emailengine-app 2.61.5 → 2.62.1

package/lib/stream-encrypt.js

@@ -0,0 +1,263 @@
+'use strict';
+
+const crypto = require('crypto');
+const { Transform } = require('stream');
+
+const MAGIC = Buffer.from('EE01');
+const VERSION = 1;
+const CHUNK_SIZE = 64 * 1024;
+const IV_LENGTH = 12;
+const AUTH_TAG_LENGTH = 16;
+const SALT_LENGTH = 16;
+const HEADER_SIZE = MAGIC.length + 4 + 4 + SALT_LENGTH;
+const MAX_CHUNK_SIZE = CHUNK_SIZE * 4;
+
+function deriveKeyAsync(password, salt) {
+    return new Promise((resolve, reject) => {
+        crypto.scrypt(password, salt, 32, (err, key) => {
+            if (err) reject(err);
+            else resolve(key);
+        });
+    });
+}
+
+class EncryptStream extends Transform {
+    constructor({ key, salt }) {
+        super();
+        this.key = key;
+        this.salt = salt;
+        this.buffer = Buffer.alloc(0);
+        this.headerWritten = false;
+    }
+
+    _writeHeader() {
+        if (this.headerWritten) return;
+
+        const versionBuf = Buffer.alloc(4);
+        versionBuf.writeUInt32LE(VERSION);
+
+        const chunkSizeBuf = Buffer.alloc(4);
+        chunkSizeBuf.writeUInt32LE(CHUNK_SIZE);
+
+        this.push(Buffer.concat([MAGIC, versionBuf, chunkSizeBuf, this.salt]));
+        this.headerWritten = true;
+    }
+
+    _encryptChunk(chunk) {
+        const iv = crypto.randomBytes(IV_LENGTH);
+        const cipher = crypto.createCipheriv('aes-256-gcm', this.key, iv, { authTagLength: AUTH_TAG_LENGTH });
+
+        const encrypted = Buffer.concat([cipher.update(chunk), cipher.final()]);
+        const authTag = cipher.getAuthTag();
+
+        const chunkHeader = Buffer.alloc(IV_LENGTH + 4);
+        iv.copy(chunkHeader, 0);
+        chunkHeader.writeUInt32LE(encrypted.length, IV_LENGTH);
+
+        return Buffer.concat([chunkHeader, encrypted, authTag]);
+    }
+
+    _transform(data, encoding, callback) {
+        try {
+            this._writeHeader();
+
+            this.buffer = Buffer.concat([this.buffer, data]);
+
+            while (this.buffer.length >= CHUNK_SIZE) {
+                const chunk = this.buffer.subarray(0, CHUNK_SIZE);
+                this.buffer = this.buffer.subarray(CHUNK_SIZE);
+                this.push(this._encryptChunk(chunk));
+            }
+
+            callback();
+        } catch (err) {
+            callback(err);
+        }
+    }
+
+    _flush(callback) {
+        try {
+            this._writeHeader();
+
+            if (this.buffer.length > 0) {
+                this.push(this._encryptChunk(this.buffer));
+            }
+
+            this.key = null;
+            callback();
+        } catch (err) {
+            callback(err);
+        }
+    }
+}
+
+class DecryptStream extends Transform {
+    constructor(secret) {
+        super();
+        this.secret = secret;
+        this.buffer = Buffer.alloc(0);
+        this.headerParsed = false;
+        this.key = null;
+        this.chunkSize = CHUNK_SIZE;
+    }
+
+    _parseHeader() {
+        if (this.buffer.length < HEADER_SIZE) {
+            return false;
+        }
+
+        let offset = 0;
+
+        const magic = this.buffer.subarray(offset, offset + MAGIC.length);
+        if (!magic.equals(MAGIC)) {
+            throw new Error('Invalid encrypted file format: bad magic bytes');
+        }
+        offset += MAGIC.length;
+
+        const version = this.buffer.readUInt32LE(offset);
+        if (version !== VERSION) {
+            throw new Error(`Unsupported encryption version: ${version}`);
+        }
+        offset += 4;
+
+        this.chunkSize = this.buffer.readUInt32LE(offset);
+        if (this.chunkSize > MAX_CHUNK_SIZE) {
+            throw new Error('Invalid chunk size in header');
+        }
+        offset += 4;
+
+        this.salt = this.buffer.subarray(offset, offset + SALT_LENGTH);
+
+        this.buffer = this.buffer.subarray(HEADER_SIZE);
+        this.headerParsed = true;
+
+        return true;
+    }
+
+    _decryptChunk() {
+        const minChunkHeader = IV_LENGTH + 4;
+        if (this.buffer.length < minChunkHeader) {
+            return null;
+        }
+
+        const iv = this.buffer.subarray(0, IV_LENGTH);
+        const encryptedLength = this.buffer.readUInt32LE(IV_LENGTH);
+        if (encryptedLength > this.chunkSize + 256) {
+            throw new Error('Invalid encrypted chunk length');
+        }
+        const totalChunkSize = minChunkHeader + encryptedLength + AUTH_TAG_LENGTH;
+
+        if (this.buffer.length < totalChunkSize) {
+            return null;
+        }
+
+        const encryptedData = this.buffer.subarray(minChunkHeader, minChunkHeader + encryptedLength);
+        const authTag = this.buffer.subarray(minChunkHeader + encryptedLength, totalChunkSize);
+
+        const decipher = crypto.createDecipheriv('aes-256-gcm', this.key, iv, { authTagLength: AUTH_TAG_LENGTH });
+        decipher.setAuthTag(authTag);
+
+        let decrypted;
+        try {
+            decrypted = Buffer.concat([decipher.update(encryptedData), decipher.final()]);
+        } catch (err) {
+            if (err.message.includes('auth')) {
+                throw new Error('Decryption failed: invalid secret or corrupted data');
+            }
+            throw err;
+        }
+
+        this.buffer = this.buffer.subarray(totalChunkSize);
+
+        return decrypted;
+    }
+
+    _processBuffer(callback) {
+        try {
+            let decrypted;
+            while ((decrypted = this._decryptChunk()) !== null) {
+                this.push(decrypted);
+            }
+            callback();
+        } catch (err) {
+            callback(err);
+        }
+    }
+
+    _transform(data, encoding, callback) {
+        this.buffer = Buffer.concat([this.buffer, data]);
+
+        if (!this.headerParsed) {
+            try {
+                if (!this._parseHeader()) {
+                    callback();
+                    return;
+                }
+            } catch (err) {
+                callback(err);
+                return;
+            }
+            crypto.scrypt(this.secret, this.salt, 32, (err, key) => {
+                if (err) {
+                    callback(err);
+                    return;
+                }
+                this.key = key;
+                this.secret = null;
+                this._processBuffer(callback);
+            });
+            return;
+        }
+
+        this._processBuffer(callback);
+    }
+
+    _flush(callback) {
+        try {
+            if (this.buffer.length > 0) {
+                if (!this.headerParsed) {
+                    throw new Error('Invalid encrypted file: incomplete header');
+                }
+
+                const decrypted = this._decryptChunk();
+                if (decrypted !== null) {
+                    this.push(decrypted);
+                }
+
+                if (this.buffer.length > 0) {
+                    throw new Error('Invalid encrypted file: incomplete final chunk');
+                }
+            }
+
+            this.key = null;
+            callback();
+        } catch (err) {
+            callback(err);
+        }
+    }
+}
+
+async function createEncryptStream(secret) {
+    if (!secret) {
+        throw new Error('Encryption secret is required');
+    }
+    const salt = crypto.randomBytes(SALT_LENGTH);
+    const key = await deriveKeyAsync(secret, salt);
+    return new EncryptStream({ key, salt });
+}
+
+async function createDecryptStream(secret) {
+    if (!secret) {
+        throw new Error('Decryption secret is required');
+    }
+    return new DecryptStream(secret);
+}
+
+module.exports = {
+    createEncryptStream,
+    createDecryptStream,
+    MAGIC,
+    VERSION,
+    CHUNK_SIZE,
+    HEADER_SIZE
+};

package/lib/sub-script.js

@@ -4,7 +4,7 @@ const crypto = require('crypto');
 const vm = require('vm');
 const logger = require('./logger');
 const settings = require('./settings');
-const { retryAgent } = require('./tools');
+const { httpAgent } = require('./tools');
 
 const { SUBSCRIPT_RUNTIME_TIMEOUT } = require('./consts');
 
@@ -46,7 +46,7 @@ const wrappedFetch = (...args) => {
         opts = args[1];
     }
 
-    return fetchCmd(args[0], Object.assign({}, opts, { dispatcher: retryAgent }));
+    return fetchCmd(args[0], Object.assign({}, opts, { dispatcher: httpAgent.retry }));
 };
 
 class SubScript {

package/lib/tools.js

@@ -45,20 +45,168 @@ const bullmqPackage = require('bullmq/package.json');
 // Network utilities - imported for internal use only
 const { getLocalAddress } = require('./utils/network');
 
-const { fetch: fetchCmd, Agent, RetryAgent } = require('undici');
+const { fetch: fetchCmd, Agent, RetryAgent, ProxyAgent } = require('undici');
+const tls = require('tls');
+const { SocksClient } = require('socks');
 
-const fetchAgent = new Agent({
+const AGENT_OPTS = {
     strictContentLength: false,
     connectTimeout: Math.min(30000, URL_FETCH_TIMEOUT), // up to 30s for connection
     headersTimeout: URL_FETCH_TIMEOUT, // Full timeout (90s)
     bodyTimeout: URL_FETCH_TIMEOUT // Full timeout (90s)
-});
+};
 
-const retryAgent = new RetryAgent(fetchAgent, {
+const RETRY_OPTS = {
     maxRetries: URL_FETCH_RETRY_MAX,
     methods: ['GET', 'PUT', 'HEAD', 'OPTIONS', 'DELETE', 'POST'],
     statusCodes: [429] // do not retry 5xx errors
-});
+};
+
+// Shared mutable object -- consumers import the object reference and access
+// .fetch / .retry at call time, so replacing properties here is visible everywhere.
+const httpAgent = {
+    fetch: new Agent(AGENT_OPTS),
+    retry: null
+};
+httpAgent.retry = new RetryAgent(httpAgent.fetch, RETRY_OPTS);
+
+// Backward-compat aliases (read from httpAgent at call time via getter)
+// backward-compat aliases are defined as getters on module.exports below
+
+const SOCKS4_PROTOCOLS = new Set(['socks4:', 'socks4a:']);
+
+function createSocksAgent(proxyUrl, agentOpts) {
+    let parsed = new URL(proxyUrl);
+    let proxyType = SOCKS4_PROTOCOLS.has(parsed.protocol) ? 4 : 5;
+    let proxyHost = parsed.hostname;
+    let proxyPort = Number(parsed.port) || 1080;
+
+    let proxy = {
+        host: proxyHost,
+        port: proxyPort,
+        type: proxyType
+    };
+
+    if (parsed.username) {
+        proxy.userId = decodeURIComponent(parsed.username);
+        proxy.password = parsed.password ? decodeURIComponent(parsed.password) : '';
+    }
+
+    return new Agent(
+        Object.assign({}, agentOpts, {
+            connect: async opts => {
+                let { hostname, port, protocol } = opts;
+                let useTls = protocol === 'https:';
+
+                let info = await SocksClient.createConnection({
+                    proxy,
+                    command: 'connect',
+                    destination: {
+                        host: hostname,
+                        port: Number(port) || (useTls ? 443 : 80)
+                    },
+                    timeout: agentOpts.connectTimeout || 30000
+                });
+
+                let socket = info.socket;
+
+                if (useTls) {
+                    let rawSocket = socket;
+                    socket = tls.connect(Object.assign({ socket: rawSocket, servername: hostname }, TLS_DEFAULTS));
+                    try {
+                        await new Promise((resolve, reject) => {
+                            socket.once('secureConnect', resolve);
+                            socket.once('error', reject);
+                        });
+                    } catch (err) {
+                        socket.destroy();
+                        rawSocket.destroy();
+                        throw err;
+                    }
+                }
+
+                return socket;
+            }
+        })
+    );
+}
+
+let _reloadPromise = null;
+
+async function reloadHttpProxyAgent() {
+    if (_reloadPromise) {
+        return _reloadPromise;
+    }
+    _reloadPromise = _doReloadHttpProxyAgent();
+    try {
+        return await _reloadPromise;
+    } finally {
+        _reloadPromise = null;
+    }
+}
+
+async function _doReloadHttpProxyAgent() {
+    let enabled, proxyUrl;
+    try {
+        enabled = await settings.get('httpProxyEnabled');
+        proxyUrl = await settings.get('httpProxyUrl');
+    } catch (err) {
+        logger.error({ msg: 'Failed to read HTTP proxy settings', err });
+        return;
+    }
+
+    // Environment variable overrides
+    let envEnabled = process.env.EENGINE_HTTP_PROXY_ENABLED;
+    let envUrl = process.env.EENGINE_HTTP_PROXY_URL;
+    if (typeof envUrl === 'string' && envUrl) {
+        proxyUrl = envUrl;
+    }
+    if (typeof envEnabled === 'string' && envEnabled) {
+        enabled = /^(true|1|y|on|yes)$/i.test(envEnabled);
+    }
+
+    let oldFetch = httpAgent.fetch;
+
+    try {
+        if (enabled && proxyUrl) {
+            let parsed = new URL(proxyUrl);
+            let scheme = parsed.protocol.replace(/:$/, '').toLowerCase();
+
+            if (['socks', 'socks4', 'socks4a', 'socks5'].includes(scheme)) {
+                httpAgent.fetch = createSocksAgent(proxyUrl, AGENT_OPTS);
+            } else {
+                httpAgent.fetch = new ProxyAgent(Object.assign({}, AGENT_OPTS, { uri: proxyUrl }));
+            }
+
+            // Sanitize credentials for logging
+            if (parsed.username || parsed.password) {
+                parsed.username = '';
+                parsed.password = '';
+            }
+            proxyUrl = parsed.toString();
+        } else {
+            httpAgent.fetch = new Agent(AGENT_OPTS);
+        }
+
+        httpAgent.retry = new RetryAgent(httpAgent.fetch, RETRY_OPTS);
+
+        logger.info({
+            msg: 'HTTP proxy agent reloaded',
+            httpProxyEnabled: !!enabled,
+            httpProxyUrl: enabled && proxyUrl ? proxyUrl : null
+        });
+
+        if (oldFetch && oldFetch !== httpAgent.fetch) {
+            try {
+                await oldFetch.close();
+            } catch (err) {
+                // ignore close errors
+            }
+        }
+    } catch (err) {
+        logger.error({ msg: 'Failed to create HTTP proxy agent, keeping existing agent', err });
+    }
+}
 
 class LRUCache extends Map {
     constructor(maxSize = 1000) {
@@ -77,6 +225,22 @@ class LRUCache extends Map {
 
 const regexCache = new LRUCache(1000);
 
+function formatTokenError(provider, tokenRequest) {
+    let parts = [`Token request failed for ${provider}`];
+    if (tokenRequest) {
+        let detail = `${tokenRequest.grant || 'unknown'}, HTTP ${tokenRequest.status || '?'}`;
+        parts[0] += ` (${detail})`;
+        if (tokenRequest.response) {
+            let resp = tokenRequest.response;
+            let errorParts = [resp.error, resp.error_description].filter(Boolean);
+            if (errorParts.length) {
+                parts.push(errorParts.join(' - '));
+            }
+        }
+    }
+    return parts.join(': ');
+}
+
 module.exports = {
     /**
      * Helper function to set specific bit in a buffer
@@ -348,7 +512,7 @@ module.exports = {
         parsed.searchParams.set('account', account);
         parsed.searchParams.set('proto', proto);
 
-        let authResponse = await fetchCmd(parsed.toString(), { method: 'GET', headers, dispatcher: retryAgent });
+        let authResponse = await fetchCmd(parsed.toString(), { method: 'GET', headers, dispatcher: httpAgent.retry });
         if (!authResponse.ok) {
             throw new Error(`Invalid response: ${authResponse.status} ${authResponse.statusText}`);
         }
@@ -1335,7 +1499,7 @@ MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEV3QUiYsp13nD9suD1/ZkEXnuMoSg
             'User-Agent': `${packageData.name}/${packageData.version} (+${packageData.homepage})`
         };
 
-        let releaseResponse = await fetchCmd(releaseUrl, { method: 'GET', headers, dispatcher: retryAgent });
+        let releaseResponse = await fetchCmd(releaseUrl, { method: 'GET', headers, dispatcher: httpAgent.retry });
         if (!releaseResponse.ok) {
             let err = new Error(`Failed loading release data`);
             err.response = {
@@ -1382,8 +1546,12 @@ MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEV3QUiYsp13nD9suD1/ZkEXnuMoSg
     },
 
     validUidValidity(value) {
-        if (typeof value === 'bigint' || typeof value === 'number') {
-            return true;
+        if (typeof value === 'bigint') {
+            return value > BigInt(0);
+        }
+
+        if (typeof value === 'number') {
+            return Number.isFinite(value) && value > 0;
         }
 
         if (isNaN(value)) {
@@ -1762,7 +1930,10 @@ MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEV3QUiYsp13nD9suD1/ZkEXnuMoSg
 
     prepareUrl(url, baseUrl, queryParams) {
         let { pathname: baseUrlPathname } = new URL(baseUrl);
-        baseUrlPathname = baseUrlPathname.replace(/\/?/, '/');
+        // Ensure pathname ends with trailing slash for proper path concatenation
+        if (!baseUrlPathname.endsWith('/')) {
+            baseUrlPathname += '/';
+        }
 
         const urlObj = new URL(baseUrlPathname + url.replace(/^\//, ''), baseUrl);
 
@@ -1777,11 +1948,22 @@ MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEV3QUiYsp13nD9suD1/ZkEXnuMoSg
         return urlObj.href;
     },
 
-    retryAgent,
+    httpAgent,
+    reloadHttpProxyAgent,
+    createSocksAgent,
+
+    get fetchAgent() {
+        return httpAgent.fetch;
+    },
+    get retryAgent() {
+        return httpAgent.retry;
+    },
 
     LRUCache,
 
-    normalizeHashKeys
+    normalizeHashKeys,
+
+    formatTokenError
 };
 
 function msgpackDecode(buf) {

package/lib/ui-routes/account-routes.js

@@ -520,6 +520,11 @@ function init(args) {
 
             const nonce = data.n || crypto.randomBytes(NONCE_BYTES).toString('base64url');
 
+            // Validate nonce format (base64url, 21-22 chars; also accept base64 for backward compatibility)
+            if (!/^[A-Za-z0-9_\-+/]{21,22}={0,2}$/.test(nonce)) {
+                throw Boom.badRequest('Invalid nonce format. Please generate a new authentication URL.');
+            }
+
             // store account data with atomic SET + EX
             await redis.set(`${REDIS_PREFIX}account:add:${nonce}`, JSON.stringify(accountData), 'EX', Math.floor(MAX_FORM_TTL / 1000));
 
@@ -814,11 +819,29 @@ function init(args) {
                             case 'EAUTH':
                                 verifyResult.smtp.error = request.app.gt.gettext('Invalid username or password');
                                 break;
+                            case 'ENOAUTH':
+                                verifyResult.smtp.error = request.app.gt.gettext('Authentication credentials were not provided');
+                                break;
+                            case 'EOAUTH2':
+                                verifyResult.smtp.error = request.app.gt.gettext('OAuth2 authentication failed');
+                                break;
+                            case 'ETLS':
+                                verifyResult.smtp.error = request.app.gt.gettext('TLS protocol error');
+                                break;
                             case 'ESOCKET':
                                 if (/openssl/.test(verifyResult.smtp.error)) {
                                     verifyResult.smtp.error = request.app.gt.gettext('TLS protocol error');
                                 }
                                 break;
+                            case 'ETIMEDOUT':
+                                verifyResult.smtp.error = request.app.gt.gettext('Connection timed out');
+                                break;
+                            case 'ECONNECTION':
+                                verifyResult.smtp.error = request.app.gt.gettext('Could not connect to server');
+                                break;
+                            case 'EPROTOCOL':
+                                verifyResult.smtp.error = request.app.gt.gettext('Unexpected server response');
+                                break;
                         }
                     }
                 }

package/lib/ui-routes/admin-config-routes.js

@@ -15,11 +15,12 @@ const consts = require('../consts');
 const packageData = require('../../package.json');
 const timezonesList = require('timezones-list').default;
 
-const { failAction, getByteSize, formatByteSize, getDuration, readEnvValue, hasEnvValue, retryAgent } = require('../tools');
+const { failAction, getByteSize, formatByteSize, getDuration, readEnvValue, hasEnvValue, httpAgent } = require('../tools');
 
 const { settingsSchema } = require('../schemas');
 
-const { DEFAULT_MAX_LOG_LINES, DEFAULT_DELIVERY_ATTEMPTS, REDIS_PREFIX, NONCE_BYTES } = consts;
+const { DEFAULT_MAX_LOG_LINES, DEFAULT_DELIVERY_ATTEMPTS, REDIS_PREFIX, NONCE_BYTES, DEFAULT_GMAIL_EXPORT_BATCH_SIZE, DEFAULT_OUTLOOK_EXPORT_BATCH_SIZE } =
+    consts;
 
 const { fetch: fetchCmd } = require('undici');
 
@@ -359,7 +360,9 @@ function init(args) {
                 enableOAuthTokensApi: (await settings.get('enableOAuthTokensApi')) || false,
                 ignoreMailCertErrors: (await settings.get('ignoreMailCertErrors')) || false,
                 locale: (await settings.get('locale')) || false,
-                timezone: (await settings.get('timezone')) || false
+                timezone: (await settings.get('timezone')) || false,
+                gmailExportBatchSize: (await settings.get('gmailExportBatchSize')) || DEFAULT_GMAIL_EXPORT_BATCH_SIZE,
+                outlookExportBatchSize: (await settings.get('outlookExportBatchSize')) || DEFAULT_OUTLOOK_EXPORT_BATCH_SIZE
             };
 
             if (typeof values.trackClicks !== 'boolean') {
@@ -423,7 +426,9 @@ function init(args) {
                     locale: request.payload.locale,
                     timezone: request.payload.timezone,
                     deliveryAttempts: request.payload.deliveryAttempts,
-                    imapIndexer: request.payload.imapIndexer
+                    imapIndexer: request.payload.imapIndexer,
+                    gmailExportBatchSize: request.payload.gmailExportBatchSize,
+                    outlookExportBatchSize: request.payload.outlookExportBatchSize
                 };
 
                 if (request.payload.serviceUrl) {
@@ -530,7 +535,9 @@ function init(args) {
                         .empty('')
                         .valid(...locales.map(locale => locale.locale))
                         .default('en'),
-                    timezone: settingsSchema.timezone.empty('')
+                    timezone: settingsSchema.timezone.empty(''),
+                    gmailExportBatchSize: settingsSchema.gmailExportBatchSize.default(DEFAULT_GMAIL_EXPORT_BATCH_SIZE),
+                    outlookExportBatchSize: settingsSchema.outlookExportBatchSize.default(DEFAULT_OUTLOOK_EXPORT_BATCH_SIZE)
                 })
             }
         }
@@ -821,7 +828,7 @@ function init(args) {
                                 data: { nonce: crypto.randomBytes(NONCE_BYTES).toString('base64url') }
                             }),
                         headers,
-                        dispatcher: retryAgent
+                        dispatcher: httpAgent.retry
                     });
                     duration = Date.now() - start;
                 } catch (err) {

package/lib/ui-routes/admin-entities-routes.js

@@ -2022,11 +2022,29 @@ return payload;`)
                             case 'EAUTH':
                                 verifyResult.smtp.error = request.app.gt.gettext('Invalid username or password');
                                 break;
+                            case 'ENOAUTH':
+                                verifyResult.smtp.error = request.app.gt.gettext('Authentication credentials were not provided');
+                                break;
+                            case 'EOAUTH2':
+                                verifyResult.smtp.error = request.app.gt.gettext('OAuth2 authentication failed');
+                                break;
+                            case 'ETLS':
+                                verifyResult.smtp.error = request.app.gt.gettext('TLS protocol error');
+                                break;
                             case 'ESOCKET':
                                 if (/openssl/.test(verifyResult.smtp.error)) {
                                     verifyResult.smtp.error = request.app.gt.gettext('TLS protocol error');
                                 }
                                 break;
+                            case 'ETIMEDOUT':
+                                verifyResult.smtp.error = request.app.gt.gettext('Connection timed out');
+                                break;
+                            case 'ECONNECTION':
+                                verifyResult.smtp.error = request.app.gt.gettext('Could not connect to server');
+                                break;
+                            case 'EPROTOCOL':
+                                verifyResult.smtp.error = request.app.gt.gettext('Unexpected server response');
+                                break;
                         }
                     }
                 }