com>,\r\n'
+            // Add enough continuation lines to exceed 64 KB
             for (let i = 0; i < 725; i++) {
-                self.transaction.add_data(
-                    ` "User${i}_firstname_middlename_lastname" <user${i}_firstname_middlename_lastname@test.com>,\r\n`,
-                )
-                buffer += ` "User${i}_firstname_middlename_lastname" <user${i}_firstname_middlename_lastname@test.com>,\r\n`
+                const line = ` "User${i}_fn_mn_ln" <user${i}_fn_mn_ln@test.com>,\r\n`
+                this.transaction.add_data(line)
+                buf += line
             }
-            self.transaction.add_data(
-                ' "Final User_firstname_middlename_lastname" <final_user_firstname_middlename_lastname@test.com>\r\n',
-            )
-            buffer +=
-                ' "Final User_firstname_middlename_lastname" <final_user_firstname_middlename_lastname@test.com>\r\n'
-            self.transaction.add_data('Message-ID: <Boundary_Marker_Test>\r\n')
-            buffer += 'Message-ID: <Boundary_Marker_Test>\r\n'
-            self.transaction.add_data('MIME-Version: 1.0\r\n')
-            buffer += 'MIME-Version: 1.0\r\n'
-            self.transaction.add_data('Date: Wed, 1 Jun 2022 16:44:39 +0530 (IST)\r\n')
-            buffer += 'Date: Wed, 1 Jun 2022 16:44:39 +0530 (IST)\r\n'
-            self.transaction.add_data('\r\n')
-            buffer += '\r\n'
-            self.transaction.add_data('--abcd\r\n')
-            buffer += '--abcd\r\n'
-            ;[
+            const last = ' "Final_User_fn_mn_ln" <final_user_fn_mn_ln@test.com>\r\n'
+            this.transaction.add_data(last)
+            buf += last
+            this.transaction.add_data('Message-ID: <Boundary_Marker_Test>\r\n')
+            buf += 'Message-ID: <Boundary_Marker_Test>\r\n'
+            this.transaction.add_data('MIME-Version: 1.0\r\n')
+            buf += 'MIME-Version: 1.0\r\n'
+            this.transaction.add_data('Date: Wed, 1 Jun 2022 16:44:39 +0530\r\n')
+            buf += 'Date: Wed, 1 Jun 2022 16:44:39 +0530\r\n'
+            this.transaction.add_data('\r\n')
+            buf += '\r\n'
+            this.transaction.add_data('--abcd\r\n')
+            buf += '--abcd\r\n'
+            const rest = [
                 'Content-Type: text/plain\r\n',
                 '\r\n',
                 'Text part\r\n',
@@ -237,33 +325,230 @@ describe('transaction', () => {
                 '\r\n',
                 '<p>HTML part</p>\r\n',
                 '--abcd--\r\n',
-            ].forEach((line) => {
-                self.transaction.add_data(line)
-                buffer += line
+            ]
+            for (const line of rest) {
+                this.transaction.add_data(line)
+                buf += line
+            }
+            await endData(this.transaction)
+            const body = await getData(this.transaction.message_stream)
+            assert.ok(body.includes(Buffer.from(buf)), 'message not damaged')
+        })
+    })
+    describe('remove_final_cr', () => {
+        const cases = [
+            { desc: 'empty buffer', input: '', expected: '' },
+            { desc: 'single byte', input: 'a', expected: 'a' },
+            { desc: 'CRLF ending stripped to LF', input: 'hello\r\n', expected: 'hello\n' },
+            { desc: 'LF-only ending unchanged', input: 'hello\n', expected: 'hello\n' },
+            { desc: 'no newline unchanged', input: 'hello', expected: 'hello' },
+            { desc: 'string input', input: 'hello\r\n', expected: 'hello\n' },
+        ]
+        for (const { desc, input, expected } of cases) {
+            it(desc, () => {
+                const result = this.transaction.remove_final_cr(Buffer.from(input))
+                assert.equal(result.toString(), expected)
             })
+        }
+    })
+    describe('add_dot_stuffing_and_ensure_crlf_newlines', () => {
+        const cases = [
+            { desc: 'empty string', input: '', expected: '' },
+            { desc: 'no dots or newlines', input: 'hello world', expected: 'hello world' },
+            { desc: 'bare LF becomes CRLF', input: 'hello\n', expected: 'hello\r\n' },
+            { desc: 'CRLF preserved', input: 'hello\r\n', expected: 'hello\r\n' },
+            { desc: 'leading dot stuffed', input: '.hello\n', expected: '..hello\r\n' },
+            { desc: 'mid-line dot not stuffed', input: 'hel.lo\n', expected: 'hel.lo\r\n' },
+            { desc: 'multi-line with leading dots', input: 'a\n.b\n', expected: 'a\r\n..b\r\n' },
+            { desc: 'dot after CRLF stuffed', input: 'a\r\n.b\n', expected: 'a\r\n..b\r\n' },
+        ]
-            this.transaction.end_data(function () {
-                self.transaction.message_stream.get_data(function (body) {
-                    assert.ok(body.includes(buffer), 'message is damaged')
-                    done()
-                })
+        for (const { desc, input, expected } of cases) {
+            it(desc, () => {
+                const result = this.transaction.add_dot_stuffing_and_ensure_crlf_newlines(Buffer.from(input))
+                assert.equal(result.toString(), expected)
             })
+        }
+    })
+    describe('header manipulation (post-data)', () => {
+        it('add_header appends a header', async () => {
+            addLines(this.transaction, ['Subject: original\n', '\n', 'body\n'])
+            await endData(this.transaction)
+            this.transaction.add_header('X-Test', 'added')
+            assert.deepEqual(this.transaction.header.get_all('X-Test'), ['added'])
+        })
+        it('add_leading_header prepends a header', async () => {
+            addLines(this.transaction, ['Subject: original\n', '\n', 'body\n'])
+            await endData(this.transaction)
+            this.transaction.add_leading_header('X-Lead', 'first')
+            assert.deepEqual(this.transaction.header.get_all('X-Lead'), ['first'])
+        })
+        it('remove_header removes a header', async () => {
+            addLines(this.transaction, ['X-Remove: gone\n', '\n', 'body\n'])
+            await endData(this.transaction)
+            this.transaction.remove_header('X-Remove')
+            assert.equal(this.transaction.header.get_all('X-Remove').length, 0)
+        })
+        it('add_header appears in message stream output', async () => {
+            addLines(this.transaction, ['Subject: original\n', '\n', 'body\n'])
+            await endData(this.transaction)
+            this.transaction.add_header('X-Added', 'yes')
+            const output = (await getData(this.transaction.message_stream)).toString()
+            assert.ok(output.includes('X-Added: yes'), 'added header in output')
+        })
+        it('remove_header absent from message stream output', async () => {
+            // Keep Subject so header_list stays non-empty after removal; the
+            // ctor-headers path then replaces raw headers, omitting X-Remove.
+            addLines(this.transaction, ['Subject: Keep\n', 'X-Remove: gone\n', '\n', 'body\n'])
+            await endData(this.transaction)
+            this.transaction.remove_header('X-Remove')
+            const output = (await getData(this.transaction.message_stream)).toString()
+            assert.ok(output.includes('Subject: Keep'), 'non-removed header present')
+            assert.ok(!output.includes('X-Remove'), 'removed header not in output')
+        })
+        it('folded continuation headers are merged into header_list', async () => {
+            addLines(this.transaction, [
+                'Subject: This is a very long\n',
+                ' subject line\n',
+                'From: foo@example.com\n',
+                '\n',
+                'body\n',
+            ])
+            await endData(this.transaction)
+            assert.ok(this.transaction.header.get('Subject').includes('long'), 'folded subject parsed')
+            assert.ok(this.transaction.header.get('From').includes('foo@example.com'), 'From parsed')
         })
     })
-})
-function write_file_data_to_transaction(test_transaction, filename) {
-    const specimen = fs.readFileSync(filename, 'utf8')
-    const matcher = /[^\n]*([\n]|$)/g
+    describe('pre-data header modifications (e.g. hook_mail / hook_rcpt)', () => {
+        it('add_header before data preserves all email headers', async () => {
+            // Simulates record_envelope_addresses which calls add_header in hook_mail/hook_rcpt
+            // before DATA is received. Must not corrupt header_pos.
+            this.transaction.add_header('X-Envelope-From', 'sender@example.com')
+            this.transaction.add_header('X-Envelope-To', 'rcpt@example.com')
-    let line
-    do {
-        line = matcher.exec(specimen)
-        if (line[0] == '') {
-            break
-        }
-        test_transaction.add_data(line[0])
-    } while (line[0] != '')
+            addLines(this.transaction, ['Subject: Test\r\n', 'From: sender@example.com\r\n', '\r\n', 'Body line 1\r\n'])
+            await endData(this.transaction)
-    test_transaction.end_data()
-}
+            const str = (await getData(this.transaction.message_stream)).toString()
+            assert.ok(str.includes('Subject: Test'), 'Subject preserved')
+            assert.ok(str.includes('From: sender@example.com'), 'From preserved')
+            assert.ok(str.includes('X-Envelope-From: sender@example.com'), 'pre-data header present')
+            assert.ok(str.includes('X-Envelope-To: rcpt@example.com'), 'pre-data header present')
+            assert.ok(str.includes('Body line 1'), 'body present')
+        })
+        it('add_leading_header before data does not corrupt header_pos', async () => {
+            this.transaction.add_leading_header('X-Early', 'value')
+            addLines(this.transaction, ['Subject: Check\r\n', '\r\n', 'body\r\n'])
+            await endData(this.transaction)
+            const str = (await getData(this.transaction.message_stream)).toString()
+            assert.ok(str.includes('Subject: Check'), 'Subject preserved after add_leading_header')
+            assert.ok(str.includes('X-Early: value'), 'pre-data leading header present')
+        })
+        it('remove_header before data does not corrupt header_pos', async () => {
+            // Calling remove_header before data arrives should be a no-op for header_pos
+            this.transaction.remove_header('X-Nonexistent')
+            addLines(this.transaction, ['Subject: Check\r\n', '\r\n', 'body\r\n'])
+            await endData(this.transaction)
+            const str = (await getData(this.transaction.message_stream)).toString()
+            assert.ok(str.includes('Subject: Check'), 'Subject preserved after pre-data remove_header')
+        })
+    })
+    describe('late header additions (post end_data)', () => {
+        it('late add_header to busted email appears before body', async () => {
+            addLines(this.transaction, ['Subject: Test\r\n', 'From: user@example.com\r\n', 'Body line 1\r\n'])
+            await endData(this.transaction)
+            this.transaction.add_header('X-Late', 'true')
+            const str = (await getData(this.transaction.message_stream)).toString()
+            assert.ok(str.includes('X-Late: true'), 'late header present')
+            assert.ok(str.indexOf('X-Late: true') < str.indexOf('Body line 1'), 'late header before body')
+        })
+        it('late add_header to clean email appears before body', async () => {
+            addLines(this.transaction, ['Subject: Clean\r\n', '\r\n', 'Body line 1\r\n'])
+            await endData(this.transaction)
+            this.transaction.add_header('X-Late', 'true')
+            const str = (await getData(this.transaction.message_stream)).toString()
+            assert.ok(str.includes('X-Late: true'), 'late header present')
+            assert.ok(str.indexOf('X-Late: true') < str.indexOf('Body line 1'), 'late header before body')
+        })
+    })
+    describe('incr_mime_count', () => {
+        it('increments mime_part_count', () => {
+            assert.equal(this.transaction.mime_part_count, 0)
+            this.transaction.incr_mime_count()
+            assert.equal(this.transaction.mime_part_count, 1)
+            this.transaction.incr_mime_count()
+            assert.equal(this.transaction.mime_part_count, 2)
+        })
+    })
+    describe('discard_data', () => {
+        it('end_data calls callback even when discard_data is true', async () => {
+            this.transaction.discard_data = true
+            addLines(this.transaction, ['Subject: test\n', '\n', 'body\n'])
+            await endData(this.transaction) // resolves → callback was called
+        })
+        it('discard_data with broken email (no separator) calls callback', async () => {
+            this.transaction.discard_data = true
+            addLines(this.transaction, ['Subject: test\n', 'From: a@b.com\n', 'Body\n'])
+            await endData(this.transaction)
+        })
+    })
+    describe('busted email (no header/body separator)', () => {
+        it('headers and body are extracted when separator is missing', async () => {
+            addLines(this.transaction, ['Subject: test\n', 'From: a@b.com\n', 'Body line 1\n'])
+            await endData(this.transaction)
+            assert.equal(this.transaction.header.get('Subject').trim(), 'test')
+            assert.equal(this.transaction.header.get('From').trim(), 'a@b.com')
+            const str = (await getData(this.transaction.message_stream)).toString()
+            assert.ok(str.includes('Subject: test'), 'Subject in output')
+            assert.ok(str.includes('Body line 1'), 'Body in output')
+        })
+        it('late add_header to busted email ends up before body in output', async () => {
+            addLines(this.transaction, ['Subject: Test\r\n', 'From: user@example.com\r\n', 'Body line 1\r\n'])
+            await endData(this.transaction)
+            this.transaction.add_header('X-Late', 'true')
+            const str = (await getData(this.transaction.message_stream)).toString()
+            assert.ok(str.includes('X-Late: true'), 'late header present')
+            assert.ok(str.indexOf('X-Late: true') < str.indexOf('Body line 1'), 'late header before body')
+        })
+    })
+    describe('parse_body enabled after separator', () => {
+        it('does not throw when parse_body set true after separator seen', async () => {
+            this.transaction.add_data('Subject: test\n')
+            this.transaction.add_data('\n')
+            this.transaction.parse_body = true
+            assert.doesNotThrow(() => this.transaction.add_data('body line\n'))
+            await endData(this.transaction)
+            assert.ok(this.transaction.body, 'body was lazily created')
+        })
+    })
+})