npm - Haraka - Versions diffs - 3.2.1 → 3.3.1 - Mend

Haraka 3.2.1 → 3.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (82) hide show

package/.githooks/pre-commit +41 -0
package/.prettierignore +1 -0
package/.qlty/.gitignore +7 -0
package/.qlty/configs/.shellcheckrc +1 -0
package/.qlty/qlty.toml +15 -0
package/CHANGELOG.md +29 -5
package/CONTRIBUTORS.md +5 -5
package/README.md +6 -3
package/bin/haraka +12 -4
package/config/connection.ini +6 -0
package/connection.js +67 -68
package/contrib/bsd-rc.d/haraka +2 -0
package/docs/CoreConfig.md +2 -0
package/docs/HAProxy.md +4 -1
package/eslint.config.mjs +2 -30
package/haraka.js +2 -2
package/line_socket.js +6 -33
package/outbound/hmail.js +18 -29
package/outbound/index.js +3 -3
package/outbound/queue.js +8 -5
package/package.json +49 -46
package/plugins/auth/auth_proxy.js +7 -4
package/plugins/block_me.js +1 -1
package/plugins/delay_deny.js +1 -1
package/plugins/queue/qmail-queue.js +1 -1
package/plugins/queue/quarantine.js +5 -5
package/plugins/queue/smtp_bridge.js +1 -1
package/plugins/queue/smtp_proxy.js +2 -2
package/plugins/status.js +2 -2
package/plugins/toobusy.js +1 -1
package/plugins.js +4 -3
package/server.js +172 -28
package/smtp_client.js +2 -1
package/test/connection.js +119 -2
package/test/fixtures/haproxy_allowed/config/connection.ini +3 -0
package/test/fixtures/haproxy_disabled/config/connection.ini +3 -0
package/test/fixtures/haproxy_untrusted/config/connection.ini +3 -0
package/test/fixtures/line_socket.js +1 -1
package/test/fixtures/util_hmailitem.js +2 -3
package/test/outbound/index.js +6 -7
package/test/outbound/qfile.js +1 -1
package/test/outbound/queue.js +2 -2
package/test/plugins/auth/auth_base.js +17 -17
package/test/plugins/auth/auth_bridge.js +3 -3
package/test/plugins/auth/auth_vpopmaild.js +3 -3
package/test/plugins/auth/flat_file.js +16 -21
package/test/plugins/block_me.js +7 -23
package/test/plugins/data.signatures.js +17 -20
package/test/plugins/delay_deny.js +3 -4
package/test/plugins/prevent_credential_leaks.js +17 -21
package/test/plugins/process_title.js +12 -6
package/test/plugins/queue/deliver.js +7 -8
package/test/plugins/queue/discard.js +3 -4
package/test/plugins/queue/lmtp.js +5 -6
package/test/plugins/queue/qmail-queue.js +7 -8
package/test/plugins/queue/quarantine.js +3 -4
package/test/plugins/queue/smtp_bridge.js +5 -7
package/test/plugins/queue/smtp_forward.js +49 -60
package/test/plugins/queue/smtp_proxy.js +6 -7
package/test/plugins/rcpt_to.host_list_base.js +6 -9
package/test/plugins/rcpt_to.in_host_list.js +6 -11
package/test/plugins/record_envelope_addresses.js +33 -60
package/test/plugins/reseed_rng.js +3 -3
package/test/plugins/status.js +4 -5
package/test/plugins/tarpit.js +3 -4
package/test/plugins/tls.js +3 -5
package/test/plugins/toobusy.js +186 -9
package/test/plugins/xclient.js +7 -4
package/test/server.js +425 -1
package/test/smtp_client.js +11 -18
package/test/tls_socket.js +3 -6
package/tls_socket.js +3 -3
package/transaction.js +3 -3
package/address.js +0 -53
package/endpoint.js +0 -96
package/host_pool.js +0 -169
package/outbound/fsync_writestream.js +0 -44
package/outbound/timer_queue.js +0 -86
package/rfc1869.js +0 -93
package/test/endpoint.js +0 -128
package/test/host_pool.js +0 -188
package/test/rfc1869.js +0 -89

package/test/plugins/auth/auth_base.js CHANGED Viewed

@@ -2,24 +2,24 @@
 const assert = require('node:assert')
 const { describe, it, beforeEach } = require('node:test')
-const { Address } = require('../../../address')
-const fixtures = require('haraka-test-fixtures')
+const { Address } = require('@haraka/email-address')
+const { makeConnection, makePlugin } = require('haraka-test-fixtures')
 const utils = require('haraka-utils')
 const _set_up = () => {
-    this.plugin = new fixtures.plugin('auth/auth_base')
+    this.plugin = makePlugin('auth/auth_base', { register: false })
     this.plugin.get_plain_passwd = (user, cb) => {
         if (user === 'test') return cb('testpass')
         return cb(null)
     }
-    this.connection = fixtures.connection.createConnection()
+    this.connection = makeConnection()
     this.connection.capabilities = null
 }
 const _set_up_2 = () => {
-    this.plugin = new fixtures.plugin('auth/auth_base')
+    this.plugin = makePlugin('auth/auth_base', { register: false })
     this.plugin.get_plain_passwd = (user, connection, cb) => {
         connection.notes.auth_custom_note = 'custom_note'
@@ -27,12 +27,12 @@ const _set_up_2 = () => {
         return cb(null)
     }
-    this.connection = fixtures.connection.createConnection()
+    this.connection = makeConnection()
     this.connection.capabilities = null
 }
 const _set_up_custom_pwcb_opts = () => {
-    this.plugin = new fixtures.plugin('auth/auth_base')
+    this.plugin = makePlugin('auth/auth_base', { register: false })
     this.plugin.check_plain_passwd = (connection, user, passwd, pwok_cb) => {
         switch (user) {
@@ -53,7 +53,7 @@ const _set_up_custom_pwcb_opts = () => {
         }
     }
-    this.connection = fixtures.connection.createConnection()
+    this.connection = makeConnection()
     this.connection.capabilities = null
     this.connection.notes.resp_strings = []
     this.connection.respond = (code, msg, cb) => {
@@ -266,7 +266,7 @@ describe('auth_base', () => {
         it('legacyok_nomessage', (t, done) => {
             this.plugin.check_user(
-                (code, msg) => {
+                (code) => {
                     assert.equal(code, OK)
                     assert.equal(this.connection.relaying, true)
                     assert.deepEqual(this.connection.notes.resp_strings, [[235, '2.7.0 Authentication successful']])
@@ -280,7 +280,7 @@ describe('auth_base', () => {
         it('legacyfail_nomessage', (t, done) => {
             this.plugin.check_user(
-                (code, msg) => {
+                (code) => {
                     assert.equal(code, OK)
                     assert.equal(this.connection.relaying, false)
                     assert.deepEqual(this.connection.notes.resp_strings, [[535, '5.7.8 Authentication failed']])
@@ -294,7 +294,7 @@ describe('auth_base', () => {
         it('legacyok_message', (t, done) => {
             this.plugin.check_user(
-                (code, msg) => {
+                (code) => {
                     assert.equal(code, OK)
                     assert.equal(this.connection.relaying, true)
                     assert.deepEqual(this.connection.notes.resp_strings, [[235, 'GREAT SUCCESS']])
@@ -308,7 +308,7 @@ describe('auth_base', () => {
         it('legacyfail_message', (t, done) => {
             this.plugin.check_user(
-                (code, msg) => {
+                (code) => {
                     assert.equal(code, OK)
                     assert.equal(this.connection.relaying, false)
                     assert.deepEqual(this.connection.notes.resp_strings, [[535, 'FAIL 123']])
@@ -322,7 +322,7 @@ describe('auth_base', () => {
         it('newok', (t, done) => {
             this.plugin.check_user(
-                (code, msg) => {
+                (code) => {
                     assert.equal(code, OK)
                     assert.equal(this.connection.relaying, true)
                     assert.deepEqual(this.connection.notes.resp_strings, [[215, 'KOKOKO']])
@@ -336,7 +336,7 @@ describe('auth_base', () => {
         it('newfail', (t, done) => {
             this.plugin.check_user(
-                (code, msg) => {
+                (code) => {
                     assert.equal(code, OK)
                     assert.equal(this.connection.relaying, false)
                     assert.deepEqual(this.connection.notes.resp_strings, [[555, 'OHOHOH']])
@@ -355,7 +355,7 @@ describe('auth_base', () => {
         it('bad auth: no notes should be set', (t, done) => {
             const credentials = ['matt', 'ttam']
             this.plugin.check_user(
-                (code) => {
+                () => {
                     assert.equal(this.connection.notes.auth_user, undefined)
                     assert.equal(this.connection.notes.auth_passwd, undefined)
                     done()
@@ -370,7 +370,7 @@ describe('auth_base', () => {
             const creds = ['test', 'testpass']
             this.plugin.blankout_password = true
             this.plugin.check_user(
-                (code) => {
+                () => {
                     assert.equal(this.connection.notes.auth_user, creds[0])
                     assert.equal(this.connection.notes.auth_passwd, undefined)
                     done()
@@ -384,7 +384,7 @@ describe('auth_base', () => {
         it('good auth: store password (default)', (t, done) => {
             const creds = ['test', 'testpass']
             this.plugin.check_user(
-                (code) => {
+                () => {
                     assert.equal(this.connection.notes.auth_user, creds[0])
                     assert.equal(this.connection.notes.auth_passwd, creds[1])
                     done()

package/test/plugins/auth/auth_bridge.js CHANGED Viewed

@@ -3,13 +3,13 @@
 const assert = require('node:assert')
 const { describe, it, beforeEach } = require('node:test')
-const fixtures = require('haraka-test-fixtures')
+const { makeConnection, makePlugin } = require('haraka-test-fixtures')
 describe('auth/auth_bridge', () => {
     let plugin
     beforeEach(() => {
-        plugin = new fixtures.plugin('auth/auth_bridge')
+        plugin = makePlugin('auth/auth_bridge', { register: false })
         plugin.load_flat_ini()
     })
@@ -28,7 +28,7 @@ describe('auth/auth_bridge', () => {
         let conn
         beforeEach(() => {
-            conn = fixtures.connection.createConnection()
+            conn = makeConnection()
         })
         it('calls try_auth_proxy with just host when no port configured', (t, done) => {

package/test/plugins/auth/auth_vpopmaild.js CHANGED Viewed

@@ -4,19 +4,19 @@ const assert = require('node:assert/strict')
 const path = require('node:path')
 const { describe, it, beforeEach } = require('node:test')
-const fixtures = require('haraka-test-fixtures')
+const { makeConnection, makePlugin } = require('haraka-test-fixtures')
 const _set_up = () => {
     this.backup = {}
-    this.plugin = new fixtures.plugin('auth/auth_vpopmaild')
+    this.plugin = makePlugin('auth/auth_vpopmaild', { register: false })
     this.plugin.inherits('auth/auth_base')
     // reset the config/root_path
     this.plugin.config.root_path = path.resolve(__dirname, '../../../config')
     this.plugin.cfg = this.plugin.config.get('auth_vpopmaild.ini')
-    this.connection = fixtures.connection.createConnection()
+    this.connection = makeConnection()
     this.connection.capabilities = null
 }

package/test/plugins/auth/flat_file.js CHANGED Viewed

@@ -3,22 +3,13 @@
 const assert = require('node:assert')
 const { describe, it, beforeEach } = require('node:test')
-const fixtures = require('haraka-test-fixtures')
-function makeConnection(opts = {}) {
-    const conn = fixtures.connection.createConnection()
-    conn.capabilities = []
-    conn.notes.allowed_auth_methods = []
-    conn.remote = { is_private: opts.is_private ?? false }
-    conn.tls = { enabled: opts.tls_enabled ?? false }
-    return conn
-}
+const { callHook, makeConnection, makePlugin } = require('haraka-test-fixtures')
 describe('auth/flat_file', () => {
     let plugin
     beforeEach(() => {
-        plugin = new fixtures.plugin('auth/flat_file')
+        plugin = makePlugin('auth/flat_file', { register: false })
         plugin.inherits('auth/auth_base')
         plugin.load_flat_ini()
     })
@@ -39,55 +30,59 @@ describe('auth/flat_file', () => {
         beforeEach(() => {
             conn = makeConnection()
+            conn.capabilities = []
+            conn.notes.allowed_auth_methods = []
+            conn.remote.is_private = false
+            conn.tls.enabled = false
         })
         it('skips for public non-TLS connection', (t, done) => {
-            plugin.hook_capabilities((rc) => {
+            callHook(plugin, 'hook_capabilities', conn).then(({ rc }) => {
                 assert.equal(rc, undefined)
                 assert.equal(conn.capabilities.length, 0)
                 done()
-            }, conn)
+            })
         })
         it('adds AUTH methods for private connection (non-TLS)', (t, done) => {
             conn.remote.is_private = true
             plugin.cfg.core.methods = 'PLAIN,LOGIN'
-            plugin.hook_capabilities((rc) => {
+            callHook(plugin, 'hook_capabilities', conn).then(({ rc }) => {
                 assert.equal(rc, undefined)
                 assert.ok(
                     conn.capabilities.some((c) => c.startsWith('AUTH ')),
                     'AUTH capability should be present',
                 )
                 done()
-            }, conn)
+            })
         })
         it('adds AUTH methods when TLS is enabled', (t, done) => {
             conn.tls.enabled = true
             plugin.cfg.core.methods = 'PLAIN,LOGIN'
-            plugin.hook_capabilities((rc) => {
+            callHook(plugin, 'hook_capabilities', conn).then(({ rc }) => {
                 assert.equal(rc, undefined)
                 assert.ok(conn.capabilities.some((c) => c.startsWith('AUTH ')))
                 done()
-            }, conn)
+            })
         })
         it('sets allowed_auth_methods on connection notes', (t, done) => {
             conn.tls.enabled = true
             plugin.cfg.core.methods = 'PLAIN,LOGIN'
-            plugin.hook_capabilities(() => {
+            callHook(plugin, 'hook_capabilities', conn).then(() => {
                 assert.deepEqual(conn.notes.allowed_auth_methods, ['PLAIN', 'LOGIN'])
                 done()
-            }, conn)
+            })
         })
         it('does not add AUTH when no methods configured', (t, done) => {
             conn.tls.enabled = true
             plugin.cfg.core.methods = null
-            plugin.hook_capabilities(() => {
+            callHook(plugin, 'hook_capabilities', conn).then(() => {
                 assert.equal(conn.capabilities.length, 0)
                 done()
-            }, conn)
+            })
         })
     })

package/test/plugins/block_me.js CHANGED Viewed

@@ -5,8 +5,7 @@ const path = require('node:path')
 const assert = require('node:assert/strict')
 const { describe, it, beforeEach, after } = require('node:test')
-const fixtures = require('haraka-test-fixtures')
-const { Address } = require('@haraka/email-address')
+const { makeConnection, makePlugin } = require('haraka-test-fixtures')
 require('haraka-constants').import(global)
 // block_me appends to <config>/mail_from.blocklist when a sender is blocked;
@@ -15,20 +14,6 @@ after(() => {
     fs.rmSync(path.resolve('test/config/mail_from.blocklist'), { force: true })
 })
-function makeConnection({
-    relaying = false,
-    mailFrom = 'sender@example.com',
-    rcptTo = ['blocklist@example.com'],
-} = {}) {
-    const conn = fixtures.connection.createConnection()
-    conn.init_transaction()
-    conn.relaying = relaying
-    conn.transaction.mail_from = new Address(`<${mailFrom}>`)
-    conn.transaction.rcpt_to = rcptTo.map((r) => new Address(`<${r}>`))
-    conn.transaction.body = { bodytext: '', children: [] }
-    return conn
-}
 describe('block_me', () => {
     let plugin
@@ -36,13 +21,12 @@ describe('block_me', () => {
     // than the real config dir. block_me also appends matched senders to
     // mail_from.blocklist; with this override that write lands in test/config too.
     beforeEach(() => {
-        plugin = new fixtures.plugin('block_me')
-        plugin.config = plugin.config.module_config(path.resolve('test'))
+        plugin = makePlugin('block_me', { register: false, configDir: 'test' })
     })
     describe('hook_data', () => {
         it('enables body parsing and calls next', (t, done) => {
-            const conn = makeConnection()
+            const conn = makeConnection({ withTxn: true })
             conn.transaction.parse_body = false
             plugin.hook_data((rc) => {
                 assert.equal(rc, undefined)
@@ -54,7 +38,7 @@ describe('block_me', () => {
     describe('hook_data_post', () => {
         it('calls next when not relaying', (t, done) => {
-            const conn = makeConnection({ relaying: false })
+            const conn = makeConnection({ withTxn: true })
             plugin.hook_data_post((rc) => {
                 assert.equal(rc, undefined)
                 done()
@@ -62,7 +46,7 @@ describe('block_me', () => {
         })
         it('calls next when transaction is missing', (t, done) => {
-            const conn = fixtures.connection.createConnection()
+            const conn = makeConnection()
             conn.relaying = true
             conn.transaction = null
             plugin.hook_data_post((rc) => {
@@ -138,7 +122,7 @@ describe('block_me', () => {
     describe('hook_queue', () => {
         it('returns OK when block_me note is set on transaction', (t, done) => {
-            const conn = makeConnection()
+            const conn = makeConnection({ withTxn: true })
             conn.transaction.notes.block_me = 1
             plugin.hook_queue((rc) => {
                 assert.equal(rc, OK)
@@ -147,7 +131,7 @@ describe('block_me', () => {
         })
         it('calls next when block_me note is not set', (t, done) => {
-            const conn = makeConnection()
+            const conn = makeConnection({ withTxn: true })
             plugin.hook_queue((rc) => {
                 assert.equal(rc, undefined)
                 done()

package/test/plugins/data.signatures.js CHANGED Viewed

@@ -3,26 +3,19 @@
 const assert = require('node:assert/strict')
 const { describe, it, beforeEach } = require('node:test')
-const fixtures = require('haraka-test-fixtures')
+const { makeConnection, makePlugin } = require('haraka-test-fixtures')
 require('haraka-constants').import(global)
-function makeConnection(bodytext = '', children = []) {
-    const conn = fixtures.connection.createConnection()
-    conn.init_transaction()
-    conn.transaction.body = { bodytext, children }
-    return conn
-}
 describe('data.signatures', () => {
     let plugin
     beforeEach(() => {
-        plugin = new fixtures.plugin('data.signatures')
+        plugin = makePlugin('data.signatures', { register: false })
     })
     describe('hook_data', () => {
         it('enables body parsing', (t, done) => {
-            const conn = makeConnection()
+            const conn = makeConnection({ withTxn: true })
             conn.transaction.parse_body = false
             plugin.hook_data((rc) => {
                 assert.equal(rc, undefined)
@@ -32,7 +25,7 @@ describe('data.signatures', () => {
         })
         it('calls next when there is no transaction', (t, done) => {
-            const conn = fixtures.connection.createConnection()
+            const conn = makeConnection()
             conn.transaction = null
             plugin.hook_data((rc) => {
                 assert.equal(rc, undefined)
@@ -43,7 +36,7 @@ describe('data.signatures', () => {
     describe('hook_data_post', () => {
         it('calls next when there is no transaction', (t, done) => {
-            const conn = fixtures.connection.createConnection()
+            const conn = makeConnection()
             conn.transaction = null
             plugin.hook_data_post((rc) => {
                 assert.equal(rc, undefined)
@@ -53,7 +46,8 @@ describe('data.signatures', () => {
         it('calls next when signature list is empty', (t, done) => {
             plugin.config.get = (name, type) => (type === 'list' ? [] : {})
-            const conn = makeConnection('This is some email body text')
+            const conn = makeConnection({ withTxn: true })
+            conn.transaction.body = { bodytext: 'This is some email body text', children: [] }
             plugin.hook_data_post((rc) => {
                 assert.equal(rc, undefined)
                 done()
@@ -62,7 +56,8 @@ describe('data.signatures', () => {
         it('denies when body matches a signature', (t, done) => {
             plugin.config.get = (name, type) => (type === 'list' ? ['spam_signature_text'] : {})
-            const conn = makeConnection('Buy cheap meds! spam_signature_text here')
+            const conn = makeConnection({ withTxn: true })
+            conn.transaction.body = { bodytext: 'Buy cheap meds! spam_signature_text here', children: [] }
             plugin.hook_data_post((rc, msg) => {
                 assert.equal(rc, DENY)
                 assert.ok(msg.includes('spam'))
@@ -72,7 +67,8 @@ describe('data.signatures', () => {
         it('calls next when body does not match any signature', (t, done) => {
             plugin.config.get = (name, type) => (type === 'list' ? ['bad_pattern'] : {})
-            const conn = makeConnection('Totally normal email body')
+            const conn = makeConnection({ withTxn: true })
+            conn.transaction.body = { bodytext: 'Totally normal email body', children: [] }
             plugin.hook_data_post((rc) => {
                 assert.equal(rc, undefined)
                 done()
@@ -81,13 +77,12 @@ describe('data.signatures', () => {
         it('denies when a child body part matches a signature', (t, done) => {
             plugin.config.get = (name, type) => (type === 'list' ? ['spam_in_child'] : {})
-            const conn = fixtures.connection.createConnection()
-            conn.init_transaction()
+            const conn = makeConnection({ withTxn: true })
             conn.transaction.body = {
                 bodytext: 'clean parent text',
                 children: [{ bodytext: 'spam_in_child content here', children: [] }],
             }
-            plugin.hook_data_post((rc, msg) => {
+            plugin.hook_data_post((rc) => {
                 assert.equal(rc, DENY)
                 done()
             }, conn)
@@ -95,7 +90,8 @@ describe('data.signatures', () => {
         it('calls next when multiple signatures do not match', (t, done) => {
             plugin.config.get = (name, type) => (type === 'list' ? ['sig_one', 'sig_two', 'sig_three'] : {})
-            const conn = makeConnection('No matching signatures here at all')
+            const conn = makeConnection({ withTxn: true })
+            conn.transaction.body = { bodytext: 'No matching signatures here at all', children: [] }
             plugin.hook_data_post((rc) => {
                 assert.equal(rc, undefined)
                 done()
@@ -104,7 +100,8 @@ describe('data.signatures', () => {
         it('matches the first of multiple signatures', (t, done) => {
             plugin.config.get = (name, type) => (type === 'list' ? ['no_match', 'buy_cheap_pills'] : {})
-            const conn = makeConnection('This message has buy_cheap_pills for you')
+            const conn = makeConnection({ withTxn: true })
+            conn.transaction.body = { bodytext: 'This message has buy_cheap_pills for you', children: [] }
             plugin.hook_data_post((rc) => {
                 assert.equal(rc, DENY)
                 done()

package/test/plugins/delay_deny.js CHANGED Viewed

@@ -3,7 +3,7 @@
 const assert = require('node:assert/strict')
 const { describe, it, beforeEach } = require('node:test')
-const fixtures = require('haraka-test-fixtures')
+const { makeConnection, makePlugin } = require('haraka-test-fixtures')
 require('haraka-constants').import(global)
 // params layout: [code, msg, pi_name, pi_function, pi_params, pi_hook]
@@ -15,10 +15,9 @@ describe('delay_deny', () => {
     let plugin, conn
     beforeEach(() => {
-        plugin = new fixtures.plugin('delay_deny')
+        plugin = makePlugin('delay_deny', { register: false })
         plugin.config.get = () => ({ main: {} })
-        conn = fixtures.connection.createConnection()
-        conn.init_transaction()
+        conn = makeConnection({ withTxn: true })
     })
     describe('hook_deny', () => {

package/test/plugins/prevent_credential_leaks.js CHANGED Viewed

@@ -3,12 +3,11 @@
 const assert = require('node:assert/strict')
 const { describe, it, beforeEach } = require('node:test')
-const fixtures = require('haraka-test-fixtures')
+const { makeConnection, makePlugin } = require('haraka-test-fixtures')
 require('haraka-constants').import(global)
-function makeConnection({ authUser, authPasswd, bodytext = '', children = [] } = {}) {
-    const conn = fixtures.connection.createConnection()
-    conn.init_transaction()
+function buildConnection({ authUser, authPasswd, bodytext = '', children = [] } = {}) {
+    const conn = makeConnection({ withTxn: true })
     if (authUser) conn.notes.auth_user = authUser
     if (authPasswd) conn.notes.auth_passwd = authPasswd
     conn.transaction.body = { bodytext, children }
@@ -19,12 +18,12 @@ describe('prevent_credential_leaks', () => {
     let plugin
     beforeEach(() => {
-        plugin = new fixtures.plugin('prevent_credential_leaks')
+        plugin = makePlugin('prevent_credential_leaks', { register: false })
     })
     describe('hook_data', () => {
         it('does not enable parse_body when no auth credentials', (t, done) => {
-            const conn = makeConnection()
+            const conn = buildConnection()
             conn.transaction.parse_body = false
             plugin.hook_data((rc) => {
                 assert.equal(rc, undefined)
@@ -34,7 +33,7 @@ describe('prevent_credential_leaks', () => {
         })
         it('enables parse_body when both auth_user and auth_passwd are present', (t, done) => {
-            const conn = makeConnection({ authUser: 'user@example.com', authPasswd: 'secret' })
+            const conn = buildConnection({ authUser: 'user@example.com', authPasswd: 'secret' })
             conn.transaction.parse_body = false
             plugin.hook_data((rc) => {
                 assert.equal(rc, undefined)
@@ -44,7 +43,7 @@ describe('prevent_credential_leaks', () => {
         })
         it('does not enable parse_body when only auth_user is set', (t, done) => {
-            const conn = makeConnection({ authUser: 'user@example.com' })
+            const conn = buildConnection({ authUser: 'user@example.com' })
             conn.transaction.parse_body = false
             plugin.hook_data((rc) => {
                 assert.equal(rc, undefined)
@@ -55,8 +54,7 @@ describe('prevent_credential_leaks', () => {
         it('handles missing connection gracefully', (t, done) => {
             // Simulate a null-ish connection by calling with empty notes
-            const conn = fixtures.connection.createConnection()
-            conn.init_transaction()
+            const conn = makeConnection({ withTxn: true })
             conn.notes = {}
             plugin.hook_data((rc) => {
                 assert.equal(rc, undefined)
@@ -67,7 +65,7 @@ describe('prevent_credential_leaks', () => {
     describe('hook_data_post', () => {
         it('calls next when no auth credentials are set', (t, done) => {
-            const conn = makeConnection({ bodytext: 'user@example.com secret123' })
+            const conn = buildConnection({ bodytext: 'user@example.com secret123' })
             plugin.hook_data_post((rc) => {
                 assert.equal(rc, undefined)
                 done()
@@ -75,7 +73,7 @@ describe('prevent_credential_leaks', () => {
         })
         it('calls next when only auth_user is set (no password)', (t, done) => {
-            const conn = makeConnection({ authUser: 'user@example.com', bodytext: 'user@example.com' })
+            const conn = buildConnection({ authUser: 'user@example.com', bodytext: 'user@example.com' })
             plugin.hook_data_post((rc) => {
                 assert.equal(rc, undefined)
                 done()
@@ -83,7 +81,7 @@ describe('prevent_credential_leaks', () => {
         })
         it('calls next when body contains neither username nor password', (t, done) => {
-            const conn = makeConnection({
+            const conn = buildConnection({
                 authUser: 'alice@example.com',
                 authPasswd: 'mypassword',
                 bodytext: 'Hello, this is a clean email with no credentials.',
@@ -95,7 +93,7 @@ describe('prevent_credential_leaks', () => {
         })
         it('calls next when body contains username but not password', (t, done) => {
-            const conn = makeConnection({
+            const conn = buildConnection({
                 authUser: 'alice@example.com',
                 authPasswd: 'mypassword',
                 bodytext: 'Contact alice@example.com for more info.',
@@ -107,7 +105,7 @@ describe('prevent_credential_leaks', () => {
         })
         it('denies when body contains both username and password', (t, done) => {
-            const conn = makeConnection({
+            const conn = buildConnection({
                 authUser: 'alice@example.com',
                 authPasswd: 'mypassword',
                 bodytext: 'Please send your login: alice and password: mypassword to activate.',
@@ -120,8 +118,7 @@ describe('prevent_credential_leaks', () => {
         })
         it('denies when credentials appear in a child body part', (t, done) => {
-            const conn = fixtures.connection.createConnection()
-            conn.init_transaction()
+            const conn = makeConnection({ withTxn: true })
             conn.notes.auth_user = 'bob@example.com'
             conn.notes.auth_passwd = 's3cr3t'
             conn.transaction.body = {
@@ -135,7 +132,7 @@ describe('prevent_credential_leaks', () => {
         })
         it('handles qualified username (user@domain) by making domain optional', (t, done) => {
-            const conn = makeConnection({
+            const conn = buildConnection({
                 authUser: 'carol@corp.example.com',
                 authPasswd: 'pass123',
                 bodytext: 'carol pass123 credentials',
@@ -149,7 +146,7 @@ describe('prevent_credential_leaks', () => {
         it('unqualified username (no @) is not split into a partial match', (t, done) => {
             // Bug: `if (idx)` with idx === -1 treated 'admin' as qualified,
             // splitting it to user='admi' which then matches 'admiral'.
-            const conn = makeConnection({
+            const conn = buildConnection({
                 authUser: 'admin',
                 authPasswd: 'pw',
                 bodytext: 'the admiral said pw today',
@@ -161,8 +158,7 @@ describe('prevent_credential_leaks', () => {
         })
         it('calls next when credentials appear in neither top nor child', (t, done) => {
-            const conn = fixtures.connection.createConnection()
-            conn.init_transaction()
+            const conn = makeConnection({ withTxn: true })
             conn.notes.auth_user = 'dave@example.com'
             conn.notes.auth_passwd = 'xyzzy'
             conn.transaction.body = {