emailengine-app 2.68.1 → 2.70.0

package/lib/email-client/outlook-client.js

@@ -41,6 +41,27 @@ const MAX_BATCH_SIZE = graphApi.MAX_BATCH_SIZE;
 // Subscription is renewed automatically. But just in case, check once in an hour
 const RENEW_WATCH_TTL = 60 * 60 * 1000; // 1h
 
+// MS Graph folder hierarchy is defined by id/parentFolderId, not by "/" in folder
+// names. To build an unambiguous, reversible pathName we percent-encode "%" and "/"
+// inside a single displayName segment, keeping the real "/" as the delimiter BETWEEN
+// segments. Encode "%" first then "/"; decode "%2F" first then "%25" so that a folder
+// name literally containing "%2F" or "%25" round-trips correctly.
+// Both helpers are pure and exception-safe: the typeof guard returns non-string input
+// unchanged, and replaceAll on a string uses literal (not regex) replacement.
+function encodeFolderSegment(name) {
+    if (typeof name !== 'string') {
+        return name;
+    }
+    return name.replaceAll('%', '%25').replaceAll('/', '%2F');
+}
+
+function decodeFolderSegment(segment) {
+    if (typeof segment !== 'string') {
+        return segment;
+    }
+    return segment.replaceAll('%2F', '/').replaceAll('%25', '%');
+}
+
 /*
 Supported operations status:
 ✅ listMessages - with paging (cursor + page nr) and search queries (no support for to/cc/bcc queries)
@@ -625,7 +646,8 @@ class OutlookClient extends BaseClient {
                 'ccRecipients',
                 'bccRecipients',
                 'internetMessageId',
-                'bodyPreview'
+                'bodyPreview',
+                'categories'
             ];
             expandFields = 'attachments($select=id,name,contentType,size,isInline,microsoft.graph.fileAttachment/contentId)';
         }
@@ -647,6 +669,7 @@ class OutlookClient extends BaseClient {
 
         let useOutlookSearch = false;
         let skipToken = null;
+        let labelFilterActive = false;
 
         // Handle search queries
         if (query.search) {
@@ -668,15 +691,48 @@ class OutlookClient extends BaseClient {
                     // we need to have receivedDateTime as the first filtering property, otherwise ordering will fail
                     requestQuery.$filter = `receivedDateTime gt 1970-01-01T00:00:00.000Z and ${$filter}`;
                 }
+                // Category (label) filters compile to a categories/any() lambda. Some mailboxes refuse
+                // to combine that with $orderBy; remember it so we can retry without ordering below.
+                labelFilterActive = !!(query.search.labels && [].concat(query.search.labels.has || [], query.search.labels.not || []).some(Boolean));
             }
         }
 
         let messages;
         let totalMessages;
 
+        let messagesUrl = `/${this.oauth2UserPath}/${folder ? `mailFolders/${folder.id}/` : ''}messages`;
+        // The "not" form of a category filter may require advanced query capabilities; the header is
+        // harmless for the "has" form and for queries without a label filter we omit it entirely.
+        let requestOptions = labelFilterActive ? { headers: { ConsistencyLevel: 'eventual' } } : undefined;
+
         // Execute the message list request
         try {
-            let listing = await this.request(`/${this.oauth2UserPath}/${folder ? `mailFolders/${folder.id}/` : ''}messages`, 'get', requestQuery);
+            let listing;
+            try {
+                listing = await this.request(messagesUrl, 'get', requestQuery, requestOptions);
+            } catch (err) {
+                // A categories/any() filter combined with $orderBy can be rejected as too complex
+                // ("InefficientFilter"). Retry once without server-side ordering and sort the page locally.
+                let graphCode = err?.oauthRequest?.response?.error?.code || '';
+                let graphMessage = err?.oauthRequest?.response?.error?.message || '';
+                let inefficientFilter = /inefficientfilter/i.test(graphCode) || /restriction or sort order is too complex/i.test(graphMessage);
+
+                if (labelFilterActive && requestQuery.$orderBy && inefficientFilter) {
+                    this.logger.warn({
+                        msg: 'Graph rejected ordered category filter, retrying without server-side ordering',
+                        account: this.account,
+                        path
+                    });
+                    delete requestQuery.$orderBy;
+                    listing = await this.request(messagesUrl, 'get', requestQuery, requestOptions);
+                    // Without $orderBy the server no longer guarantees order; sort this page newest-first
+                    if (listing && Array.isArray(listing.value)) {
+                        listing.value.sort((a, b) => new Date(b.receivedDateTime) - new Date(a.receivedDateTime));
+                    }
+                } else {
+                    throw err;
+                }
+            }
 
             totalMessages = !isNaN(listing['@odata.count']) ? Number(listing['@odata.count']) : undefined;
 
@@ -854,23 +910,35 @@ class OutlookClient extends BaseClient {
 
         let folder;
         if (!force) {
-            try {
-                folder = await this.resolveFolder('\\Trash');
-
-                // If we're already in trash, force delete
-                if (!force && folder?.specialUse === '\\Trash') {
-                    force = true;
-                }
+            // Fetch the listing once for both folder resolutions
+            let mailboxListing = (await this.getCachedMailboxListing()) || (await this.getMailboxListing());
 
-                if (!force && !folder) {
-                    throw new Error('Trash folder was not found');
-                }
+            // If the source folder is already the Trash folder, delete permanently
+            let sourceFolder;
+            try {
+                sourceFolder = await this.resolveFolder(path, { mailboxListing });
             } catch (err) {
                 this.logger.error({
-                    msg: 'Failed to resolve folder for Trash',
+                    msg: 'Failed to resolve source folder',
+                    path,
                     err
                 });
             }
+
+            if (sourceFolder?.specialUse === '\\Trash') {
+                force = true;
+            } else {
+                folder = await this.resolveFolder('\\Trash', { mailboxListing });
+                if (!folder) {
+                    let error = new Error('Trash folder was not found');
+                    error.info = {
+                        response: 'Failed to resolve the Trash folder for the account'
+                    };
+                    error.code = 'TrashNotFound';
+                    error.statusCode = 404;
+                    throw error;
+                }
+            }
         }
 
         // Step 1. Resolve matching messages
@@ -993,27 +1061,15 @@ class OutlookClient extends BaseClient {
     }
 
     /**
-     * Update message flags (Graph API only supports \Seen and \Flagged)
+     * Converts an IMAP-style flag update request into Graph API message properties.
+     * Only \Seen and \Flagged can be represented in the Graph API. Set precedence is
+     * handled by BaseClient#normalizeFlagUpdates.
+     * @param {Object} [flags] - Flag update request ({ add, delete, set })
+     * @returns {Object} Graph API PATCH properties ({ isRead, flag })
      */
-    async updateMessage(emailId, updates) {
-        await this.prepare();
-        updates = updates || {};
-
-        let addFlags = updates.flags?.add || [];
-        let deleteFlags = updates.flags?.delete || [];
-
-        // Handle flag set operations
-        if (updates.flags?.set) {
-            for (let flag of ['\\Seen', '\\Flagged']) {
-                if (updates.flags.set.includes(flag)) {
-                    addFlags.push(flag);
-                } else {
-                    deleteFlags.push(flag);
-                }
-            }
-        }
+    buildFlagUpdates(flags) {
+        let { add: addFlags, delete: deleteFlags } = this.normalizeFlagUpdates(flags, ['\\Seen', '\\Flagged']);
 
-        // Map IMAP flags to Graph API properties
         let flagUpdates = {};
 
         if (addFlags.includes('\\Seen')) {
@@ -1030,6 +1086,19 @@ class OutlookClient extends BaseClient {
             flagUpdates.flag = { flagStatus: 'notFlagged' };
         }
 
+        return flagUpdates;
+    }
+
+    /**
+     * Update message flags (Graph API only supports \Seen and \Flagged)
+     */
+    async updateMessage(emailId, updates) {
+        await this.prepare();
+        updates = updates || {};
+
+        // Map IMAP flags to Graph API properties
+        let flagUpdates = this.buildFlagUpdates(updates.flags);
+
         // Handle label (category) operations
         if (updates.labels) {
             let categories;
@@ -1122,36 +1191,8 @@ class OutlookClient extends BaseClient {
 
         updates = updates || {};
 
-        let addFlags = updates.flags?.add || [];
-        let deleteFlags = updates.flags?.delete || [];
-
-        // Handle flag set operations
-        if (updates.flags?.set) {
-            for (let flag of ['\\Seen', '\\Flagged']) {
-                if (updates.flags.set.includes(flag)) {
-                    addFlags.push(flag);
-                } else {
-                    deleteFlags.push(flag);
-                }
-            }
-        }
-
         // Map IMAP flags to Graph API properties
-        let flagUpdates = {};
-
-        if (addFlags.includes('\\Seen')) {
-            flagUpdates.isRead = true;
-        }
-        if (deleteFlags.includes('\\Seen')) {
-            flagUpdates.isRead = false;
-        }
-
-        if (addFlags.includes('\\Flagged')) {
-            flagUpdates.flag = { flagStatus: 'flagged' };
-        }
-        if (deleteFlags.includes('\\Flagged')) {
-            flagUpdates.flag = { flagStatus: 'notFlagged' };
-        }
+        let flagUpdates = this.buildFlagUpdates(updates.flags);
 
         // Step 1. Resolve matching messages
         let emailIds = search.emailIds || (await this.searchEmailIds(path, search));
@@ -1523,7 +1564,7 @@ class OutlookClient extends BaseClient {
 
         const contentResponse = {
             headers: {
-                'content-type': attachmentData.mimeType || 'application/octet-stream',
+                'content-type': attachmentData.contentType || 'application/octet-stream',
                 'content-disposition': 'attachment' + filenameParam
             },
             contentType: attachmentData.contentType,
@@ -2500,7 +2541,9 @@ class OutlookClient extends BaseClient {
 
         let subPaths = path.split('/');
 
-        let displayName = subPaths.pop();
+        // Decode the leaf so the literal folder name is sent to Graph; parent segments
+        // stay encoded for resolveFolder (which matches against the encoded pathName).
+        let displayName = decodeFolderSegment(subPaths.pop());
         let parentPath = subPaths.join('/');
 
         // Resolve parent folder if specified
@@ -2570,7 +2613,7 @@ class OutlookClient extends BaseClient {
             mailboxId: mailbox.id,
             path: []
                 .concat(parentFolder?.pathName || [])
-                .concat(mailbox.displayName)
+                .concat(encodeFolderSegment(mailbox.displayName))
                 .join('/'),
             created: true
         };
@@ -2637,8 +2680,10 @@ class OutlookClient extends BaseClient {
         if (sourceName !== destinationName) {
             let mailbox;
             try {
+                // sourceName/destinationName stay encoded for the comparison above;
+                // decode only here so Graph receives the literal folder name.
                 mailbox = await this.request(`/${this.oauth2UserPath}/mailFolders/${sourceFolder.id}`, 'patch', {
-                    displayName: destinationName
+                    displayName: decodeFolderSegment(destinationName)
                 });
                 if (!mailbox) {
                     throw new Error('Failed to rename mailbox');
@@ -3077,7 +3122,7 @@ class OutlookClient extends BaseClient {
                             if (pathNamePrefix) {
                                 entry.parentPath = pathNamePrefix;
                             }
-                            entry.pathName = `${pathNamePrefix ? `${pathNamePrefix}/` : ''}${entry.displayName}`;
+                            entry.pathName = `${pathNamePrefix ? `${pathNamePrefix}/` : ''}${encodeFolderSegment(entry.displayName)}`;
                             return entry;
                         })
                     );
@@ -3094,8 +3139,8 @@ class OutlookClient extends BaseClient {
 
             // Traverse child folders
             for (let entry of list) {
-                // do not traverse subfolders for folders with a slash in the name (would create ambiguous paths)
-                if (entry.childFolderCount && entry.displayName.indexOf('/') < 0) {
+                // pathName percent-encodes any literal "/" in the segment, so child paths stay unambiguous
+                if (entry.childFolderCount) {
                     await traverse(entry.pathName, entry.id);
                 }
             }
@@ -3103,10 +3148,8 @@ class OutlookClient extends BaseClient {
 
         await traverse();
 
-        // keep only real folders and folders that do not contain slash in the name
-        mailboxListing = mailboxListing.filter(
-            entry => (!entry['@odata.type'] || /^#?microsoft\.graph\.mailFolder$/.test(entry['@odata.type'])) && entry.displayName.indexOf('/') < 0
-        );
+        // keep only real mail folders (drop search folders and other non-mailFolder types)
+        mailboxListing = mailboxListing.filter(entry => !entry['@odata.type'] || /^#?microsoft\.graph\.mailFolder$/.test(entry['@odata.type']));
 
         return mailboxListing;
     }
@@ -3120,8 +3163,9 @@ class OutlookClient extends BaseClient {
 
         path = [].concat(path || []).join('/');
 
-        let cachedListing = await this.getCachedMailboxListing();
-        let mailboxListing = cachedListing || (await this.getMailboxListing());
+        // Callers that resolve multiple folders can pass a pre-fetched listing to avoid
+        // repeated cache reads or Graph API folder crawls
+        let mailboxListing = options.mailboxListing || (await this.getCachedMailboxListing()) || (await this.getMailboxListing());
 
         if (options.byId) {
             return mailboxListing.find(entry => entry.id === path);
@@ -3691,6 +3735,7 @@ class OutlookClient extends BaseClient {
             bcc: extended && messageData.bccRecipients?.length ? messageData.bccRecipients.map(entry => entry.emailAddress).filter(entry => entry) : undefined,
 
             messageId: messageData.internetMessageId,
+            inReplyTo: messageData.inReplyTo || undefined,
 
             headers: (extended && messageData.headers) || undefined,
 
@@ -4385,6 +4430,20 @@ class OutlookClient extends BaseClient {
             filterParts.push(`receivedDateTime gt ${this.formatSearchTerm(search.since || search.sentSince, false)}`);
         }
 
+        // Category (label) filters - "has" matches messages tagged with the category, "not" excludes them
+        if (search.labels && typeof search.labels === 'object') {
+            for (let category of [].concat(search.labels.has || [])) {
+                if (category) {
+                    filterParts.push(`categories/any(c:c eq ${this.formatSearchTerm(category)})`);
+                }
+            }
+            for (let category of [].concat(search.labels.not || [])) {
+                if (category) {
+                    filterParts.push(`not (categories/any(c:c eq ${this.formatSearchTerm(category)}))`);
+                }
+            }
+        }
+
         // Limited header search support
         for (let headerKey of Object.keys(search.header || {})) {
             switch (headerKey.toLowerCase().trim()) {
@@ -4522,4 +4581,4 @@ class OutlookClient extends BaseClient {
     }
 }
 
-module.exports = { OutlookClient };
+module.exports = { OutlookClient, encodeFolderSegment, decodeFolderSegment };

package/lib/export.js

@@ -66,6 +66,39 @@ function createError(message, code, statusCode) {
     return err;
 }
 
+// Error classifiers used by the export worker to decide between retrying, skipping a single
+// message, or failing the whole export job.
+
+function isTransientError(err) {
+    if (['ETIMEDOUT', 'ECONNRESET', 'ENOTFOUND', 'EAI_AGAIN', 'ECONNREFUSED', 'EPIPE', 'EHOSTUNREACH'].includes(err.code)) {
+        return true;
+    }
+    if (err.statusCode >= 500 && err.statusCode < 600) {
+        return true;
+    }
+    if (err.code === 'Timeout' || err.message?.includes('timeout')) {
+        return true;
+    }
+    return false;
+}
+
+// Account.assertMessageFound reports a missing message as a Boom 404 that carries the
+// machine-readable code and status only in err.output, while client/RPC errors set plain
+// err.code/err.statusCode - check both shapes
+function isSkippableError(err) {
+    let errCode = err.output?.payload?.code || err.code;
+    let statusCode = err.statusCode || err.output?.statusCode;
+    return errCode === 'MessageNotFound' || statusCode === 404 || err.message?.includes('Failed to generate message ID');
+}
+
+// Account.listMessages reports unknown folders as FolderNotFound (Boom error with the code in
+// the payload), the Gmail and Outlook backends throw NotFound directly. Outlook bulk delete can
+// also throw TrashNotFound, but the export worker never deletes messages, so it is not matched.
+function isFolderMissingError(err) {
+    let errCode = err.output?.payload?.code || err.code;
+    return ['FolderNotFound', 'NotFound'].includes(errCode);
+}
+
 async function tryAddToActiveSet(account, exportId) {
     const maxConcurrent = (await settings.get('exportMaxConcurrent')) || DEFAULT_EXPORT_MAX_CONCURRENT;
     const maxGlobalConcurrent = (await settings.get('exportMaxGlobalConcurrent')) || DEFAULT_EXPORT_MAX_GLOBAL_CONCURRENT;
@@ -114,6 +147,13 @@ async function getExportMaxAge() {
     return DEFAULT_EXPORT_MAX_AGE;
 }
 
+// Resolve the retention window into the Redis `expire` TTL (seconds) and an absolute `expiresAt`
+// timestamp (ms), used wherever an export key's expiry is (re)set.
+async function getExportExpiry() {
+    const maxAge = await getExportMaxAge();
+    return { ttl: Math.ceil(maxAge / 1000), expiresAt: Date.now() + maxAge };
+}
+
 function toTimestamp(date) {
     const ts = new Date(date).getTime();
     if (isNaN(ts)) {
@@ -168,7 +208,8 @@ class Export {
             startDate,
             endDate,
             textType: options.textType || '*',
-            maxBytes: options.maxBytes || 5 * 1024 * 1024,
+            // Preserve an explicit 0 ("unlimited" per the API contract); only fall back when unset.
+            maxBytes: Number.isInteger(options.maxBytes) ? options.maxBytes : 5 * 1024 * 1024,
             includeAttachments: options.includeAttachments ? '1' : '0',
             isEncrypted: isEncrypted ? '1' : '0',
             foldersScanned: 0,
@@ -178,7 +219,6 @@ class Export {
             messagesSkipped: 0,
             bytesWritten: 0,
             filePath,
-            lastProcessedScore: 0,
             created: now,
             expiresAt,
             error: ''
@@ -325,11 +365,39 @@ class Export {
 
     static async startProcessing(account, exportId) {
         const exportKey = getExportKey(account, exportId);
-        const maxAge = await getExportMaxAge();
-        const ttl = Math.ceil(maxAge / 1000);
-        const newExpiresAt = Date.now() + maxAge;
+        const queueKey = getExportQueueKey(account, exportId);
+        const { ttl, expiresAt } = await getExportExpiry();
+
+        // Reset progress and clear any previously indexed queue so that each (re)run -- including a
+        // BullMQ stalled-job reprocess -- rebuilds the queue and rewrites the (truncated) output file
+        // from scratch, keeping counters and file content consistent.
+        await redis
+            .multi()
+            .hmset(exportKey, {
+                status: 'processing',
+                phase: 'indexing',
+                expiresAt,
+                foldersScanned: 0,
+                foldersTotal: 0,
+                messagesQueued: 0,
+                messagesExported: 0,
+                messagesSkipped: 0,
+                bytesWritten: 0,
+                truncated: '0'
+            })
+            .del(queueKey)
+            .expire(exportKey, ttl)
+            .exec();
+    }
+
+    static async extendExpiry(account, exportId) {
+        const exportKey = getExportKey(account, exportId);
+        const queueKey = getExportQueueKey(account, exportId);
+        const { ttl, expiresAt } = await getExportExpiry();
 
-        await redis.multi().hmset(exportKey, { status: 'processing', phase: 'indexing', expiresAt: newExpiresAt }).expire(exportKey, ttl).exec();
+        // Keep both the export hash and the pending-message queue alive for the full retention window
+        // while a long export is still running, and surface the refreshed expiry to status readers.
+        await redis.multi().hset(exportKey, 'expiresAt', expiresAt).expire(exportKey, ttl).expire(queueKey, ttl).exec();
     }
 
     static async queueMessage(account, exportId, messageInfo) {
@@ -355,19 +423,23 @@ class Export {
         await multi.exec();
     }
 
-    static async getNextBatch(account, exportId, lastScore, limit) {
+    static async getNextBatch(account, exportId, limit) {
         const queueKey = getExportQueueKey(account, exportId);
-        // Use exclusive lower bound to avoid re-processing messages at batch boundaries
-        const minScore = lastScore > 0 ? '(' + lastScore : lastScore;
-        const results = await redis.zrangebyscore(queueKey, minScore, '+inf', 'WITHSCORES', 'LIMIT', 0, limit);
+        // Atomically pop the lowest-scored (oldest) messages so each is processed exactly once.
+        // This avoids cursor-based reprocessing and the boundary drops that an exclusive score bound
+        // caused when two messages shared the same score.
+        const results = await redis.zpopmin(queueKey, limit);
 
+        // ZPOPMIN returns [member, score, member, score, ...]; only the decoded member is needed.
         const messages = [];
         for (let i = 0; i < results.length; i += 2) {
             try {
-                const info = msgpack.decode(Buffer.from(results[i], 'base64url'));
-                messages.push({ ...info, score: Number(results[i + 1]) });
+                messages.push(msgpack.decode(Buffer.from(results[i], 'base64url')));
             } catch (err) {
                 logger.error({ msg: 'Failed to decode message info', account, exportId, err });
+                // ZPOPMIN already removed the entry, so it will never be exported;
+                // count it as skipped to keep messagesQueued === exported + skipped
+                await Export.incrementSkipped(account, exportId);
             }
         }
 
@@ -383,19 +455,20 @@ class Export {
         await redis.hincrby(getExportKey(account, exportId), 'messagesSkipped', 1);
     }
 
-    static async updateLastProcessedScore(account, exportId, score) {
-        await redis.hset(getExportKey(account, exportId), 'lastProcessedScore', score);
-    }
-
     static async complete(account, exportId) {
         const exportKey = getExportKey(account, exportId);
         const queueKey = getExportQueueKey(account, exportId);
 
+        // Start the retention window at completion time so a long-running export stays downloadable for
+        // the full retention period rather than the time left over from when processing started.
+        const { ttl, expiresAt } = await getExportExpiry();
+
         await redis
             .multi()
-            .hmset(exportKey, { status: 'completed', phase: 'complete' })
+            .hmset(exportKey, { status: 'completed', phase: 'complete', expiresAt })
             .del(queueKey)
             .srem(ACTIVE_EXPORTS_KEY, `${account}:${exportId}`)
+            .expire(exportKey, ttl)
             .exec();
 
         logger.info({ msg: 'Export completed', account, exportId });
@@ -437,8 +510,9 @@ class Export {
 
         for (const entry of activeExports) {
             try {
-                // Find ':exp_' as separator since account IDs may contain colons
-                const separatorIndex = entry.indexOf(':exp_');
+                // Find ':exp_' as separator since account IDs may contain colons. The export id is
+                // always the trailing ':exp_<hex>' segment, so match the last occurrence.
+                const separatorIndex = entry.lastIndexOf(':exp_');
                 if (separatorIndex === -1) continue;
                 const account = entry.substring(0, separatorIndex);
                 const exportId = entry.substring(separatorIndex + 1);
@@ -452,7 +526,7 @@ class Export {
                     continue;
                 }
 
-                if (data && (data.status === 'processing' || data.status === 'queued' || data.status === 'indexing' || data.status === 'cancelled')) {
+                if (data && (data.status === 'processing' || data.status === 'queued' || data.status === 'cancelled')) {
                     const job = await exportQueue.getJob(exportId).catch(() => null);
                     if (job) {
                         await job.remove().catch(() => {});
@@ -541,5 +615,8 @@ module.exports = {
     getExportQueueKey,
     getExportPath,
     getExportMaxAge,
+    isTransientError,
+    isSkippableError,
+    isFolderMissingError,
     DEFAULT_EXPORT_MAX_MESSAGE_SIZE
 };

package/lib/feature-flags.js

@@ -21,11 +21,11 @@ for (let key of Object.keys(process.env)) {
     if (/^EENGINE_FEATURE_/i.test(key)) {
         let feature = formatFeatureKey(key.substring('EENGINE_FEATURE_'.length));
         if (feature) {
-            let value = /^y|1|t/i.test((process.env[key] || '').toString().trim());
+            let value = /^(y|yes|true|t|1)$/i.test((process.env[key] || '').toString().trim());
             if (value) {
                 FEATURES.add(feature);
             } else {
-                FEATURES.remove(feature);
+                FEATURES.delete(feature);
             }
         }
     }

package/lib/gateway.js

@@ -179,13 +179,8 @@ class Gateway {
             throw error;
         }
 
-        let state = false;
-        if (result[0][1] && result[0][1].gateway) {
-            // existing user
-            state = 'existing';
-        } else {
-            state = 'new';
-        }
+        // HGET returns the previous value if the gateway entry already existed
+        let state = result[0][1] ? 'existing' : 'new';
 
         return { gateway: this.gateway, state };
     }
@@ -243,7 +238,7 @@ class Gateway {
         let result = await this.redis.multi().del(this.getGatewayKey()).srem(`${REDIS_PREFIX}gateways`, this.gateway).exec();
         if (!result) {
             return {
-                account: this.account,
+                gateway: this.gateway,
                 deleted: false
             };
         }
@@ -256,7 +251,7 @@ class Gateway {
 
         if (!result[0] || !result[0][1]) {
             return {
-                account: this.account,
+                gateway: this.gateway,
                 deleted: false
             };
         }

package/lib/get-raw-email.js

@@ -229,15 +229,15 @@ async function processMessage(data, licenseInfo) {
         }
 
         if (data.headers) {
-            for (let key of Object.keys(headers)) {
+            for (let key of Object.keys(data.headers)) {
                 let casedKey = key.replace(/^.|-./g, c => c.toUpperCase());
-                switch (key) {
+                switch (key.toLowerCase()) {
                     case 'in-reply-to':
                     case 'references':
-                        headers.update(casedKey, headers[key]);
+                        headers.update(casedKey, data.headers[key]);
                         break;
                     default:
-                        headers.add(casedKey, headers[key]);
+                        headers.add(casedKey, data.headers[key]);
                         break;
                 }
             }
@@ -266,7 +266,7 @@ async function processMessage(data, licenseInfo) {
     });
 
     let trackClicks = typeof data.trackClicks === 'boolean' ? data.trackClicks : trackingEnabled;
-    let trackOpens = typeof data.trackOpens === 'boolean' ? data.trackClicks : trackingEnabled;
+    let trackOpens = typeof data.trackOpens === 'boolean' ? data.trackOpens : trackingEnabled;
 
     return {
         raw: message,

package/lib/imapproxy/imap-core/lib/commands/starttls.js

@@ -15,6 +15,20 @@ module.exports = {
             });
         }
 
+        if (this._server.options.disableSTARTTLS) {
+            // STARTTLS is not advertised in this mode (e.g. the EmailEngine proxy);
+            // refuse it instead of upgrading against the built-in fallback cert.
+            return callback(null, {
+                response: 'NO',
+                message: 'STARTTLS not available'
+            });
+        }
+
+        // Block any further (possibly pipelined / injected) commands until the TLS
+        // handshake completes. _onCommand ignores commands while _upgrading is set,
+        // so a command sent in the same chunk as STARTTLS cannot be executed.
+        this._upgrading = true;
+
         setImmediate(upgrade.bind(null, this));
 
         callback(null, {
@@ -94,6 +108,10 @@ function upgrade(connection) {
             (cipher && cipher.name) || 'N/A'
         );
 
+        // Discard any plaintext the parser buffered before the handshake so it
+        // cannot be injected into the now-encrypted session.
+        connection._parser.reset();
+
         connection._socket.pipe(connection._parser);
         connection.writeStream.pipe(connection._socket);
     });