aiplang 2.0.0 → 2.1.0

package/server/node_modules/nodemailer/lib/smtp-connection/index.js

@@ -0,0 +1,1903 @@
+'use strict';
+
+const packageInfo = require('../../package.json');
+const { EventEmitter } = require('events');
+const net = require('net');
+const tls = require('tls');
+const os = require('os');
+const crypto = require('crypto');
+const DataStream = require('./data-stream');
+const { PassThrough } = require('stream');
+const shared = require('../shared');
+
+// default timeout values in ms
+const CONNECTION_TIMEOUT = 2 * 60 * 1000; // how much to wait for the connection to be established
+const SOCKET_TIMEOUT = 10 * 60 * 1000; // how much to wait for socket inactivity before disconnecting the client
+const GREETING_TIMEOUT = 30 * 1000; // how much to wait after connection is established but SMTP greeting is not receieved
+const DNS_TIMEOUT = 30 * 1000; // how much to wait for resolveHostname
+const TEARDOWN_NOOP = () => {}; // reusable no-op handler for absorbing errors during socket teardown
+
+/**
+ * Generates a SMTP connection object
+ *
+ * Optional options object takes the following possible properties:
+ *
+ *  * **port** - is the port to connect to (defaults to 587 or 465)
+ *  * **host** - is the hostname or IP address to connect to (defaults to 'localhost')
+ *  * **secure** - use SSL
+ *  * **ignoreTLS** - ignore server support for STARTTLS
+ *  * **requireTLS** - forces the client to use STARTTLS
+ *  * **name** - the name of the client server
+ *  * **localAddress** - outbound address to bind to (see: http://nodejs.org/api/net.html#net_net_connect_options_connectionlistener)
+ *  * **greetingTimeout** - Time to wait in ms until greeting message is received from the server (defaults to 10000)
+ *  * **connectionTimeout** - how many milliseconds to wait for the connection to establish
+ *  * **socketTimeout** - Time of inactivity until the connection is closed (defaults to 1 hour)
+ *  * **dnsTimeout** - Time to wait in ms for the DNS requests to be resolved (defaults to 30 seconds)
+ *  * **lmtp** - if true, uses LMTP instead of SMTP protocol
+ *  * **logger** - bunyan compatible logger interface
+ *  * **debug** - if true pass SMTP traffic to the logger
+ *  * **tls** - options for createCredentials
+ *  * **socket** - existing socket to use instead of creating a new one (see: http://nodejs.org/api/net.html#net_class_net_socket)
+ *  * **secured** - boolean indicates that the provided socket has already been upgraded to tls
+ *
+ * @constructor
+ * @namespace SMTP Client module
+ * @param {Object} [options] Option properties
+ */
+class SMTPConnection extends EventEmitter {
+    constructor(options) {
+        super(options);
+
+        this.id = crypto.randomBytes(8).toString('base64').replace(/\W/g, '');
+        this.stage = 'init';
+
+        this.options = options || {};
+
+        this.secureConnection = !!this.options.secure;
+        this.alreadySecured = !!this.options.secured;
+
+        this.port = Number(this.options.port) || (this.secureConnection ? 465 : 587);
+        this.host = this.options.host || 'localhost';
+
+        this.servername = this.options.servername ? this.options.servername : !net.isIP(this.host) ? this.host : false;
+
+        this.allowInternalNetworkInterfaces = this.options.allowInternalNetworkInterfaces || false;
+
+        if (typeof this.options.secure === 'undefined' && this.port === 465) {
+            // if secure option is not set but port is 465, then default to secure
+            this.secureConnection = true;
+        }
+
+        this.name = this.options.name || this._getHostname();
+
+        this.logger = shared.getLogger(this.options, {
+            component: this.options.component || 'smtp-connection',
+            sid: this.id
+        });
+
+        this.customAuth = new Map();
+        for (const key of Object.keys(this.options.customAuth || {})) {
+            const mapKey = (key || '').toString().trim().toUpperCase();
+            if (mapKey) {
+                this.customAuth.set(mapKey, this.options.customAuth[key]);
+            }
+        }
+
+        /**
+         * Expose version nr, just for the reference
+         * @type {String}
+         */
+        this.version = packageInfo.version;
+
+        /**
+         * If true, then the user is authenticated
+         * @type {Boolean}
+         */
+        this.authenticated = false;
+
+        /**
+         * If set to true, this instance is no longer active
+         * @private
+         */
+        this.destroyed = false;
+
+        /**
+         * Defines if the current connection is secure or not. If not,
+         * STARTTLS can be used if available
+         * @private
+         */
+        this.secure = !!this.secureConnection;
+
+        /**
+         * Store incomplete messages coming from the server
+         * @private
+         */
+        this._remainder = '';
+
+        /**
+         * Unprocessed responses from the server
+         * @type {Array}
+         */
+        this._responseQueue = [];
+
+        this.lastServerResponse = false;
+
+        /**
+         * The socket connecting to the server
+         * @public
+         */
+        this._socket = false;
+
+        /**
+         * Lists supported auth mechanisms
+         * @private
+         */
+        this._supportedAuth = [];
+
+        /**
+         * Set to true, if EHLO response includes "AUTH".
+         * If false then authentication is not tried
+         */
+        this.allowsAuth = false;
+
+        /**
+         * Includes current envelope (from, to)
+         * @private
+         */
+        this._envelope = false;
+
+        /**
+         * Lists supported extensions
+         * @private
+         */
+        this._supportedExtensions = [];
+
+        /**
+         * Defines the maximum allowed size for a single message
+         * @private
+         */
+        this._maxAllowedSize = 0;
+
+        /**
+         * Function queue to run if a data chunk comes from the server
+         * @private
+         */
+        this._responseActions = [];
+        this._recipientQueue = [];
+
+        /**
+         * Timeout variable for waiting the greeting
+         * @private
+         */
+        this._greetingTimeout = false;
+
+        /**
+         * Timeout variable for waiting the connection to start
+         * @private
+         */
+        this._connectionTimeout = false;
+
+        /**
+         * If the socket is deemed already closed
+         * @private
+         */
+        this._destroyed = false;
+
+        /**
+         * If the socket is already being closed
+         * @private
+         */
+        this._closing = false;
+
+        /**
+         * Callbacks for socket's listeners
+         */
+        this._onSocketData = chunk => this._onData(chunk);
+        this._onSocketError = error => this._onError(error, 'ESOCKET', false, 'CONN');
+        this._onSocketClose = () => this._onClose();
+        this._onSocketEnd = () => this._onEnd();
+        this._onSocketTimeout = () => this._onTimeout();
+
+        /**
+         * Connection-phase error handler (supports fallback to alternative addresses)
+         */
+        this._onConnectionSocketError = err => this._onConnectionError(err, 'ESOCKET');
+
+        /**
+         * Connection attempt counter for fallback race condition protection
+         * @private
+         */
+        this._connectionAttemptId = 0;
+    }
+
+    /**
+     * Creates a connection to a SMTP server and sets up connection
+     * listener
+     */
+    connect(connectCallback) {
+        if (typeof connectCallback === 'function') {
+            this.once('connect', () => {
+                this.logger.debug(
+                    {
+                        tnx: 'smtp'
+                    },
+                    'SMTP handshake finished'
+                );
+                connectCallback();
+            });
+
+            const isDestroyedMessage = this._isDestroyedMessage('connect');
+            if (isDestroyedMessage) {
+                return connectCallback(this._formatError(isDestroyedMessage, 'ECONNECTION', false, 'CONN'));
+            }
+        }
+
+        let opts = {
+            port: this.port,
+            host: this.host,
+            allowInternalNetworkInterfaces: this.allowInternalNetworkInterfaces,
+            timeout: this.options.dnsTimeout || DNS_TIMEOUT
+        };
+
+        if (this.options.localAddress) {
+            opts.localAddress = this.options.localAddress;
+        }
+
+        if (this.options.connection) {
+            // connection is already opened
+            this._socket = this.options.connection;
+            this._setupConnectionHandlers();
+
+            if (this.secureConnection && !this.alreadySecured) {
+                setImmediate(() =>
+                    this._upgradeConnection(err => {
+                        if (err) {
+                            this._onError(new Error('Error initiating TLS - ' + (err.message || err)), 'ETLS', false, 'CONN');
+                            return;
+                        }
+                        this._onConnect();
+                    })
+                );
+            } else {
+                setImmediate(() => this._onConnect());
+            }
+            return;
+        } else if (this.options.socket) {
+            // socket object is set up but not yet connected
+            this._socket = this.options.socket;
+            return this._resolveAndConnect(opts, _resolved => {
+                try {
+                    this._socket.connect(this.port, this.host, () => {
+                        this._socket.setKeepAlive(true);
+                        this._onConnect();
+                    });
+                    this._setupConnectionHandlers();
+                } catch (E) {
+                    return setImmediate(() => this._onError(E, 'ECONNECTION', false, 'CONN'));
+                }
+            });
+        } else {
+            if (this.secureConnection) {
+                Object.assign(opts, this.options.tls || {});
+
+                // ensure servername for SNI
+                if (this.servername && !opts.servername) {
+                    opts.servername = this.servername;
+                }
+            }
+
+            return this._resolveAndConnect(opts, resolved => {
+                // Store fallback addresses for retry on connection failure
+                this._fallbackAddresses = (resolved._addresses || []).filter(addr => addr !== opts.host);
+                this._connectOpts = Object.assign({}, opts);
+
+                this._connectToHost(opts, this.secureConnection);
+            });
+        }
+    }
+
+    /**
+     * Resolves the hostname and applies resolved values to opts,
+     * then calls the provided callback with the resolved data
+     *
+     * @param {Object} opts Connection options (modified in place)
+     * @param {Function} callback Called with resolved data on success
+     */
+    _resolveAndConnect(opts, callback) {
+        return shared.resolveHostname(opts, (err, resolved) => {
+            if (err) {
+                return setImmediate(() => this._onError(err, 'EDNS', false, 'CONN'));
+            }
+            this.logger.debug(
+                {
+                    tnx: 'dns',
+                    source: opts.host,
+                    resolved: resolved.host,
+                    cached: !!resolved.cached
+                },
+                'Resolved %s as %s [cache %s]',
+                opts.host,
+                resolved.host,
+                resolved.cached ? 'hit' : 'miss'
+            );
+            for (const key of Object.keys(resolved)) {
+                if (key.charAt(0) !== '_' && resolved[key]) {
+                    opts[key] = resolved[key];
+                }
+            }
+            callback(resolved);
+        });
+    }
+
+    /**
+     * Attempts to connect to the specified host address
+     *
+     * @param {Object} opts Connection options
+     * @param {Boolean} secure Whether to use TLS
+     */
+    _connectToHost(opts, secure) {
+        this._connectionAttemptId++;
+        const currentAttemptId = this._connectionAttemptId;
+
+        const connectFn = secure ? tls.connect : net.connect;
+        try {
+            this._socket = connectFn(opts, () => {
+                // Ignore callback if this is a stale connection attempt
+                if (this._connectionAttemptId !== currentAttemptId) {
+                    return;
+                }
+                this._socket.setKeepAlive(true);
+                this._onConnect();
+            });
+            this._setupConnectionHandlers();
+        } catch (E) {
+            return setImmediate(() => this._onError(E, 'ECONNECTION', false, 'CONN'));
+        }
+    }
+
+    /**
+     * Sets up connection timeout and error handlers
+     */
+    _setupConnectionHandlers() {
+        this._connectionTimeout = setTimeout(() => {
+            this._onConnectionError('Connection timeout', 'ETIMEDOUT');
+        }, this.options.connectionTimeout || CONNECTION_TIMEOUT);
+
+        this._socket.on('error', this._onConnectionSocketError);
+    }
+
+    /**
+     * Handles connection errors with fallback to alternative addresses
+     *
+     * @param {Error|String} err Error object or message
+     * @param {String} code Error code
+     */
+    _onConnectionError(err, code) {
+        clearTimeout(this._connectionTimeout);
+
+        // Check if we have fallback addresses to try
+        const canFallback = this._fallbackAddresses && this._fallbackAddresses.length && this.stage === 'init' && !this._destroyed;
+
+        if (!canFallback) {
+            // No more fallback addresses, report the error
+            this._onError(err, code, false, 'CONN');
+            return;
+        }
+
+        const nextHost = this._fallbackAddresses.shift();
+
+        this.logger.info(
+            {
+                tnx: 'network',
+                failedHost: this._connectOpts.host,
+                nextHost,
+                error: err.message || err
+            },
+            'Connection to %s failed, trying %s',
+            this._connectOpts.host,
+            nextHost
+        );
+
+        // Clean up current socket
+        if (this._socket) {
+            try {
+                this._socket.removeListener('error', this._onConnectionSocketError);
+                this._socket.destroy();
+            } catch (_E) {
+                // ignore
+            }
+            this._socket = null;
+        }
+
+        // Update host and retry
+        this._connectOpts.host = nextHost;
+        this._connectToHost(this._connectOpts, this.secureConnection);
+    }
+
+    /**
+     * Sends QUIT
+     */
+    quit() {
+        this._sendCommand('QUIT');
+        this._responseActions.push(this.close);
+    }
+
+    /**
+     * Closes the connection to the server
+     */
+    close() {
+        clearTimeout(this._connectionTimeout);
+        clearTimeout(this._greetingTimeout);
+        this._responseActions = [];
+
+        // allow to run this function only once
+        if (this._closing) {
+            return;
+        }
+        this._closing = true;
+
+        const closeMethod = this.stage === 'init' ? 'destroy' : 'end';
+
+        this.logger.debug(
+            {
+                tnx: 'smtp'
+            },
+            'Closing connection to the server using "%s"',
+            closeMethod
+        );
+
+        const socket = (this._socket && this._socket.socket) || this._socket;
+
+        if (socket && !socket.destroyed) {
+            try {
+                // Clear socket timeout to prevent timer leaks
+                socket.setTimeout(0);
+                // Remove all listeners to allow proper garbage collection
+                socket.removeListener('data', this._onSocketData);
+                socket.removeListener('timeout', this._onSocketTimeout);
+                socket.removeListener('close', this._onSocketClose);
+                socket.removeListener('end', this._onSocketEnd);
+                socket.removeListener('error', this._onSocketError);
+                socket.removeListener('error', this._onConnectionSocketError);
+                // Absorb errors that may fire during socket teardown (e.g. server
+                // sending cleartext after TLS shutdown triggers ERR_SSL_BAD_RECORD_TYPE)
+                socket.on('error', TEARDOWN_NOOP);
+                socket[closeMethod]();
+            } catch (_E) {
+                // just ignore
+            }
+        }
+
+        this._destroy();
+    }
+
+    /**
+     * Authenticate user
+     */
+    login(authData, callback) {
+        const isDestroyedMessage = this._isDestroyedMessage('login');
+        if (isDestroyedMessage) {
+            return callback(this._formatError(isDestroyedMessage, 'ECONNECTION', false, 'API'));
+        }
+
+        this._auth = authData || {};
+        // Select SASL authentication method
+        this._authMethod = (this._auth.method || '').toString().trim().toUpperCase() || false;
+
+        if (!this._authMethod && this._auth.oauth2 && !this._auth.credentials) {
+            this._authMethod = 'XOAUTH2';
+        } else if (!this._authMethod || (this._authMethod === 'XOAUTH2' && !this._auth.oauth2)) {
+            // use first supported
+            this._authMethod = (this._supportedAuth[0] || 'PLAIN').toUpperCase().trim();
+        }
+
+        if (this._authMethod !== 'XOAUTH2' && (!this._auth.credentials || !this._auth.credentials.user || !this._auth.credentials.pass)) {
+            if ((this._auth.user && this._auth.pass) || this.customAuth.has(this._authMethod)) {
+                this._auth.credentials = {
+                    user: this._auth.user,
+                    pass: this._auth.pass,
+                    options: this._auth.options
+                };
+            } else {
+                return callback(this._formatError('Missing credentials for "' + this._authMethod + '"', 'EAUTH', false, 'API'));
+            }
+        }
+
+        if (this.customAuth.has(this._authMethod)) {
+            const handler = this.customAuth.get(this._authMethod);
+            let lastResponse;
+            let returned = false;
+
+            const resolve = () => {
+                if (returned) {
+                    return;
+                }
+                returned = true;
+                this.logger.info(
+                    {
+                        tnx: 'smtp',
+                        username: this._auth.user,
+                        action: 'authenticated',
+                        method: this._authMethod
+                    },
+                    'User %s authenticated',
+                    JSON.stringify(this._auth.user)
+                );
+                this.authenticated = true;
+                callback(null, true);
+            };
+
+            const reject = err => {
+                if (returned) {
+                    return;
+                }
+                returned = true;
+                callback(this._formatError(err, 'EAUTH', lastResponse, 'AUTH ' + this._authMethod));
+            };
+
+            const handlerResponse = handler({
+                auth: this._auth,
+                method: this._authMethod,
+
+                extensions: [].concat(this._supportedExtensions),
+                authMethods: [].concat(this._supportedAuth),
+                maxAllowedSize: this._maxAllowedSize || false,
+
+                sendCommand: (cmd, done) => {
+                    let promise;
+
+                    if (!done) {
+                        promise = new Promise((resolve, reject) => {
+                            done = shared.callbackPromise(resolve, reject);
+                        });
+                    }
+
+                    this._responseActions.push(str => {
+                        lastResponse = str;
+
+                        let codes = str.match(/^(\d+)(?:\s(\d+\.\d+\.\d+))?\s/);
+                        let data = {
+                            command: cmd,
+                            response: str
+                        };
+                        if (codes) {
+                            data.status = Number(codes[1]) || 0;
+                            if (codes[2]) {
+                                data.code = codes[2];
+                            }
+                            data.text = str.substr(codes[0].length);
+                        } else {
+                            data.text = str;
+                            data.status = 0; // just in case we need to perform numeric comparisons
+                        }
+                        done(null, data);
+                    });
+                    setImmediate(() => this._sendCommand(cmd));
+
+                    return promise;
+                },
+
+                resolve,
+                reject
+            });
+
+            if (handlerResponse && typeof handlerResponse.catch === 'function') {
+                // a promise was returned
+                handlerResponse.then(resolve).catch(reject);
+            }
+
+            return;
+        }
+
+        switch (this._authMethod) {
+            case 'XOAUTH2':
+                this._handleXOauth2Token(false, callback);
+                return;
+            case 'LOGIN':
+                this._responseActions.push(str => {
+                    this._actionAUTH_LOGIN_USER(str, callback);
+                });
+                this._sendCommand('AUTH LOGIN');
+                return;
+            case 'PLAIN':
+                this._responseActions.push(str => {
+                    this._actionAUTHComplete(str, callback);
+                });
+                this._sendCommand(
+                    'AUTH PLAIN ' +
+                        Buffer.from(
+                            //this._auth.user+'\u0000'+
+                            '\u0000' + // skip authorization identity as it causes problems with some servers
+                                this._auth.credentials.user +
+                                '\u0000' +
+                                this._auth.credentials.pass,
+                            'utf-8'
+                        ).toString('base64'),
+                    // log entry without passwords
+                    'AUTH PLAIN ' +
+                        Buffer.from(
+                            //this._auth.user+'\u0000'+
+                            '\u0000' + // skip authorization identity as it causes problems with some servers
+                                this._auth.credentials.user +
+                                '\u0000' +
+                                '/* secret */',
+                            'utf-8'
+                        ).toString('base64')
+                );
+                return;
+            case 'CRAM-MD5':
+                this._responseActions.push(str => {
+                    this._actionAUTH_CRAM_MD5(str, callback);
+                });
+                this._sendCommand('AUTH CRAM-MD5');
+                return;
+        }
+
+        return callback(this._formatError('Unknown authentication method "' + this._authMethod + '"', 'EAUTH', false, 'API'));
+    }
+
+    /**
+     * Sends a message
+     *
+     * @param {Object} envelope Envelope object, {from: addr, to: [addr]}
+     * @param {Object} message String, Buffer or a Stream
+     * @param {Function} callback Callback to return once sending is completed
+     */
+    send(envelope, message, done) {
+        if (!message) {
+            return done(this._formatError('Empty message', 'EMESSAGE', false, 'API'));
+        }
+
+        const isDestroyedMessage = this._isDestroyedMessage('send message');
+        if (isDestroyedMessage) {
+            return done(this._formatError(isDestroyedMessage, 'ECONNECTION', false, 'API'));
+        }
+
+        // reject larger messages than allowed
+        if (this._maxAllowedSize && envelope.size > this._maxAllowedSize) {
+            return setImmediate(() => {
+                done(this._formatError('Message size larger than allowed ' + this._maxAllowedSize, 'EMESSAGE', false, 'MAIL FROM'));
+            });
+        }
+
+        // ensure that callback is only called once
+        let returned = false;
+        const callback = function () {
+            if (returned) {
+                return;
+            }
+            returned = true;
+
+            done(...arguments);
+        };
+
+        if (typeof message.on === 'function') {
+            message.on('error', err => callback(this._formatError(err, 'ESTREAM', false, 'API')));
+        }
+
+        const startTime = Date.now();
+        this._setEnvelope(envelope, (err, info) => {
+            if (err) {
+                // create passthrough stream to consume to prevent OOM
+                const stream = new PassThrough();
+                if (typeof message.pipe === 'function') {
+                    message.pipe(stream);
+                } else {
+                    stream.write(message);
+                    stream.end();
+                }
+
+                return callback(err);
+            }
+            const envelopeTime = Date.now();
+            const stream = this._createSendStream((err, str) => {
+                if (err) {
+                    return callback(err);
+                }
+
+                info.envelopeTime = envelopeTime - startTime;
+                info.messageTime = Date.now() - envelopeTime;
+                info.messageSize = stream.outByteCount;
+                info.response = str;
+
+                return callback(null, info);
+            });
+            if (typeof message.pipe === 'function') {
+                message.pipe(stream);
+            } else {
+                stream.write(message);
+                stream.end();
+            }
+        });
+    }
+
+    /**
+     * Resets connection state
+     *
+     * @param {Function} callback Callback to return once connection is reset
+     */
+    reset(callback) {
+        this._sendCommand('RSET');
+        this._responseActions.push(str => {
+            if (str.charAt(0) !== '2') {
+                return callback(this._formatError('Could not reset session state. response=' + str, 'EPROTOCOL', str, 'RSET'));
+            }
+            this._envelope = false;
+            return callback(null, true);
+        });
+    }
+
+    /**
+     * Connection listener that is run when the connection to
+     * the server is opened
+     *
+     * @event
+     */
+    _onConnect() {
+        clearTimeout(this._connectionTimeout);
+
+        this.logger.info(
+            {
+                tnx: 'network',
+                localAddress: this._socket.localAddress,
+                localPort: this._socket.localPort,
+                remoteAddress: this._socket.remoteAddress,
+                remotePort: this._socket.remotePort
+            },
+            '%s established to %s:%s',
+            this.secure ? 'Secure connection' : 'Connection',
+            this._socket.remoteAddress,
+            this._socket.remotePort
+        );
+
+        if (this._destroyed) {
+            // Connection was established after we already had canceled it
+            this.close();
+            return;
+        }
+
+        this.stage = 'connected';
+
+        // clear existing listeners for the socket
+        this._socket.removeListener('data', this._onSocketData);
+        this._socket.removeListener('timeout', this._onSocketTimeout);
+        this._socket.removeListener('close', this._onSocketClose);
+        this._socket.removeListener('end', this._onSocketEnd);
+        // Switch from connection-phase error handler to normal error handler
+        this._socket.removeListener('error', this._onConnectionSocketError);
+
+        this._socket.on('error', this._onSocketError);
+        this._socket.on('data', this._onSocketData);
+        this._socket.once('close', this._onSocketClose);
+        this._socket.once('end', this._onSocketEnd);
+
+        this._socket.setTimeout(this.options.socketTimeout || SOCKET_TIMEOUT);
+        this._socket.on('timeout', this._onSocketTimeout);
+
+        this._greetingTimeout = setTimeout(() => {
+            // if still waiting for greeting, give up
+            if (this._socket && !this._destroyed && this._responseActions[0] === this._actionGreeting) {
+                this._onError('Greeting never received', 'ETIMEDOUT', false, 'CONN');
+            }
+        }, this.options.greetingTimeout || GREETING_TIMEOUT);
+
+        this._responseActions.push(this._actionGreeting);
+
+        // we have a 'data' listener set up so resume socket if it was paused
+        this._socket.resume();
+    }
+
+    /**
+     * 'data' listener for data coming from the server
+     *
+     * @event
+     * @param {Buffer} chunk Data chunk coming from the server
+     */
+    _onData(chunk) {
+        if (this._destroyed || !chunk || !chunk.length) {
+            return;
+        }
+
+        let data = (chunk || '').toString('binary');
+        let lines = (this._remainder + data).split(/\r?\n/);
+        let lastline;
+
+        this._remainder = lines.pop();
+
+        for (let i = 0, len = lines.length; i < len; i++) {
+            if (this._responseQueue.length) {
+                lastline = this._responseQueue[this._responseQueue.length - 1];
+                if (/^\d+-/.test(lastline.split('\n').pop())) {
+                    this._responseQueue[this._responseQueue.length - 1] += '\n' + lines[i];
+                    continue;
+                }
+            }
+            this._responseQueue.push(lines[i]);
+        }
+
+        if (this._responseQueue.length) {
+            lastline = this._responseQueue[this._responseQueue.length - 1];
+            if (/^\d+-/.test(lastline.split('\n').pop())) {
+                return;
+            }
+        }
+
+        this._processResponse();
+    }
+
+    /**
+     * 'error' listener for the socket
+     *
+     * @event
+     * @param {Error} err Error object
+     * @param {String} type Error name
+     */
+    _onError(err, type, data, command) {
+        clearTimeout(this._connectionTimeout);
+        clearTimeout(this._greetingTimeout);
+
+        if (this._destroyed) {
+            // just ignore, already closed
+            // this might happen when a socket is canceled because of reached timeout
+            // but the socket timeout error itself receives only after
+            return;
+        }
+
+        err = this._formatError(err, type, data, command);
+
+        const transientCodes = ['ETIMEDOUT', 'ESOCKET', 'ECONNECTION'];
+        if (transientCodes.includes(err.code)) {
+            this.logger.warn(data, err.message);
+        } else {
+            this.logger.error(data, err.message);
+        }
+
+        this.emit('error', err);
+        this.close();
+    }
+
+    _formatError(message, type, response, command) {
+        let err;
+
+        if (/Error\]$/i.test(Object.prototype.toString.call(message))) {
+            err = message;
+        } else {
+            err = new Error(message);
+        }
+
+        if (type && type !== 'Error') {
+            err.code = type;
+        }
+
+        if (response) {
+            err.response = response;
+            err.message += ': ' + response;
+        }
+
+        const responseCode = (typeof response === 'string' && Number((response.match(/^\d+/) || [])[0])) || false;
+        if (responseCode) {
+            err.responseCode = responseCode;
+        }
+
+        if (command) {
+            err.command = command;
+        }
+
+        return err;
+    }
+
+    /**
+     * 'close' listener for the socket
+     *
+     * @event
+     */
+    _onClose() {
+        let serverResponse = false;
+
+        if (this._remainder && this._remainder.trim()) {
+            if (this.options.debug || this.options.transactionLog) {
+                this.logger.debug(
+                    {
+                        tnx: 'server'
+                    },
+                    this._remainder.replace(/\r?\n$/, '')
+                );
+            }
+            this.lastServerResponse = serverResponse = this._remainder.trim();
+        }
+
+        this.logger.info(
+            {
+                tnx: 'network'
+            },
+            'Connection closed'
+        );
+
+        if (this.upgrading && !this._destroyed) {
+            return this._onError(new Error('Connection closed unexpectedly'), 'ETLS', serverResponse, 'CONN');
+        } else if (![this._actionGreeting, this.close].includes(this._responseActions[0]) && !this._destroyed) {
+            return this._onError(new Error('Connection closed unexpectedly'), 'ECONNECTION', serverResponse, 'CONN');
+        } else if (/^[45]\d{2}\b/.test(serverResponse)) {
+            return this._onError(new Error('Connection closed unexpectedly'), 'ECONNECTION', serverResponse, 'CONN');
+        }
+
+        this._destroy();
+    }
+
+    /**
+     * 'end' listener for the socket
+     *
+     * @event
+     */
+    _onEnd() {
+        if (this._socket && !this._socket.destroyed) {
+            this._socket.destroy();
+        }
+    }
+
+    /**
+     * 'timeout' listener for the socket
+     *
+     * @event
+     */
+    _onTimeout() {
+        return this._onError(new Error('Timeout'), 'ETIMEDOUT', false, 'CONN');
+    }
+
+    /**
+     * Destroys the client, emits 'end'
+     */
+    _destroy() {
+        if (this._destroyed) {
+            return;
+        }
+        this._destroyed = true;
+        this.emit('end');
+    }
+
+    /**
+     * Upgrades the connection to TLS
+     *
+     * @param {Function} callback Callback function to run when the connection
+     *        has been secured
+     */
+    _upgradeConnection(callback) {
+        // do not remove all listeners or it breaks node v0.10 as there's
+        // apparently a 'finish' event set that would be cleared as well
+
+        // we can safely keep 'error', 'end', 'close' etc. events
+        this._socket.removeListener('data', this._onSocketData); // incoming data is going to be gibberish from this point onwards
+        this._socket.removeListener('timeout', this._onSocketTimeout); // timeout will be re-set for the new socket object
+
+        const socketPlain = this._socket;
+        const opts = Object.assign(
+            {
+                socket: this._socket,
+                host: this.host
+            },
+            this.options.tls || {}
+        );
+
+        // ensure servername for SNI
+        if (this.servername && !opts.servername) {
+            opts.servername = this.servername;
+        }
+
+        this.upgrading = true;
+        // tls.connect is not an asynchronous function however it may still throw errors and requires to be wrapped with try/catch
+        try {
+            this._socket = tls.connect(opts, () => {
+                this.secure = true;
+                this.upgrading = false;
+                this._socket.on('data', this._onSocketData);
+
+                // Remove all listeners from the plain socket to allow proper garbage collection
+                socketPlain.removeListener('close', this._onSocketClose);
+                socketPlain.removeListener('end', this._onSocketEnd);
+                socketPlain.removeListener('error', this._onSocketError);
+
+                return callback(null, true);
+            });
+        } catch (err) {
+            return callback(err);
+        }
+
+        this._socket.on('error', this._onSocketError);
+        this._socket.once('close', this._onSocketClose);
+        this._socket.once('end', this._onSocketEnd);
+
+        this._socket.setTimeout(this.options.socketTimeout || SOCKET_TIMEOUT); // 10 min.
+        this._socket.on('timeout', this._onSocketTimeout);
+
+        // resume in case the socket was paused
+        socketPlain.resume();
+    }
+
+    /**
+     * Processes queued responses from the server
+     *
+     * @param {Boolean} force If true, ignores _processing flag
+     */
+    _processResponse() {
+        if (!this._responseQueue.length) {
+            return false;
+        }
+
+        let str = (this.lastServerResponse = (this._responseQueue.shift() || '').toString());
+
+        if (/^\d+-/.test(str.split('\n').pop())) {
+            // keep waiting for the final part of multiline response
+            return;
+        }
+
+        if (this.options.debug || this.options.transactionLog) {
+            this.logger.debug(
+                {
+                    tnx: 'server'
+                },
+                str.replace(/\r?\n$/, '')
+            );
+        }
+
+        if (!str.trim()) {
+            // skip unexpected empty lines
+            setImmediate(() => this._processResponse());
+        }
+
+        const action = this._responseActions.shift();
+
+        if (typeof action === 'function') {
+            action.call(this, str);
+            setImmediate(() => this._processResponse());
+        } else {
+            return this._onError(new Error('Unexpected Response'), 'EPROTOCOL', str, 'CONN');
+        }
+    }
+
+    /**
+     * Send a command to the server, append \r\n
+     *
+     * @param {String} str String to be sent to the server
+     * @param {String} logStr Optional string to be used for logging instead of the actual string
+     */
+    _sendCommand(str, logStr) {
+        if (this._destroyed) {
+            // Connection already closed, can't send any more data
+            return;
+        }
+
+        if (this._socket.destroyed) {
+            return this.close();
+        }
+
+        if (this.options.debug || this.options.transactionLog) {
+            this.logger.debug(
+                {
+                    tnx: 'client'
+                },
+                (logStr || str || '').toString().replace(/\r?\n$/, '')
+            );
+        }
+
+        this._socket.write(Buffer.from(str + '\r\n', 'utf-8'));
+    }
+
+    /**
+     * Initiates a new message by submitting envelope data, starting with
+     * MAIL FROM: command
+     *
+     * @param {Object} envelope Envelope object in the form of
+     *        {from:'...', to:['...']}
+     *        or
+     *        {from:{address:'...',name:'...'}, to:[address:'...',name:'...']}
+     */
+    _setEnvelope(envelope, callback) {
+        const args = [];
+        let useSmtpUtf8 = false;
+
+        this._envelope = envelope || {};
+        this._envelope.from = ((this._envelope.from && this._envelope.from.address) || this._envelope.from || '').toString().trim();
+
+        this._envelope.to = [].concat(this._envelope.to || []).map(to => ((to && to.address) || to || '').toString().trim());
+
+        if (!this._envelope.to.length) {
+            return callback(this._formatError('No recipients defined', 'EENVELOPE', false, 'API'));
+        }
+
+        if (this._envelope.from && /[\r\n<>]/.test(this._envelope.from)) {
+            return callback(this._formatError('Invalid sender ' + JSON.stringify(this._envelope.from), 'EENVELOPE', false, 'API'));
+        }
+
+        // check if the sender address uses only ASCII characters,
+        // otherwise require usage of SMTPUTF8 extension
+        if (/[\x80-\uFFFF]/.test(this._envelope.from)) {
+            useSmtpUtf8 = true;
+        }
+
+        for (let i = 0, len = this._envelope.to.length; i < len; i++) {
+            if (!this._envelope.to[i] || /[\r\n<>]/.test(this._envelope.to[i])) {
+                return callback(this._formatError('Invalid recipient ' + JSON.stringify(this._envelope.to[i]), 'EENVELOPE', false, 'API'));
+            }
+
+            // check if the recipients addresses use only ASCII characters,
+            // otherwise require usage of SMTPUTF8 extension
+            if (/[\x80-\uFFFF]/.test(this._envelope.to[i])) {
+                useSmtpUtf8 = true;
+            }
+        }
+
+        // clone the recipients array for latter manipulation
+        this._envelope.rcptQueue = [].concat(this._envelope.to || []);
+        this._envelope.rejected = [];
+        this._envelope.rejectedErrors = [];
+        this._envelope.accepted = [];
+
+        if (this._envelope.dsn) {
+            try {
+                this._envelope.dsn = this._setDsnEnvelope(this._envelope.dsn);
+            } catch (err) {
+                return callback(this._formatError('Invalid DSN ' + err.message, 'EENVELOPE', false, 'API'));
+            }
+        }
+
+        this._responseActions.push(str => {
+            this._actionMAIL(str, callback);
+        });
+
+        // If the server supports SMTPUTF8 and the envelope includes an internationalized
+        // email address then append SMTPUTF8 keyword to the MAIL FROM command
+        if (useSmtpUtf8 && this._supportedExtensions.includes('SMTPUTF8')) {
+            args.push('SMTPUTF8');
+            this._usingSmtpUtf8 = true;
+        }
+
+        // If the server supports 8BITMIME and the message might contain non-ascii bytes
+        // then append the 8BITMIME keyword to the MAIL FROM command
+        if (this._envelope.use8BitMime && this._supportedExtensions.includes('8BITMIME')) {
+            args.push('BODY=8BITMIME');
+            this._using8BitMime = true;
+        }
+
+        if (this._envelope.size && this._supportedExtensions.includes('SIZE')) {
+            args.push('SIZE=' + this._envelope.size);
+        }
+
+        // If the server supports DSN and the envelope includes an DSN prop
+        // then append DSN params to the MAIL FROM command
+        if (this._envelope.dsn && this._supportedExtensions.includes('DSN')) {
+            if (this._envelope.dsn.ret) {
+                args.push('RET=' + shared.encodeXText(this._envelope.dsn.ret));
+            }
+            if (this._envelope.dsn.envid) {
+                args.push('ENVID=' + shared.encodeXText(this._envelope.dsn.envid));
+            }
+        }
+
+        // RFC 8689: If the envelope requests REQUIRETLS extension
+        // then append REQUIRETLS keyword to the MAIL FROM command
+        // Note: REQUIRETLS can only be used over TLS connections and requires server support
+        if (this._envelope.requireTLSExtensionEnabled) {
+            if (!this.secure) {
+                return callback(
+                    this._formatError('REQUIRETLS can only be used over TLS connections (RFC 8689)', 'EREQUIRETLS', false, 'MAIL FROM')
+                );
+            }
+            if (!this._supportedExtensions.includes('REQUIRETLS')) {
+                return callback(
+                    this._formatError('Server does not support REQUIRETLS extension (RFC 8689)', 'EREQUIRETLS', false, 'MAIL FROM')
+                );
+            }
+            args.push('REQUIRETLS');
+        }
+
+        this._sendCommand('MAIL FROM:<' + this._envelope.from + '>' + (args.length ? ' ' + args.join(' ') : ''));
+    }
+
+    _setDsnEnvelope(params) {
+        let ret = (params.ret || params.return || '').toString().toUpperCase() || null;
+        if (ret) {
+            switch (ret) {
+                case 'HDRS':
+                case 'HEADERS':
+                    ret = 'HDRS';
+                    break;
+                case 'FULL':
+                case 'BODY':
+                    ret = 'FULL';
+                    break;
+            }
+        }
+
+        if (ret && !['FULL', 'HDRS'].includes(ret)) {
+            throw new Error('ret: ' + JSON.stringify(ret));
+        }
+
+        const envid = (params.envid || params.id || '').toString() || null;
+
+        let notify = params.notify || null;
+        if (notify) {
+            if (typeof notify === 'string') {
+                notify = notify.split(',');
+            }
+            notify = notify.map(n => n.trim().toUpperCase());
+            const validNotify = ['NEVER', 'SUCCESS', 'FAILURE', 'DELAY'];
+            const invalidNotify = notify.filter(n => !validNotify.includes(n));
+            if (invalidNotify.length || (notify.length > 1 && notify.includes('NEVER'))) {
+                throw new Error('notify: ' + JSON.stringify(notify.join(',')));
+            }
+            notify = notify.join(',');
+        }
+
+        let orcpt = (params.recipient || params.orcpt || '').toString() || null;
+        if (orcpt && orcpt.indexOf(';') < 0) {
+            orcpt = 'rfc822;' + orcpt;
+        }
+
+        return {
+            ret,
+            envid,
+            notify,
+            orcpt
+        };
+    }
+
+    _getDsnRcptToArgs() {
+        const args = [];
+        // If the server supports DSN and the envelope includes an DSN prop
+        // then append DSN params to the RCPT TO command
+        if (this._envelope.dsn && this._supportedExtensions.includes('DSN')) {
+            if (this._envelope.dsn.notify) {
+                args.push('NOTIFY=' + shared.encodeXText(this._envelope.dsn.notify));
+            }
+            if (this._envelope.dsn.orcpt) {
+                args.push('ORCPT=' + shared.encodeXText(this._envelope.dsn.orcpt));
+            }
+        }
+        return args.length ? ' ' + args.join(' ') : '';
+    }
+
+    _createSendStream(callback) {
+        const dataStream = new DataStream();
+
+        if (this.options.lmtp) {
+            this._envelope.accepted.forEach((recipient, i) => {
+                const final = i === this._envelope.accepted.length - 1;
+                this._responseActions.push(str => {
+                    this._actionLMTPStream(recipient, final, str, callback);
+                });
+            });
+        } else {
+            this._responseActions.push(str => {
+                this._actionSMTPStream(str, callback);
+            });
+        }
+
+        dataStream.pipe(this._socket, {
+            end: false
+        });
+
+        if (this.options.debug) {
+            const logStream = new PassThrough();
+            logStream.on('readable', () => {
+                let chunk;
+                while ((chunk = logStream.read())) {
+                    this.logger.debug(
+                        {
+                            tnx: 'message'
+                        },
+                        chunk.toString('binary').replace(/\r?\n$/, '')
+                    );
+                }
+            });
+            dataStream.pipe(logStream);
+        }
+
+        dataStream.once('end', () => {
+            this.logger.info(
+                {
+                    tnx: 'message',
+                    inByteCount: dataStream.inByteCount,
+                    outByteCount: dataStream.outByteCount
+                },
+                '<%s bytes encoded mime message (source size %s bytes)>',
+                dataStream.outByteCount,
+                dataStream.inByteCount
+            );
+        });
+
+        return dataStream;
+    }
+
+    /** ACTIONS **/
+
+    /**
+     * Will be run after the connection is created and the server sends
+     * a greeting. If the incoming message starts with 220 initiate
+     * SMTP session by sending EHLO command
+     *
+     * @param {String} str Message from the server
+     */
+    _actionGreeting(str) {
+        clearTimeout(this._greetingTimeout);
+
+        if (str.substr(0, 3) !== '220') {
+            this._onError(new Error('Invalid greeting. response=' + str), 'EPROTOCOL', str, 'CONN');
+            return;
+        }
+
+        if (this.options.lmtp) {
+            this._responseActions.push(this._actionLHLO);
+            this._sendCommand('LHLO ' + this.name);
+        } else {
+            this._responseActions.push(this._actionEHLO);
+            this._sendCommand('EHLO ' + this.name);
+        }
+    }
+
+    /**
+     * Handles server response for LHLO command. If it yielded in
+     * error, emit 'error', otherwise treat this as an EHLO response
+     *
+     * @param {String} str Message from the server
+     */
+    _actionLHLO(str) {
+        if (str.charAt(0) !== '2') {
+            this._onError(new Error('Invalid LHLO. response=' + str), 'EPROTOCOL', str, 'LHLO');
+            return;
+        }
+
+        this._actionEHLO(str);
+    }
+
+    /**
+     * Handles server response for EHLO command. If it yielded in
+     * error, try HELO instead, otherwise initiate TLS negotiation
+     * if STARTTLS is supported by the server or move into the
+     * authentication phase.
+     *
+     * @param {String} str Message from the server
+     */
+    _actionEHLO(str) {
+        let match;
+
+        if (str.substr(0, 3) === '421') {
+            this._onError(new Error('Server terminates connection. response=' + str), 'ECONNECTION', str, 'EHLO');
+            return;
+        }
+
+        if (str.charAt(0) !== '2') {
+            if (this.options.requireTLS) {
+                this._onError(
+                    new Error('EHLO failed but HELO does not support required STARTTLS. response=' + str),
+                    'ECONNECTION',
+                    str,
+                    'EHLO'
+                );
+                return;
+            }
+
+            // Try HELO instead
+            this._responseActions.push(this._actionHELO);
+            this._sendCommand('HELO ' + this.name);
+            return;
+        }
+
+        this._ehloLines = str
+            .split(/\r?\n/)
+            .map(line => line.replace(/^\d+[ -]/, '').trim())
+            .filter(line => line)
+            .slice(1);
+
+        // Detect if the server supports STARTTLS
+        if (!this.secure && !this.options.ignoreTLS && (/[ -]STARTTLS\b/im.test(str) || this.options.requireTLS)) {
+            this._sendCommand('STARTTLS');
+            this._responseActions.push(this._actionSTARTTLS);
+            return;
+        }
+
+        // Detect if the server supports SMTPUTF8
+        if (/[ -]SMTPUTF8\b/im.test(str)) {
+            this._supportedExtensions.push('SMTPUTF8');
+        }
+
+        // Detect if the server supports DSN
+        if (/[ -]DSN\b/im.test(str)) {
+            this._supportedExtensions.push('DSN');
+        }
+
+        // Detect if the server supports 8BITMIME
+        if (/[ -]8BITMIME\b/im.test(str)) {
+            this._supportedExtensions.push('8BITMIME');
+        }
+
+        // Detect if the server supports REQUIRETLS (RFC 8689)
+        if (/[ -]REQUIRETLS\b/im.test(str)) {
+            this._supportedExtensions.push('REQUIRETLS');
+        }
+
+        // Detect if the server supports PIPELINING
+        if (/[ -]PIPELINING\b/im.test(str)) {
+            this._supportedExtensions.push('PIPELINING');
+        }
+
+        // Detect if the server supports AUTH
+        if (/[ -]AUTH\b/i.test(str)) {
+            this.allowsAuth = true;
+        }
+
+        // Detect if the server supports PLAIN auth
+        if (/[ -]AUTH(?:(\s+|=)[^\n]*\s+|\s+|=)PLAIN/i.test(str)) {
+            this._supportedAuth.push('PLAIN');
+        }
+
+        // Detect if the server supports LOGIN auth
+        if (/[ -]AUTH(?:(\s+|=)[^\n]*\s+|\s+|=)LOGIN/i.test(str)) {
+            this._supportedAuth.push('LOGIN');
+        }
+
+        // Detect if the server supports CRAM-MD5 auth
+        if (/[ -]AUTH(?:(\s+|=)[^\n]*\s+|\s+|=)CRAM-MD5/i.test(str)) {
+            this._supportedAuth.push('CRAM-MD5');
+        }
+
+        // Detect if the server supports XOAUTH2 auth
+        if (/[ -]AUTH(?:(\s+|=)[^\n]*\s+|\s+|=)XOAUTH2/i.test(str)) {
+            this._supportedAuth.push('XOAUTH2');
+        }
+
+        // Detect if the server supports SIZE extensions (and the max allowed size)
+        if ((match = str.match(/[ -]SIZE(?:[ \t]+(\d+))?/im))) {
+            this._supportedExtensions.push('SIZE');
+            this._maxAllowedSize = Number(match[1]) || 0;
+        }
+
+        this.emit('connect');
+    }
+
+    /**
+     * Handles server response for HELO command. If it yielded in
+     * error, emit 'error', otherwise move into the authentication phase.
+     *
+     * @param {String} str Message from the server
+     */
+    _actionHELO(str) {
+        if (str.charAt(0) !== '2') {
+            this._onError(new Error('Invalid HELO. response=' + str), 'EPROTOCOL', str, 'HELO');
+            return;
+        }
+
+        // assume that authentication is enabled (most probably is not though)
+        this.allowsAuth = true;
+
+        this.emit('connect');
+    }
+
+    /**
+     * Handles server response for STARTTLS command. If there's an error
+     * try HELO instead, otherwise initiate TLS upgrade. If the upgrade
+     * succeedes restart the EHLO
+     *
+     * @param {String} str Message from the server
+     */
+    _actionSTARTTLS(str) {
+        if (str.charAt(0) !== '2') {
+            if (this.options.opportunisticTLS) {
+                this.logger.info(
+                    {
+                        tnx: 'smtp'
+                    },
+                    'Failed STARTTLS upgrade, continuing unencrypted'
+                );
+                return this.emit('connect');
+            }
+            this._onError(new Error('Error upgrading connection with STARTTLS'), 'ETLS', str, 'STARTTLS');
+            return;
+        }
+
+        this._upgradeConnection((err, secured) => {
+            if (err) {
+                this._onError(new Error('Error initiating TLS - ' + (err.message || err)), 'ETLS', false, 'STARTTLS');
+                return;
+            }
+
+            this.logger.info(
+                {
+                    tnx: 'smtp'
+                },
+                'Connection upgraded with STARTTLS'
+            );
+
+            if (secured) {
+                // restart session
+                if (this.options.lmtp) {
+                    this._responseActions.push(this._actionLHLO);
+                    this._sendCommand('LHLO ' + this.name);
+                } else {
+                    this._responseActions.push(this._actionEHLO);
+                    this._sendCommand('EHLO ' + this.name);
+                }
+            } else {
+                this.emit('connect');
+            }
+        });
+    }
+
+    /**
+     * Handle the response for AUTH LOGIN command. We are expecting
+     * '334 VXNlcm5hbWU6' (base64 for 'Username:'). Data to be sent as
+     * response needs to be base64 encoded username. We do not need
+     * exact match but settle with 334 response in general as some
+     * hosts invalidly use a longer message than VXNlcm5hbWU6
+     *
+     * @param {String} str Message from the server
+     */
+    _actionAUTH_LOGIN_USER(str, callback) {
+        if (!/^334[ -]/.test(str)) {
+            // expecting '334 VXNlcm5hbWU6'
+            callback(this._formatError('Invalid login sequence while waiting for "334 VXNlcm5hbWU6"', 'EAUTH', str, 'AUTH LOGIN'));
+            return;
+        }
+
+        this._responseActions.push(str => {
+            this._actionAUTH_LOGIN_PASS(str, callback);
+        });
+
+        this._sendCommand(Buffer.from(this._auth.credentials.user + '', 'utf-8').toString('base64'));
+    }
+
+    /**
+     * Handle the response for AUTH CRAM-MD5 command. We are expecting
+     * '334 <challenge string>'. Data to be sent as response needs to be
+     * base64 decoded challenge string, MD5 hashed using the password as
+     * a HMAC key, prefixed by the username and a space, and finally all
+     * base64 encoded again.
+     *
+     * @param {String} str Message from the server
+     */
+    _actionAUTH_CRAM_MD5(str, callback) {
+        const challengeMatch = str.match(/^334\s+(.+)$/);
+
+        if (!challengeMatch) {
+            return callback(
+                this._formatError('Invalid login sequence while waiting for server challenge string', 'EAUTH', str, 'AUTH CRAM-MD5')
+            );
+        }
+
+        // Decode from base64
+        const base64decoded = Buffer.from(challengeMatch[1], 'base64').toString('ascii');
+        const hmacMD5 = crypto.createHmac('md5', this._auth.credentials.pass);
+
+        hmacMD5.update(base64decoded);
+
+        const prepended = this._auth.credentials.user + ' ' + hmacMD5.digest('hex');
+
+        this._responseActions.push(str => {
+            this._actionAUTH_CRAM_MD5_PASS(str, callback);
+        });
+
+        this._sendCommand(
+            Buffer.from(prepended).toString('base64'),
+            // hidden hash for logs
+            Buffer.from(this._auth.credentials.user + ' /* secret */').toString('base64')
+        );
+    }
+
+    /**
+     * Handles the response to CRAM-MD5 authentication, if there's no error,
+     * the user can be considered logged in. Start waiting for a message to send
+     *
+     * @param {String} str Message from the server
+     */
+    _actionAUTH_CRAM_MD5_PASS(str, callback) {
+        if (!str.match(/^235\s+/)) {
+            return callback(this._formatError('Invalid login sequence while waiting for "235"', 'EAUTH', str, 'AUTH CRAM-MD5'));
+        }
+
+        this.logger.info(
+            {
+                tnx: 'smtp',
+                username: this._auth.user,
+                action: 'authenticated',
+                method: this._authMethod
+            },
+            'User %s authenticated',
+            JSON.stringify(this._auth.user)
+        );
+        this.authenticated = true;
+        callback(null, true);
+    }
+
+    /**
+     * Handle the response for AUTH LOGIN command. We are expecting
+     * '334 UGFzc3dvcmQ6' (base64 for 'Password:'). Data to be sent as
+     * response needs to be base64 encoded password.
+     *
+     * @param {String} str Message from the server
+     */
+    _actionAUTH_LOGIN_PASS(str, callback) {
+        if (!/^334[ -]/.test(str)) {
+            // expecting '334 UGFzc3dvcmQ6'
+            return callback(this._formatError('Invalid login sequence while waiting for "334 UGFzc3dvcmQ6"', 'EAUTH', str, 'AUTH LOGIN'));
+        }
+
+        this._responseActions.push(str => {
+            this._actionAUTHComplete(str, callback);
+        });
+
+        this._sendCommand(
+            Buffer.from((this._auth.credentials.pass || '').toString(), 'utf-8').toString('base64'),
+            // Hidden pass for logs
+            Buffer.from('/* secret */', 'utf-8').toString('base64')
+        );
+    }
+
+    /**
+     * Handles the response for authentication, if there's no error,
+     * the user can be considered logged in. Start waiting for a message to send
+     *
+     * @param {String} str Message from the server
+     */
+    _actionAUTHComplete(str, isRetry, callback) {
+        if (!callback && typeof isRetry === 'function') {
+            callback = isRetry;
+            isRetry = false;
+        }
+
+        if (str.substr(0, 3) === '334') {
+            this._responseActions.push(str => {
+                if (isRetry || this._authMethod !== 'XOAUTH2') {
+                    this._actionAUTHComplete(str, true, callback);
+                } else {
+                    // fetch a new OAuth2 access token
+                    setImmediate(() => this._handleXOauth2Token(true, callback));
+                }
+            });
+            this._sendCommand('');
+            return;
+        }
+
+        if (str.charAt(0) !== '2') {
+            this.logger.info(
+                {
+                    tnx: 'smtp',
+                    username: this._auth.user,
+                    action: 'authfail',
+                    method: this._authMethod
+                },
+                'User %s failed to authenticate',
+                JSON.stringify(this._auth.user)
+            );
+            return callback(this._formatError('Invalid login', 'EAUTH', str, 'AUTH ' + this._authMethod));
+        }
+
+        this.logger.info(
+            {
+                tnx: 'smtp',
+                username: this._auth.user,
+                action: 'authenticated',
+                method: this._authMethod
+            },
+            'User %s authenticated',
+            JSON.stringify(this._auth.user)
+        );
+        this.authenticated = true;
+        callback(null, true);
+    }
+
+    /**
+     * Handle response for a MAIL FROM: command
+     *
+     * @param {String} str Message from the server
+     */
+    _actionMAIL(str, callback) {
+        if (Number(str.charAt(0)) !== 2) {
+            const message =
+                this._usingSmtpUtf8 && /^550 /.test(str) && /[\x80-\uFFFF]/.test(this._envelope.from)
+                    ? 'Internationalized mailbox name not allowed'
+                    : 'Mail command failed';
+            return callback(this._formatError(message, 'EENVELOPE', str, 'MAIL FROM'));
+        }
+
+        if (!this._envelope.rcptQueue.length) {
+            return callback(this._formatError("Can't send mail - no recipients defined", 'EENVELOPE', false, 'API'));
+        }
+
+        this._recipientQueue = [];
+        const usePipelining = this._supportedExtensions.includes('PIPELINING');
+
+        do {
+            const curRecipient = this._envelope.rcptQueue.shift();
+            this._recipientQueue.push(curRecipient);
+            this._responseActions.push(str => {
+                this._actionRCPT(str, callback);
+            });
+            this._sendCommand('RCPT TO:<' + curRecipient + '>' + this._getDsnRcptToArgs());
+        } while (usePipelining && this._envelope.rcptQueue.length);
+    }
+
+    /**
+     * Handle response for a RCPT TO: command
+     *
+     * @param {String} str Message from the server
+     */
+    _actionRCPT(str, callback) {
+        let err;
+        const curRecipient = this._recipientQueue.shift();
+        if (Number(str.charAt(0)) !== 2) {
+            // this is a soft error
+            const message =
+                this._usingSmtpUtf8 && /^553 /.test(str) && /[\x80-\uFFFF]/.test(curRecipient)
+                    ? 'Internationalized mailbox name not allowed'
+                    : 'Recipient command failed';
+            this._envelope.rejected.push(curRecipient);
+            // store error for the failed recipient
+            err = this._formatError(message, 'EENVELOPE', str, 'RCPT TO');
+            err.recipient = curRecipient;
+            this._envelope.rejectedErrors.push(err);
+        } else {
+            this._envelope.accepted.push(curRecipient);
+        }
+
+        if (!this._envelope.rcptQueue.length && !this._recipientQueue.length) {
+            if (this._envelope.rejected.length < this._envelope.to.length) {
+                this._responseActions.push(str => {
+                    this._actionDATA(str, callback);
+                });
+                this._sendCommand('DATA');
+            } else {
+                err = this._formatError("Can't send mail - all recipients were rejected", 'EENVELOPE', str, 'RCPT TO');
+                err.rejected = this._envelope.rejected;
+                err.rejectedErrors = this._envelope.rejectedErrors;
+                return callback(err);
+            }
+        } else if (this._envelope.rcptQueue.length) {
+            const nextRecipient = this._envelope.rcptQueue.shift();
+            this._recipientQueue.push(nextRecipient);
+            this._responseActions.push(str => {
+                this._actionRCPT(str, callback);
+            });
+            this._sendCommand('RCPT TO:<' + nextRecipient + '>' + this._getDsnRcptToArgs());
+        }
+    }
+
+    /**
+     * Handle response for a DATA command
+     *
+     * @param {String} str Message from the server
+     */
+    _actionDATA(str, callback) {
+        // response should be 354 but according to this issue https://github.com/eleith/emailjs/issues/24
+        // some servers might use 250 instead, so lets check for 2 or 3 as the first digit
+        if (!/^[23]/.test(str)) {
+            return callback(this._formatError('Data command failed', 'EENVELOPE', str, 'DATA'));
+        }
+
+        const response = {
+            accepted: this._envelope.accepted,
+            rejected: this._envelope.rejected
+        };
+
+        if (this._ehloLines && this._ehloLines.length) {
+            response.ehlo = this._ehloLines;
+        }
+
+        if (this._envelope.rejectedErrors.length) {
+            response.rejectedErrors = this._envelope.rejectedErrors;
+        }
+
+        callback(null, response);
+    }
+
+    /**
+     * Handle response for a DATA stream when using SMTP
+     * We expect a single response that defines if the sending succeeded or failed
+     *
+     * @param {String} str Message from the server
+     */
+    _actionSMTPStream(str, callback) {
+        if (Number(str.charAt(0)) !== 2) {
+            return callback(this._formatError('Message failed', 'EMESSAGE', str, 'DATA'));
+        }
+        return callback(null, str);
+    }
+
+    /**
+     * Handle response for a DATA stream
+     * We expect a separate response for every recipient. All recipients can either
+     * succeed or fail separately
+     *
+     * @param {String} recipient The recipient this response applies to
+     * @param {Boolean} final Is this the final recipient?
+     * @param {String} str Message from the server
+     */
+    _actionLMTPStream(recipient, final, str, callback) {
+        let err;
+        if (Number(str.charAt(0)) !== 2) {
+            // Message failed
+            err = this._formatError('Message failed for recipient ' + recipient, 'EMESSAGE', str, 'DATA');
+            err.recipient = recipient;
+            this._envelope.rejected.push(recipient);
+            this._envelope.rejectedErrors.push(err);
+            for (let i = 0, len = this._envelope.accepted.length; i < len; i++) {
+                if (this._envelope.accepted[i] === recipient) {
+                    this._envelope.accepted.splice(i, 1);
+                }
+            }
+        }
+        if (final) {
+            return callback(null, str);
+        }
+    }
+
+    _handleXOauth2Token(isRetry, callback) {
+        this._auth.oauth2.getToken(isRetry, (err, accessToken) => {
+            if (err) {
+                this.logger.info(
+                    {
+                        tnx: 'smtp',
+                        username: this._auth.user,
+                        action: 'authfail',
+                        method: this._authMethod
+                    },
+                    'User %s failed to authenticate',
+                    JSON.stringify(this._auth.user)
+                );
+                return callback(this._formatError(err, 'EAUTH', false, 'AUTH XOAUTH2'));
+            }
+            this._responseActions.push(str => {
+                this._actionAUTHComplete(str, isRetry, callback);
+            });
+            this._sendCommand(
+                'AUTH XOAUTH2 ' + this._auth.oauth2.buildXOAuth2Token(accessToken),
+                //  Hidden for logs
+                'AUTH XOAUTH2 ' + this._auth.oauth2.buildXOAuth2Token('/* secret */')
+            );
+        });
+    }
+
+    /**
+     *
+     * @param {string} command
+     * @private
+     */
+    _isDestroyedMessage(command) {
+        if (this._destroyed) {
+            return 'Cannot ' + command + ' - smtp connection is already destroyed.';
+        }
+
+        if (this._socket) {
+            if (this._socket.destroyed) {
+                return 'Cannot ' + command + ' - smtp connection socket is already destroyed.';
+            }
+
+            if (!this._socket.writable) {
+                return 'Cannot ' + command + ' - smtp connection socket is already half-closed.';
+            }
+        }
+    }
+
+    _getHostname() {
+        // defaul hostname is machine hostname or [IP]
+        let defaultHostname;
+        try {
+            defaultHostname = os.hostname() || '';
+        } catch (_err) {
+            // fails on windows 7
+            defaultHostname = 'localhost';
+        }
+
+        // ignore if not FQDN
+        if (!defaultHostname || defaultHostname.indexOf('.') < 0) {
+            defaultHostname = '[127.0.0.1]';
+        }
+
+        // IP should be enclosed in []
+        if (defaultHostname.match(/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/)) {
+            defaultHostname = '[' + defaultHostname + ']';
+        }
+
+        return defaultHostname;
+    }
+}
+
+module.exports = SMTPConnection;