daaki-smtp 0.2.0

use super::*;

impl SmtpConnection {
    /// Expose `read_response` for testing buffer limits.
    #[cfg(test)]
    async fn read_response_public(&self) -> Result<SmtpResponse, Error> {
        self.inner.lock().await.read_response().await
    }

    /// Expose `validate_params` for testing param validation logic.
    #[cfg(test)]
    async fn validate_params_public(
        &self,
        params: Option<&crate::types::MailFromParams>,
    ) -> Result<(), Error> {
        let inner = self.inner.lock().await;
        Self::validate_params(&inner.capabilities, params, inner.stream.is_tls())
    }

    /// Create a connection from a raw TCP stream for testing.
    #[cfg(test)]
    #[allow(clippy::expect_used)]
    fn from_plain(stream: TcpStream, capabilities: ServerCapabilities, protocol: Protocol) -> Self {
        Self {
            inner: tokio::sync::Mutex::new(SmtpInner {
                stream: SmtpStream::Plain(stream),
                read_buf: BytesMut::with_capacity(4096),
                capabilities,
                ehlo_domain: default_ehlo_domain().expect("default EHLO address-literal is valid"),
                authenticated: false,
                server_shutting_down: false,
                helo_mode: false,
            }),
            protocol,
        }
    }
}

use crate::types::SmtpExtension;
use base64::Engine;
use tokio::io::AsyncWriteExt;
use tokio::net::TcpListener;

/// Helper: create a mock SMTP server that sends scripted responses.
/// Returns a `TcpStream` connected to it.
async fn mock_server(responses: Vec<&'static str>) -> TcpStream {
    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        for resp in responses {
            socket.write_all(resp.as_bytes()).await.unwrap();
            socket.flush().await.unwrap();
        }
        // Keep the connection open for a bit so the client can read.
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    TcpStream::connect(addr).await.unwrap()
}

/// Helper: create a mock server that reads client commands before
/// sending each response (more realistic interaction).
///
/// Each interaction is `(expected_substring, response)`. The server
/// accumulates reads until the expected substring appears, then sends
/// the response.
async fn mock_interactive_server(interactions: Vec<(&'static str, &'static str)>) -> TcpStream {
    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut tmp = [0u8; 4096];
        for (expected_contains, response) in interactions {
            if !expected_contains.is_empty() {
                // Read until the accumulated data contains expected_contains.
                let mut accumulated = Vec::new();
                loop {
                    let n = socket.read(&mut tmp).await.unwrap();
                    assert!(
                        n > 0,
                        "connection closed while waiting for {expected_contains:?}"
                    );
                    accumulated.extend_from_slice(&tmp[..n]);
                    let text = String::from_utf8_lossy(&accumulated);
                    if text.contains(expected_contains) {
                        break;
                    }
                }
            }
            socket.write_all(response.as_bytes()).await.unwrap();
            socket.flush().await.unwrap();
        }
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    TcpStream::connect(addr).await.unwrap()
}

fn smtp_caps_with_pipelining() -> ServerCapabilities {
    ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Pipelining],
    }
}

fn smtp_caps_no_pipelining() -> ServerCapabilities {
    ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![],
    }
}

// ── RFC 1870 §3 — SIZE param must be sent when extension is advertised ──

#[tokio::test]
async fn size_param_sent_when_extension_advertised_without_limit() {
    // RFC 1870 Section 3: The client SHOULD include the SIZE parameter
    // in MAIL FROM when the server advertises the SIZE extension, even
    // if no numeric limit was given (e.g. "250 SIZE\r\n" with no number).
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = vec![0u8; 4096];

        // Wait for MAIL FROM.
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0);
            accumulated.extend_from_slice(&buf[..n]);
            let text = String::from_utf8_lossy(&accumulated);
            if text.contains("MAIL FROM:") {
                // Verify SIZE= parameter is present.
                assert!(
                    text.contains("SIZE="),
                    "MAIL FROM must include SIZE= when SIZE extension is \
                     advertised (RFC 1870 Section 3). Got: {text}"
                );
                break;
            }
        }

        // Respond to MAIL FROM.
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();
        // RCPT TO response.
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("RCPT TO:") {
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();
        // DATA response.
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("DATA") {
                break;
            }
        }
        socket.write_all(b"354 Start\r\n").await.unwrap();
        socket.flush().await.unwrap();
        // Message body terminator.
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("\r\n.\r\n") {
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    // Connect with SIZE extension advertised but NO numeric limit.
    let stream = TcpStream::connect(addr).await.unwrap();
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Size(None)],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello",
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_ok(), "send failed: {result:?}");
    server.await.unwrap();
}

// ── RFC 1870 §5 — SIZE must use raw message size ──────────────────

#[tokio::test]
async fn size_param_uses_original_message_size() {
    // RFC 1870 Section 5: "The message size is defined as the
    // number of octets, including CR-LF pairs, but not the SMTP
    // DATA command's terminating dot or doubled quoting dots."
    // The SIZE parameter must use the raw message size, excluding
    // dot-stuffing overhead.
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    // Message with two lines starting with '.' — dot-stuffing adds
    // 2 extra bytes. Raw = 33 bytes, stuffed = 35 bytes.
    let message = b"Subject: Test\r\n\r\n.line1\r\n.line2\r\n";
    let raw_len = message.len();
    let stuffed_len = encode::dot_stuff(message).len();
    assert!(
        stuffed_len > raw_len,
        "test setup: stuffed size ({stuffed_len}) must exceed \
         raw size ({raw_len})"
    );

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = vec![0u8; 4096];

        // Wait for MAIL FROM and capture SIZE value.
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0);
            accumulated.extend_from_slice(&buf[..n]);
            let text = String::from_utf8_lossy(&accumulated);
            if text.contains("MAIL FROM:") {
                // Extract the SIZE= value.
                let size_idx = text.find("SIZE=").expect(
                    "MAIL FROM must include SIZE= when server \
                     advertises SIZE",
                );
                let after_size = &text[size_idx + 5..];
                let size_str: String = after_size
                    .chars()
                    .take_while(char::is_ascii_digit)
                    .collect();
                let declared_size: usize = size_str.parse().unwrap();
                // RFC 1870 Section 5: SIZE must be the raw message
                // size, not the dot-stuffed wire size.
                assert_eq!(
                    declared_size, raw_len,
                    "RFC 1870 Section 5: SIZE must be the raw message \
                     size ({raw_len}), not the dot-stuffed wire \
                     size ({stuffed_len}). Got: {declared_size}"
                );
                break;
            }
        }

        // Complete the transaction.
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("RCPT TO:") {
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("DATA") {
                break;
            }
        }
        socket.write_all(b"354 Start\r\n").await.unwrap();
        socket.flush().await.unwrap();
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("\r\n.\r\n") {
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Size(None)],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            message,
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_ok(), "send failed: {result:?}");
    server.await.unwrap();
}

// -------------------------------------------------------------------
// Pipelined send — all recipients succeed
// -------------------------------------------------------------------
#[tokio::test]
async fn pipelined_send_all_recipients_ok() {
    // Server will receive all pipelined commands at once, respond in order.
    let stream = mock_server(vec![
        // MAIL FROM response
        "250 OK\r\n",
        // RCPT TO responses
        "250 OK\r\n",
        "250 OK\r\n",
        // DATA response
        "354 Start\r\n",
        // Final response after message body
        "250 Message accepted\r\n",
    ])
    .await;

    let conn = SmtpConnection::from_plain(stream, smtp_caps_with_pipelining(), Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[
                ForwardPath::new("rcpt1@example.com").unwrap(),
                ForwardPath::new("rcpt2@example.com").unwrap(),
            ],
            b"Subject: Test\r\n\r\nHello",
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_ok(), "expected success, got: {result:?}");
}

// -------------------------------------------------------------------
// Pipelined send — MAIL FROM failure (drain responses)
// -------------------------------------------------------------------
#[tokio::test]
async fn pipelined_send_mail_from_failure() {
    let stream = mock_server(vec![
        // MAIL FROM rejected
        "550 Bad sender\r\n",
        // Remaining RCPT TO + DATA responses still arrive
        "250 OK\r\n",
        "354 Start\r\n",
    ])
    .await;

    let conn = SmtpConnection::from_plain(stream, smtp_caps_with_pipelining(), Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("bad@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello",
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_err());
    match result.unwrap_err() {
        Error::Permanent { code, .. } => assert_eq!(code, 550),
        other => panic!("expected Permanent error, got: {other:?}"),
    }
}

// -------------------------------------------------------------------
// Pipelined send — MAIL FROM rejected + DATA 354 sends dot terminator
// -------------------------------------------------------------------
// RFC 1854 Section 3 / RFC 5321 Section 3.3: when MAIL FROM is rejected
// in pipelined mode but the server already sent a 354 intermediate
// response for DATA, the client must send the dot terminator to exit the
// DATA state. Otherwise the session is left in an inconsistent state
// where the server expects message data.
#[tokio::test]
async fn pipelined_mail_from_rejected_with_354_sends_dot_terminator() {
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = [0u8; 4096];

        // Read pipelined commands (MAIL FROM + RCPT TO + DATA).
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(
                n > 0,
                "connection closed while waiting for pipelined commands"
            );
            accumulated.extend_from_slice(&buf[..n]);
            let text = String::from_utf8_lossy(&accumulated);
            if text.contains("DATA") {
                break;
            }
        }

        // Respond: MAIL FROM rejected, RCPT TO OK, DATA 354 (intermediate).
        // This simulates a server that processes commands and sends responses
        // even though MAIL FROM was rejected.
        socket
            .write_all(b"550 Bad sender\r\n250 OK\r\n354 Start mail input\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // RFC 1854 Section 3 / RFC 5321 Section 3.3: the client must
        // send the dot terminator "\r\n.\r\n" to exit the DATA state.
        accumulated.clear();
        let dot_received = tokio::time::timeout(Duration::from_secs(3), async {
            loop {
                let n = socket.read(&mut buf).await.unwrap();
                if n == 0 {
                    return false;
                }
                accumulated.extend_from_slice(&buf[..n]);
                let text = String::from_utf8_lossy(&accumulated);
                if text.contains("\r\n.\r\n") || text.starts_with(".\r\n") {
                    return true;
                }
            }
        })
        .await;

        assert!(
            matches!(dot_received, Ok(true)),
            "client must send dot terminator after pipelined MAIL FROM \
             rejection when DATA returned 354 (RFC 1854 Section 3 / \
             RFC 5321 Section 3.3): dot_received={dot_received:?}"
        );

        // Send response to the dot-terminated empty message.
        socket
            .write_all(b"250 OK message accepted\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    let conn = SmtpConnection::from_plain(stream, smtp_caps_with_pipelining(), Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("bad@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello",
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_err());
    match result.unwrap_err() {
        Error::Permanent { code, .. } => assert_eq!(code, 550),
        other => panic!("expected Permanent error, got: {other:?}"),
    }
    server.await.unwrap();
}

// -------------------------------------------------------------------
// Pipelined drain must check the DATA response by index, not last read
// -------------------------------------------------------------------
// RFC 1854 Section 3: when MAIL FROM is rejected in pipelined mode,
// the client drains N RCPT TO + 1 DATA responses. If a read fails
// mid-drain, the code must not misidentify an RCPT TO response as the
// DATA response. Specifically, if a non-conformant server sends a 3xx
// (intermediate) code for an RCPT TO response and a subsequent read
// fails, the client must not send the dot terminator based on that
// RCPT TO response — only the actual DATA response (the last in the
// drain sequence) determines whether the dot terminator is needed.
#[tokio::test]
async fn pipelined_drain_checks_data_response_by_index_not_last_read() {
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = [0u8; 4096];

        // Read pipelined commands (MAIL FROM + 3 RCPT TOs + DATA).
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0, "connection closed before pipelined commands");
            accumulated.extend_from_slice(&buf[..n]);
            let text = String::from_utf8_lossy(&accumulated);
            if text.contains("DATA") {
                break;
            }
        }

        // Respond with MAIL FROM rejected, then a non-conformant 354
        // for RCPT1 (buggy server), then close the connection before
        // sending the remaining RCPT TO and DATA responses.
        // This simulates a mid-drain read failure where the last
        // successfully read response is an intermediate 354 that is
        // NOT the DATA response.
        socket
            .write_all(b"550 Bad sender\r\n354 Go ahead\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // Close the write half so the client gets EOF on the next read.
        // The client should NOT send a dot terminator because the 354
        // was an RCPT TO response (index 0), not the DATA response
        // (which would be at index 3 for 3 recipients).
        drop(socket);

        // If the old buggy code runs, it would try to write a dot
        // terminator to the closed connection (silently failing).
        // The fixed code correctly identifies that no DATA response
        // was received and skips the dot terminator entirely.
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    let conn = SmtpConnection::from_plain(stream, smtp_caps_with_pipelining(), Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("bad@example.com").unwrap(),
            &[
                ForwardPath::new("rcpt1@example.com").unwrap(),
                ForwardPath::new("rcpt2@example.com").unwrap(),
                ForwardPath::new("rcpt3@example.com").unwrap(),
            ],
            b"Subject: Test\r\n\r\nHello",
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_err());
    match result.unwrap_err() {
        Error::Permanent { code, .. } => assert_eq!(code, 550),
        other => panic!("expected Permanent 550 error, got: {other:?}"),
    }
    server.await.unwrap();
}

// Regression: verify the pipelined drain tracks the DATA response by
// index when the connection remains alive. A buggy server sends 354
// for RCPT TO, a malformed response that causes a parse error, but
// the connection stays open. The old code would try to send a dot
// terminator (corrupting the session); the fix skips it because the
// actual DATA response was never read.
#[tokio::test]
async fn pipelined_drain_no_dot_terminator_on_non_data_354() {
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = [0u8; 4096];

        // Read pipelined commands (MAIL FROM + 2 RCPT TOs + DATA).
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0, "connection closed before pipelined commands");
            accumulated.extend_from_slice(&buf[..n]);
            let text = String::from_utf8_lossy(&accumulated);
            if text.contains("DATA") {
                break;
            }
        }

        // Send: MAIL FROM rejected (550), then a non-conformant 354
        // for RCPT1, then a malformed response (too short, will cause
        // parse error), then the real DATA response.
        // The parse error at RCPT2 causes the drain to break early.
        socket
            .write_all(b"550 Bad sender\r\n354 Go ahead\r\nXX\r\n503 Bad sequence\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // Wait to see if the client sends a dot terminator.
        // With the bug: it would send "\r\n.\r\n" because last_resp=354.
        // With the fix: it should NOT send anything because data_resp=None.
        accumulated.clear();
        let received_data = tokio::time::timeout(Duration::from_millis(500), async {
            loop {
                let n = match socket.read(&mut buf).await {
                    Ok(0) | Err(_) => return false,
                    Ok(n) => n,
                };
                accumulated.extend_from_slice(&buf[..n]);
                let text = String::from_utf8_lossy(&accumulated);
                if text.contains(".\r\n") {
                    return true; // client sent dot terminator — BUG!
                }
            }
        })
        .await;

        assert!(
            !matches!(received_data, Ok(true)),
            "client must NOT send dot terminator when the 354 was an \
             RCPT TO response, not the DATA response (RFC 1854 Section 3)"
        );

        tokio::time::sleep(Duration::from_millis(100)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    let conn = SmtpConnection::from_plain(stream, smtp_caps_with_pipelining(), Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("bad@example.com").unwrap(),
            &[
                ForwardPath::new("rcpt1@example.com").unwrap(),
                ForwardPath::new("rcpt2@example.com").unwrap(),
            ],
            b"Subject: Test\r\n\r\nHello",
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_err());
    match result.unwrap_err() {
        Error::Permanent { code, .. } => assert_eq!(code, 550),
        other => panic!("expected Permanent 550 error, got: {other:?}"),
    }
    server.await.unwrap();
}

// -------------------------------------------------------------------
// Pipelined send — all RCPT TOs fail
// -------------------------------------------------------------------
#[tokio::test]
async fn pipelined_send_all_rcpt_tos_fail() {
    let stream = mock_server(vec![
        // MAIL FROM OK
        "250 OK\r\n",
        // All RCPT TOs rejected
        "550 User unknown\r\n",
        "550 User unknown\r\n",
        // DATA response (server still sends 354)
        "354 Start\r\n",
        // Response after we send the empty DATA terminator
        "250 OK\r\n",
    ])
    .await;

    let conn = SmtpConnection::from_plain(stream, smtp_caps_with_pipelining(), Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[
                ForwardPath::new("bad1@example.com").unwrap(),
                ForwardPath::new("bad2@example.com").unwrap(),
            ],
            b"Subject: Test\r\n\r\nHello",
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_err());
    match result.unwrap_err() {
        Error::AllRecipientsFailed { count, responses } => {
            assert_eq!(count, 2);
            assert_eq!(responses.len(), 2);
        }
        other => panic!("expected AllRecipientsFailed, got: {other:?}"),
    }
}

// -------------------------------------------------------------------
// Regression: pipelined send — all RCPT TOs rejected, server closes
// connection after 354, must return AllRecipientsFailed not Io error
// -------------------------------------------------------------------
// RFC 1854 Section 3: when all recipients are rejected in pipelined
// mode and the server sends a 354 intermediate response for DATA, the
// client sends the dot terminator to exit the DATA state. If the
// server has already closed the connection (a common behavior after
// rejecting all recipients), the write fails. The cleanup write must
// not propagate the I/O error — the semantically meaningful error is
// AllRecipientsFailed.
#[tokio::test]
async fn pipelined_all_rcpt_rejected_server_closes_returns_all_recipients_failed() {
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = [0u8; 4096];

        // Read pipelined commands (MAIL FROM + RCPT TO + DATA).
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(
                n > 0,
                "connection closed while waiting for pipelined commands"
            );
            accumulated.extend_from_slice(&buf[..n]);
            let text = String::from_utf8_lossy(&accumulated);
            if text.contains("DATA") {
                break;
            }
        }

        // Respond: MAIL FROM OK, all RCPT TOs rejected, DATA 354.
        socket
            .write_all(
                b"250 OK\r\n\
                  550 User unknown\r\n\
                  550 User unknown\r\n\
                  354 Start mail input\r\n",
            )
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // Force a RST (not FIN) by setting SO_LINGER with zero
        // timeout before closing. This makes the client's next
        // write_all fail with ConnectionReset instead of succeeding
        // silently into a kernel buffer.
        let std_sock = socket.into_std().unwrap();
        let sock2 = socket2::Socket::from(std_sock);
        sock2.set_linger(Some(Duration::from_secs(0))).unwrap();
        drop(sock2);
    });

    let stream = TcpStream::connect(addr).await.unwrap();

    // Give the server time to send the RST so the client write
    // observes the error.
    tokio::time::sleep(Duration::from_millis(50)).await;

    let conn = SmtpConnection::from_plain(stream, smtp_caps_with_pipelining(), Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[
                ForwardPath::new("bad1@example.com").unwrap(),
                ForwardPath::new("bad2@example.com").unwrap(),
            ],
            b"Subject: Test\r\n\r\nHello",
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_err());
    match result.unwrap_err() {
        Error::AllRecipientsFailed { count, responses } => {
            assert_eq!(count, 2, "must report both rejected recipients");
            assert_eq!(responses.len(), 2);
            for resp in &responses {
                assert_eq!(resp.code, 550);
            }
        }
        other => panic!(
            "expected AllRecipientsFailed, got: {other:?} \
             (bug: cleanup write propagated I/O error instead of \
             returning AllRecipientsFailed per RFC 1854 Section 3)"
        ),
    }
    server.await.unwrap();
}

// -------------------------------------------------------------------
// Sequential send — no pipelining
// -------------------------------------------------------------------
#[tokio::test]
async fn sequential_send_success() {
    let stream = mock_interactive_server(vec![
        // MAIL FROM
        ("MAIL FROM:", "250 OK\r\n"),
        // RCPT TO
        ("RCPT TO:", "250 OK\r\n"),
        // DATA
        ("DATA", "354 Start\r\n"),
        // Message body
        ("\r\n.\r\n", "250 Message accepted\r\n"),
    ])
    .await;

    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello",
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_ok(), "expected success, got: {result:?}");
}

// -------------------------------------------------------------------
// Sequential send — MAIL FROM failure
// -------------------------------------------------------------------
#[tokio::test]
async fn sequential_send_mail_from_failure() {
    let stream = mock_interactive_server(vec![
        // MAIL FROM rejected
        ("MAIL FROM:", "550 Bad sender\r\n"),
    ])
    .await;

    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("bad@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello",
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_err());
    match result.unwrap_err() {
        Error::Permanent { code, .. } => assert_eq!(code, 550),
        other => panic!("expected Permanent error, got: {other:?}"),
    }
}

// -------------------------------------------------------------------
// LMTP send — per-recipient responses (some succeed, some fail)
// -------------------------------------------------------------------
#[tokio::test]
async fn lmtp_send_per_recipient_responses() {
    let stream = mock_interactive_server(vec![
        // MAIL FROM
        ("MAIL FROM:", "250 OK\r\n"),
        // RCPT TO #1 — accepted
        ("RCPT TO:", "250 OK\r\n"),
        // RCPT TO #2 — accepted
        ("RCPT TO:", "250 OK\r\n"),
        // RCPT TO #3 — rejected
        ("RCPT TO:", "550 Unknown user\r\n"),
        // DATA
        ("DATA", "354 Start\r\n"),
        // Message body: LMTP returns one response per accepted recipient
        // (RFC 2033 Section 4.2).
        (
            "\r\n.\r\n",
            "250 Delivered to rcpt1\r\n550 Delivery failed for rcpt2\r\n",
        ),
    ])
    .await;

    let conn = SmtpConnection::from_plain(stream, ServerCapabilities::default(), Protocol::Lmtp);

    let results = conn
        .send_lmtp(
            &ReversePath::new("sender@example.com").unwrap(),
            &[
                ForwardPath::new("rcpt1@example.com").unwrap(),
                ForwardPath::new("rcpt2@example.com").unwrap(),
                ForwardPath::new("rcpt3@example.com").unwrap(),
            ],
            b"Subject: Test\r\n\r\nHello",
            None,
            Duration::from_secs(5),
        )
        .await
        .unwrap();

    // Only 2 recipients were accepted by RCPT TO, so 2 results.
    assert_eq!(results.results.len(), 2);
    assert_eq!(results.results[0].recipient.as_str(), "rcpt1@example.com");
    assert!(results.results[0].response.is_success());
    assert_eq!(results.results[1].recipient.as_str(), "rcpt2@example.com");
    assert!(results.results[1].response.is_permanent_error());
}

// ── RFC 1652 §3 / RFC 6531 §3.4 — LMTP with MAIL FROM params ─────

#[tokio::test]
async fn lmtp_send_with_params_includes_body_8bitmime() {
    // RFC 1652 Section 3: BODY=8BITMIME must be declarable in LMTP
    // MAIL FROM when the server supports it.
    // RFC 6531 Section 3.4: SMTPUTF8 must be declarable.
    use crate::types::{BodyType, MailFromParams};
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = vec![0u8; 4096];

        // Wait for MAIL FROM and verify BODY=8BITMIME is present.
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0);
            accumulated.extend_from_slice(&buf[..n]);
            let text = String::from_utf8_lossy(&accumulated);
            if text.contains("MAIL FROM:") {
                assert!(
                    text.contains("BODY=8BITMIME"),
                    "MAIL FROM must include BODY=8BITMIME when caller \
                     requests it (RFC 1652 Section 3). Got: {text}"
                );
                assert!(
                    text.contains("SMTPUTF8"),
                    "MAIL FROM must include SMTPUTF8 when caller \
                     requests it (RFC 6531 Section 3.4). Got: {text}"
                );
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // RCPT TO.
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("RCPT TO:") {
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // DATA.
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("DATA") {
                break;
            }
        }
        socket.write_all(b"354 Start\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // Terminator + per-recipient response (RFC 2033 Section 4.2).
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("\r\n.\r\n") {
                break;
            }
        }
        socket.write_all(b"250 Delivered\r\n").await.unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::EightBitMime, SmtpExtension::SmtpUtf8],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Lmtp);

    let params = MailFromParams {
        body: Some(BodyType::EightBitMime),
        smtputf8: true,
        ..Default::default()
    };
    let results = conn
        .send_lmtp(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            "Subject: Test\r\n\r\nHéllo".as_bytes(),
            Some(&params),
            Duration::from_secs(5),
        )
        .await;

    assert!(results.is_ok(), "send_lmtp with params failed: {results:?}");
    let results = results.unwrap();
    assert_eq!(results.results.len(), 1);
    assert!(results.results[0].response.is_success());
    server.await.unwrap();
}

// -------------------------------------------------------------------
// send_lmtp on non-LMTP connection returns Protocol error
// -------------------------------------------------------------------
#[tokio::test]
async fn send_lmtp_on_smtp_connection_returns_protocol_error() {
    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, ServerCapabilities::default(), Protocol::Smtp);

    let result = conn
        .send_lmtp(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Hello",
            None,
            Duration::from_secs(1),
        )
        .await;

    assert!(result.is_err());
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(msg.contains("LMTP"), "expected LMTP mention: {msg}");
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

// ── RFC 2033 §4.2 — send() must reject LMTP connections ────────────

#[tokio::test]
async fn send_on_lmtp_connection_returns_protocol_error() {
    // RFC 2033 Section 4.2: LMTP returns one response per accepted
    // recipient after DATA, not a single aggregate response like SMTP.
    // send() / send_with_params() reads only one DATA response, which
    // would leave remaining per-recipient responses in the buffer and
    // corrupt the connection state. The method must reject LMTP
    // connections and direct callers to send_lmtp() instead.
    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, ServerCapabilities::default(), Protocol::Lmtp);

    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello\r\n",
            Duration::from_secs(1),
        )
        .await;

    assert!(result.is_err(), "send() must reject LMTP connections");
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("LMTP") && msg.contains("send_lmtp"),
                "error must mention LMTP and direct to send_lmtp: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

#[tokio::test]
async fn send_with_params_on_lmtp_connection_returns_protocol_error() {
    // Same as above but with explicit params — send_with_params() must
    // also reject LMTP connections (RFC 2033 Section 4.2).
    use crate::types::{BodyType, MailFromParams};

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::EightBitMime],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Lmtp);

    let params = MailFromParams {
        body: Some(BodyType::EightBitMime),
        ..Default::default()
    };
    let result = conn
        .send_with_params(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello\r\n",
            Some(&params),
            Duration::from_secs(1),
        )
        .await;

    assert!(
        result.is_err(),
        "send_with_params() must reject LMTP connections"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(msg.contains("LMTP"), "error must mention LMTP: {msg}");
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

// -------------------------------------------------------------------
// RSET — RFC 5321 Section 4.1.1.5
// -------------------------------------------------------------------

#[tokio::test]
async fn reset_non_250_2xx_rejected() {
    // RFC 5321 Section 4.1.1.5: the only successful completion reply
    // defined for RSET is 250. A 251 response is a server protocol
    // violation and must not be treated as success.
    let stream = mock_interactive_server(vec![("RSET", "251 Not exactly reset\r\n")]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let result = conn.reset(Duration::from_secs(5)).await;
    assert!(
        matches!(result, Err(Error::Protocol(_))),
        "RSET must reject non-250 2xx responses (RFC 5321 Section 4.1.1.5): {result:?}"
    );
}

// -------------------------------------------------------------------
// NOOP — RFC 5321 Section 4.1.1.9
// -------------------------------------------------------------------

#[tokio::test]
async fn noop_success() {
    // RFC 5321 Section 4.1.1.9: NOOP does nothing except force a reply.
    let stream = mock_server(vec!["250 OK\r\n"]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let result = conn.noop(Duration::from_secs(5)).await;
    assert!(result.is_ok(), "noop should succeed: {result:?}");
}

#[tokio::test]
async fn noop_error() {
    // Server returns a transient error to NOOP.
    let stream = mock_server(vec!["421 Service not available\r\n"]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let result = conn.noop(Duration::from_secs(5)).await;
    assert!(result.is_err());
}

#[tokio::test]
async fn noop_non_250_2xx_rejected() {
    // RFC 5321 Section 4.1.1.9: the NOOP success reply is 250. A 251
    // response is a protocol violation and must not be accepted.
    let stream = mock_server(vec!["251 Not exactly noop\r\n"]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let result = conn.noop(Duration::from_secs(5)).await;
    assert!(
        matches!(result, Err(Error::Protocol(_))),
        "NOOP must reject non-250 2xx responses (RFC 5321 Section 4.1.1.9): {result:?}"
    );
}

// -------------------------------------------------------------------
// QUIT — RFC 5321 Section 4.1.1.10
// -------------------------------------------------------------------

#[tokio::test]
async fn quit_success() {
    // RFC 5321 Section 4.1.1.10: the server responds with 221 to QUIT.
    let stream = mock_interactive_server(vec![("QUIT", "221 Bye\r\n")]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let result = conn.quit(Duration::from_secs(5)).await;
    assert!(result.is_ok(), "quit should succeed: {result:?}");
}

#[tokio::test]
async fn quit_failure() {
    // Server returns an error to QUIT (non-2xx reply).
    let stream = mock_interactive_server(vec![("QUIT", "500 Error\r\n")]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let result = conn.quit(Duration::from_secs(5)).await;
    assert!(result.is_err(), "quit should fail on 500 response");
}

#[tokio::test]
async fn quit_non_221_2xx_rejected() {
    // RFC 5321 Section 4.1.1.10: the successful completion reply to
    // QUIT is 221. A 250 response is a server protocol violation.
    let stream = mock_interactive_server(vec![("QUIT", "250 Not closing\r\n")]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let result = conn.quit(Duration::from_secs(5)).await;
    assert!(
        matches!(result, Err(Error::Protocol(_))),
        "QUIT must reject non-221 2xx responses (RFC 5321 Section 4.1.1.10): {result:?}"
    );
}

// -------------------------------------------------------------------
// Timeout test
// -------------------------------------------------------------------
#[tokio::test]
async fn send_timeout() {
    // Server that never responds after initial contact.
    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        // Send MAIL FROM response then hang.
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();
        // Never send more data — client should time out.
        tokio::time::sleep(Duration::from_secs(60)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Hello",
            Duration::from_millis(200),
        )
        .await;

    assert!(result.is_err());
    match result.unwrap_err() {
        Error::Timeout => {}
        other => panic!("expected Timeout, got: {other:?}"),
    }
}

// -------------------------------------------------------------------
// Response parser tests
// -------------------------------------------------------------------
#[test]
fn parse_single_line_response() {
    let buf = b"250 OK\r\n";
    let (resp, _consumed) = SmtpConnection::try_parse_response(buf).unwrap().unwrap();
    assert_eq!(resp.code, 250);
    assert_eq!(resp.lines, vec!["OK"]);
}

#[test]
fn parse_multi_line_response() {
    let buf = b"250-mail.example.com\r\n250-PIPELINING\r\n250 SIZE 10240000\r\n";
    let (resp, _consumed) = SmtpConnection::try_parse_response(buf).unwrap().unwrap();
    assert_eq!(resp.code, 250);
    assert_eq!(
        resp.lines,
        vec!["mail.example.com", "PIPELINING", "SIZE 10240000"]
    );
}

// ── RFC 2034 §3 — enhanced status code parsing ───

#[test]
fn parse_response_enhanced_code_single_line() {
    // RFC 2034 Section 3: enhanced status code appears after the
    // reply code and separator in the response text.
    let buf = b"250 2.1.0 Sender OK\r\n";
    let (resp, _consumed) = SmtpConnection::try_parse_response(buf).unwrap().unwrap();
    assert_eq!(resp.code, 250);
    let esc = resp.enhanced_code.unwrap();
    assert_eq!(esc.class, 2);
    assert_eq!(esc.subject, 1);
    assert_eq!(esc.detail, 0);
    assert_eq!(resp.lines, vec!["Sender OK"]);
}

#[test]
fn parse_response_enhanced_code_multi_line() {
    // First line has enhanced code, second does not.
    let buf = b"550-5.1.1 User unknown\r\n550 try another mailbox\r\n";
    let (resp, _consumed) = SmtpConnection::try_parse_response(buf).unwrap().unwrap();
    assert_eq!(resp.code, 550);
    let esc = resp.enhanced_code.unwrap();
    assert_eq!(esc.class, 5);
    assert_eq!(esc.subject, 1);
    assert_eq!(esc.detail, 1);
    assert_eq!(resp.lines, vec!["User unknown", "try another mailbox"]);
}

#[test]
fn parse_response_no_enhanced_code() {
    let buf = b"250 OK\r\n";
    let (resp, _consumed) = SmtpConnection::try_parse_response(buf).unwrap().unwrap();
    assert!(resp.enhanced_code.is_none());
}

// ── RFC 2034 §4 — enhanced code class must match reply code class ──

#[test]
fn parse_response_enhanced_code_class_mismatch_discarded() {
    // RFC 2034 Section 4: enhanced code class MUST match reply class.
    // A 250 reply with 5.x.x enhanced code is invalid.
    let buf = b"250 5.1.1 Sender OK\r\n";
    let (resp, _consumed) = SmtpConnection::try_parse_response(buf).unwrap().unwrap();
    assert_eq!(resp.code, 250);
    assert!(
        resp.enhanced_code.is_none(),
        "enhanced code with mismatched class must be discarded (RFC 2034 Section 4)"
    );
    // Original text preserved including the invalid enhanced code digits.
    assert_eq!(resp.lines, vec!["5.1.1 Sender OK"]);
}

// ── RFC 5321 §4.2 — reply code range validation ──

#[test]
fn parse_response_rejects_code_below_200() {
    // RFC 5321 Section 4.2: first digit must be 2-5.
    let buf = b"100 OK\r\n";
    let result = SmtpConnection::try_parse_response(buf);
    assert!(
        result.is_err(),
        "reply code 100 is outside 200-599 and must be rejected"
    );
}

#[test]
fn parse_response_rejects_code_above_599() {
    let buf = b"600 Weird\r\n";
    let result = SmtpConnection::try_parse_response(buf);
    assert!(
        result.is_err(),
        "reply code 600 is outside 200-599 and must be rejected"
    );
}

#[test]
fn parse_response_accepts_boundary_codes() {
    // RFC 5321 Section 4.2 / Postel's law: first digit must be 2-5,
    // second digit 0-9 is accepted (relaxed from strict %x30-35).
    // Valid boundaries: 200 (lowest) and 599 (highest accepted).
    let buf = b"200 OK\r\n";
    let (resp, _consumed) = SmtpConnection::try_parse_response(buf).unwrap().unwrap();
    assert_eq!(resp.code, 200);

    let buf = b"559 Error\r\n";
    let (resp, _consumed) = SmtpConnection::try_parse_response(buf).unwrap().unwrap();
    assert_eq!(resp.code, 559);

    // Per Postel's law, 599 and 260 are now accepted (second digit
    // 6-9 tolerated for non-conformant servers).
    let buf = b"599 Error\r\n";
    let (resp, _consumed) = SmtpConnection::try_parse_response(buf).unwrap().unwrap();
    assert_eq!(resp.code, 599);

    let buf = b"260 OK\r\n";
    let (resp, _consumed) = SmtpConnection::try_parse_response(buf).unwrap().unwrap();
    assert_eq!(resp.code, 260);
}

#[test]
fn parse_response_accepts_second_digit_6_through_9() {
    // Postel's law: reply codes with second digit 6-9 are outside
    // the strict RFC 5321 §4.2 ABNF (%x30-35), but real servers may
    // return them.  The production parser should accept any 3-digit
    // code in the range 200-599.
    let buf = b"268 OK\r\n";
    let (resp, _consumed) = SmtpConnection::try_parse_response(buf).unwrap().unwrap();
    assert_eq!(resp.code, 268);

    let buf = b"569 Error\r\n";
    let (resp, _consumed) = SmtpConnection::try_parse_response(buf).unwrap().unwrap();
    assert_eq!(resp.code, 569);

    let buf = b"297 Something\r\n";
    let (resp, _consumed) = SmtpConnection::try_parse_response(buf).unwrap().unwrap();
    assert_eq!(resp.code, 297);

    let buf = b"480 Temporary\r\n";
    let (resp, _consumed) = SmtpConnection::try_parse_response(buf).unwrap().unwrap();
    assert_eq!(resp.code, 480);

    // First digit outside 2-5 must still be rejected.
    let buf = b"168 Bad\r\n";
    assert!(
        SmtpConnection::try_parse_response(buf).is_err(),
        "first digit 1 must still be rejected"
    );
    let buf = b"668 Bad\r\n";
    assert!(
        SmtpConnection::try_parse_response(buf).is_err(),
        "first digit 6 must still be rejected"
    );
}

#[test]
fn parse_incomplete_response() {
    let buf = b"250-mail.example.com\r\n250-PIPE";
    let result = SmtpConnection::try_parse_response(buf).unwrap();
    assert!(result.is_none(), "expected None for incomplete response");
}

#[test]
fn parse_response_rejects_invalid_separator() {
    // RFC 5321 Section 4.2: the byte after the 3-digit reply code
    // must be '-' (continuation), SP (final line), or absent (code-only
    // line). Any other byte is a protocol violation.
    let buf = b"250X foo\r\n";
    let result = SmtpConnection::try_parse_response(buf);
    assert!(
        result.is_err(),
        "reply line with invalid separator 'X' must be rejected (RFC 5321 Section 4.2)"
    );
}

#[test]
fn parse_multiline_response_rejects_code_mismatch_as_protocol_error() {
    // RFC 5321 Section 4.2: In a multi-line reply, the reply code on
    // every line MUST be the same. A server that sends inconsistent
    // codes (e.g., 250 on the first line and 451 on the second) is
    // committing a protocol violation, not a parse failure.
    let buf = b"250-OK\r\n451 Error\r\n";
    let result = SmtpConnection::try_parse_response(buf);
    let err = result.unwrap_err();
    assert!(
        matches!(err, Error::Protocol(_)),
        "multiline reply code mismatch must be Error::Protocol, got: {err:?}"
    );
    let msg = err.to_string();
    assert!(
        msg.contains("RFC 5321"),
        "error message must cite RFC 5321, got: {msg}"
    );
}

// -------------------------------------------------------------------
// Cross-validation: try_parse_response vs nom parse_response
// -------------------------------------------------------------------
// RFC 5321 Section 4.2: the production hand-written parser
// (try_parse_response) and the nom-based parser (decode::parse_response)
// must produce identical results for the same inputs. This ensures
// behavioral parity and prevents divergence.

/// Helper: run both parsers on the same input and assert they produce
/// identical `SmtpResponse` values. The nom parser uses streaming mode,
/// so it returns remaining bytes; we verify the full input was consumed.
fn cross_validate_parsers(input: &[u8]) {
    let production = SmtpConnection::try_parse_response(input);
    let nom_result = crate::codec::decode::parse_response(input);

    match (&production, &nom_result) {
        (Ok(Some((prod_resp, consumed))), Ok((remaining, nom_resp))) => {
            // Verify the byte count matches the nom parser's consumption.
            let nom_consumed = input.len() - remaining.len();
            assert_eq!(
                *consumed,
                nom_consumed,
                "byte count mismatch: try_parse_response={consumed}, \
                 nom consumed={nom_consumed} for input {:?}",
                String::from_utf8_lossy(input)
            );
            assert!(
                remaining.is_empty(),
                "nom parser did not consume all input: {} bytes remaining",
                remaining.len()
            );
            assert_eq!(
                prod_resp.code,
                nom_resp.code,
                "parsers disagree on reply code for input {:?}: \
                 production={}, nom={}",
                String::from_utf8_lossy(input),
                prod_resp.code,
                nom_resp.code
            );
            assert_eq!(
                prod_resp.enhanced_code,
                nom_resp.enhanced_code,
                "parsers disagree on enhanced code for input {:?}: \
                 production={:?}, nom={:?}",
                String::from_utf8_lossy(input),
                prod_resp.enhanced_code,
                nom_resp.enhanced_code
            );
            assert_eq!(
                prod_resp.lines,
                nom_resp.lines,
                "parsers disagree on lines for input {:?}: \
                 production={:?}, nom={:?}",
                String::from_utf8_lossy(input),
                prod_resp.lines,
                nom_resp.lines
            );
        }
        // Both agree: input is incomplete or invalid. OK.
        (Ok(None), Err(nom::Err::Incomplete(_))) | (Err(_), Err(_)) => {}
        _ => {
            panic!(
                "parsers disagree on input {:?}:\n  production: {:?}\n  nom: {:?}",
                String::from_utf8_lossy(input),
                production,
                nom_result
            );
        }
    }
}

#[test]
fn cross_validate_single_line() {
    cross_validate_parsers(b"250 OK\r\n");
}

#[test]
fn cross_validate_multi_line() {
    cross_validate_parsers(b"250-mail.example.com\r\n250-PIPELINING\r\n250 SIZE 10240000\r\n");
}

#[test]
fn cross_validate_enhanced_code_single_line() {
    // RFC 2034 Section 3: enhanced status code with matching class.
    cross_validate_parsers(b"250 2.1.0 Sender OK\r\n");
}

#[test]
fn cross_validate_enhanced_code_multi_line() {
    cross_validate_parsers(b"550-5.1.1 User unknown\r\n550 try another mailbox\r\n");
}

#[test]
fn cross_validate_no_enhanced_code() {
    cross_validate_parsers(b"250 OK\r\n");
}

#[test]
fn cross_validate_enhanced_code_class_mismatch() {
    // RFC 2034 Section 4: class mismatch — enhanced code discarded.
    cross_validate_parsers(b"250 5.1.1 Sender OK\r\n");
}

#[test]
fn cross_validate_354_intermediate() {
    cross_validate_parsers(b"354 Start mail input; end with <CRLF>.<CRLF>\r\n");
}

#[test]
fn cross_validate_421_service_unavailable() {
    cross_validate_parsers(b"421 4.7.0 Service not available\r\n");
}

#[test]
fn cross_validate_bare_code_no_text() {
    cross_validate_parsers(b"250\r\n");
}

#[test]
fn cross_validate_enhanced_code_no_trailing_text() {
    // RFC 2034 Section 3: enhanced code with no additional text.
    cross_validate_parsers(b"250 2.1.0\r\n");
}

#[test]
fn cross_validate_535_auth_failure() {
    cross_validate_parsers(b"535 5.7.8 Authentication credentials invalid\r\n");
}

#[test]
fn cross_validate_multiline_all_enhanced() {
    cross_validate_parsers(
        b"550-5.1.1 The email account does not exist\r\n\
          550 5.1.1 Please try again\r\n",
    );
}

#[test]
fn cross_validate_empty_text_after_separator() {
    // Final line with SP but no text after it.
    cross_validate_parsers(b"250 \r\n");
}

#[test]
fn cross_validate_multiline_with_lossy_utf8() {
    // Non-UTF-8 bytes in response text — both parsers use lossy conversion.
    cross_validate_parsers(b"250 OK \xff\xfe\r\n");
}

#[test]
fn cross_validate_second_digit_6_through_9() {
    // Postel's law: accept second digit 6-9 per relaxed parsing.
    cross_validate_parsers(b"268 OK\r\n");
    cross_validate_parsers(b"569 Error\r\n");
}

#[test]
fn parse_capabilities_from_ehlo() {
    let resp = SmtpResponse {
        code: 250,
        enhanced_code: None,
        lines: vec![
            "mail.example.com".into(),
            "PIPELINING".into(),
            "SIZE 10240000".into(),
            "8BITMIME".into(),
            "STARTTLS".into(),
            "AUTH PLAIN XOAUTH2".into(),
            "SMTPUTF8".into(),
            "CHUNKING".into(),
            "ENHANCEDSTATUSCODES".into(),
        ],
    };
    let caps = SmtpConnection::parse_capabilities(&resp);
    assert_eq!(caps.greeting_name, "mail.example.com");
    assert!(caps.supports_pipelining());
    assert!(caps.supports_starttls());
    assert!(caps.supports_chunking());
    assert!(caps.supports_auth(&crate::types::AuthMechanism::Plain));
    assert!(caps.supports_auth(&crate::types::AuthMechanism::XOAuth2));
}

// ── RFC 4954 §3 — AUTH mechanism name case preservation ───────────

#[test]
fn parse_capabilities_preserves_auth_other_case() {
    // RFC 4954 Section 3: AUTH mechanism names are matched
    // case-insensitively, but Other() should preserve the original
    // name so equality checks work with user-supplied values.
    let resp = SmtpResponse {
        code: 250,
        enhanced_code: None,
        lines: vec![
            "mail.example.com".into(),
            "AUTH PLAIN LOGIN CRAM-MD5".into(),
        ],
    };
    let caps = SmtpConnection::parse_capabilities(&resp);
    // "LOGIN" was sent uppercase — Other should store "LOGIN"
    assert!(
        caps.supports_auth(&crate::types::AuthMechanism::Other("LOGIN".into())),
        "Other(\"LOGIN\") must match when server sends uppercase"
    );
    // Verify a lowercase lookup also works only if stored correctly.
    // The bug was: parse_capabilities uppercased the entire line,
    // so "login" → "LOGIN" and Other("login") would NOT match.
    // After fix: the original casing from the server is preserved.
}

#[test]
fn parse_capabilities_auth_case_insensitive_keywords() {
    // Server sends lowercase "auth plain" — PLAIN must still be
    // recognized as AuthMechanism::Plain, not Other("plain").
    let resp = SmtpResponse {
        code: 250,
        enhanced_code: None,
        lines: vec!["mx.example.org".into(), "auth plain login".into()],
    };
    let caps = SmtpConnection::parse_capabilities(&resp);
    assert!(
        caps.supports_auth(&crate::types::AuthMechanism::Plain),
        "PLAIN must be recognized case-insensitively"
    );
    // "login" in lowercase — should be stored as Other("login"), not Other("LOGIN")
    assert!(
        caps.supports_auth(&crate::types::AuthMechanism::Other("login".into())),
        "Other mechanism name should preserve original case from server"
    );
}

// ── RFC 2554 §3 / RFC 4954 §3 — AUTH= EHLO keyword form ──────────

#[test]
fn parse_capabilities_auth_equals_form() {
    // RFC 2554 Section 3 (obsoleted by RFC 4954): "AUTH=PLAIN LOGIN"
    // is a deprecated but still encountered EHLO keyword form.
    // The capabilities parser must recognize it.
    let resp = SmtpResponse {
        code: 250,
        enhanced_code: None,
        lines: vec![
            "legacy.server.com".into(),
            "AUTH=PLAIN LOGIN".into(),
            "PIPELINING".into(),
        ],
    };
    let caps = SmtpConnection::parse_capabilities(&resp);
    assert!(
        caps.supports_auth(&crate::types::AuthMechanism::Plain),
        "AUTH=PLAIN form must be recognized (RFC 2554 Section 3)"
    );
    assert!(
        caps.supports_auth(&crate::types::AuthMechanism::Other("LOGIN".into())),
        "AUTH=PLAIN LOGIN must include LOGIN mechanism"
    );
    assert!(
        caps.supports_pipelining(),
        "other extensions must still be parsed correctly"
    );
}

#[test]
fn protocol_getter() {
    // We can't easily construct a full connection here, but test the enum.
    assert_eq!(Protocol::Smtp, Protocol::Smtp);
    assert_ne!(Protocol::Smtp, Protocol::Lmtp);
}

// ── RFC 5321 §3.1 — QUIT on 554 greeting ──────────────────────────

#[tokio::test]
async fn connect_sends_quit_on_554_greeting() {
    // RFC 5321 Section 3.1: "the SMTP server … MAY … issue a 554
    // response … and the server MUST still wait for the client to
    // send a QUIT." The client should send QUIT before dropping
    // the connection when it receives a non-success greeting.
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();

        // Send a 554 rejection greeting.
        socket
            .write_all(b"554 Service unavailable\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // Client should send QUIT after receiving the 554 greeting.
        let mut buf = [0u8; 4096];
        let mut accumulated = Vec::new();
        let quit_received = tokio::time::timeout(Duration::from_secs(3), async {
            loop {
                let n = socket.read(&mut buf).await.unwrap();
                if n == 0 {
                    return false;
                }
                accumulated.extend_from_slice(&buf[..n]);
                if String::from_utf8_lossy(&accumulated).contains("QUIT") {
                    return true;
                }
            }
        })
        .await;

        assert!(
            matches!(quit_received, Ok(true)),
            "client must send QUIT after receiving 554 greeting \
             (RFC 5321 Section 3.1): quit_received={quit_received:?}"
        );

        socket.write_all(b"221 Bye\r\n").await.unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let result = SmtpConnection::connect(
        "127.0.0.1",
        addr.port(),
        TlsMode::None,
        Duration::from_secs(5),
    )
    .await;

    assert!(result.is_err(), "connect must fail on 554 greeting");
    server.await.unwrap();
}

// ── RFC 5321 §4.1.4 — HELO fallback when EHLO is rejected ──────────

#[tokio::test]
async fn helo_fallback_when_ehlo_rejected() {
    // RFC 5321 Section 4.1.4: "An SMTP client SHOULD start a session
    // by issuing the EHLO command. If the SMTP server supports the
    // SMTP service extensions, it MUST give a successful response...
    // If the server does not support any SMTP service extensions it
    // will generate an error response, and the SMTP client SHOULD
    // issue a HELO command."
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        // Server greeting.
        socket
            .write_all(b"220 legacy.server.com SMTP\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // Read EHLO command.
        let mut buf = [0u8; 4096];
        let n = socket.read(&mut buf).await.unwrap();
        let cmd = String::from_utf8_lossy(&buf[..n]);
        assert!(
            cmd.starts_with("EHLO "),
            "client should try EHLO first, got: {cmd}"
        );

        // Reject EHLO — server doesn't support ESMTP.
        socket
            .write_all(b"502 Command not implemented\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // Client should fall back to HELO (RFC 5321 Section 4.1.4).
        let n = socket.read(&mut buf).await.unwrap();
        let cmd = String::from_utf8_lossy(&buf[..n]);
        assert!(
            cmd.starts_with("HELO "),
            "client must fall back to HELO after EHLO rejection: {cmd}"
        );

        // Accept HELO.
        socket
            .write_all(b"250 legacy.server.com\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let result = SmtpConnection::connect(
        "127.0.0.1",
        addr.port(),
        TlsMode::None,
        Duration::from_secs(5),
    )
    .await;

    match result {
        Ok(_) => {}
        Err(e) => panic!("connection must succeed with HELO fallback: {e}"),
    }
    server.await.unwrap();
}

// ── RFC 5321 §4.1.4 — no HELO fallback on 4xx EHLO response ────────

#[tokio::test]
async fn ehlo_421_does_not_fall_back_to_helo() {
    // RFC 5321 Section 4.1.4: HELO fallback is specified for codes
    // 500, 502, 504 — these indicate the server does not
    // support ESMTP extensions. A 421 response means the server is
    // shutting down ("service not available, closing transmission
    // channel") and HELO won't help. The client must NOT fall back
    // to HELO on transient (4xx) EHLO responses.
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();

        // Server greeting.
        socket
            .write_all(b"220 shutting-down.example.com SMTP\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // Read EHLO command.
        let mut buf = [0u8; 4096];
        let n = socket.read(&mut buf).await.unwrap();
        let cmd = String::from_utf8_lossy(&buf[..n]);
        assert!(cmd.starts_with("EHLO "), "expected EHLO, got: {cmd}");

        // Respond with 421 — service shutting down.
        socket
            .write_all(b"421 Service not available, closing\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // The client MUST NOT send HELO after a 421 response.
        // Give a short window to detect if it incorrectly does.
        let helo_sent = tokio::time::timeout(Duration::from_secs(1), async {
            let mut accumulated = Vec::new();
            loop {
                let n = socket.read(&mut buf).await.unwrap();
                if n == 0 {
                    return false;
                }
                accumulated.extend_from_slice(&buf[..n]);
                let text = String::from_utf8_lossy(&accumulated);
                if text.contains("HELO ") {
                    return true;
                }
            }
        })
        .await;

        assert!(
            !matches!(helo_sent, Ok(true)),
            "client must NOT fall back to HELO after 421 EHLO response \
             (RFC 5321 Section 4.1.4): only 5xx codes indicate ESMTP \
             is not supported"
        );

        tokio::time::sleep(Duration::from_millis(100)).await;
    });

    let result = SmtpConnection::connect(
        "127.0.0.1",
        addr.port(),
        TlsMode::None,
        Duration::from_secs(5),
    )
    .await;

    // The connection must fail with a transient error (421), NOT
    // succeed via HELO fallback.
    match result {
        Err(Error::Transient { code, .. }) => {
            assert_eq!(code, 421, "error must preserve the 421 code");
        }
        Err(other) => panic!("expected Transient error with code 421, got: {other:?}"),
        Ok(_) => panic!("connect must fail on 421 EHLO response, not fall back to HELO"),
    }

    server.await.unwrap();
}

// ── RFC 5321 §4.1.1.10 — QUIT must be sent before closing after 220 greeting ──

#[tokio::test]
async fn connect_sends_quit_on_ehlo_421_failure() {
    // RFC 5321 Section 4.1.1.10: "The sender MUST NOT intentionally
    // close the transmission channel until it sends a QUIT command."
    // After the 220 greeting establishes a session, if EHLO is rejected
    // with a transient error (421), the client must send QUIT before
    // closing the connection — even though the server is shutting down.
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();

        // Send 220 greeting — session established.
        socket
            .write_all(b"220 mail.example.com ESMTP\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // Read EHLO.
        let mut buf = [0u8; 4096];
        let n = socket.read(&mut buf).await.unwrap();
        let cmd = String::from_utf8_lossy(&buf[..n]);
        assert!(cmd.starts_with("EHLO "), "expected EHLO, got: {cmd}");

        // Reject EHLO with 421 (service shutting down).
        socket
            .write_all(b"421 Service not available\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // RFC 5321 Section 4.1.1.10: client MUST send QUIT before closing.
        let mut accumulated = Vec::new();
        let quit_received = tokio::time::timeout(Duration::from_secs(3), async {
            loop {
                let n = socket.read(&mut buf).await.unwrap();
                if n == 0 {
                    return false;
                }
                accumulated.extend_from_slice(&buf[..n]);
                if String::from_utf8_lossy(&accumulated).contains("QUIT") {
                    return true;
                }
            }
        })
        .await;

        assert!(
            matches!(quit_received, Ok(true)),
            "client must send QUIT after EHLO 421 failure before \
             closing the connection (RFC 5321 Section 4.1.1.10): \
             quit_received={quit_received:?}"
        );

        socket.write_all(b"221 Bye\r\n").await.unwrap();
        let _ = socket.flush().await;
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let result = SmtpConnection::connect(
        "127.0.0.1",
        addr.port(),
        TlsMode::None,
        Duration::from_secs(5),
    )
    .await;

    assert!(result.is_err(), "connect must fail on 421 EHLO response");
    server.await.unwrap();
}

// ── RFC 5321 §4.1.1.1 — EHLO success MUST be 250, not any 2xx ─────

#[tokio::test]
async fn ehlo_non_250_2xx_rejected() {
    // RFC 5321 Section 4.1.1.1: EHLO success response MUST be 250.
    // A non-250 2xx response does not follow the EHLO response grammar
    // and must be rejected as a protocol error.
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        // 220 greeting.
        socket
            .write_all(b"220 mail.example.com ESMTP\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // Read EHLO.
        let mut buf = [0u8; 4096];
        let n = socket.read(&mut buf).await.unwrap();
        let cmd = String::from_utf8_lossy(&buf[..n]);
        assert!(cmd.starts_with("EHLO "), "expected EHLO, got: {cmd}");

        // Respond with 200 instead of 250 — violates RFC 5321 §4.1.1.1.
        socket.write_all(b"200 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // Client should send QUIT after rejecting non-250 EHLO response.
        let mut accumulated = Vec::new();
        let quit_received = tokio::time::timeout(Duration::from_secs(3), async {
            loop {
                let n = socket.read(&mut buf).await.unwrap();
                if n == 0 {
                    return false;
                }
                accumulated.extend_from_slice(&buf[..n]);
                if String::from_utf8_lossy(&accumulated).contains("QUIT") {
                    return true;
                }
            }
        })
        .await;
        assert!(
            matches!(quit_received, Ok(true)),
            "client must send QUIT after rejecting non-250 EHLO response"
        );
        socket.write_all(b"221 Bye\r\n").await.unwrap();
        let _ = socket.flush().await;
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let result = SmtpConnection::connect(
        "127.0.0.1",
        addr.port(),
        TlsMode::None,
        Duration::from_secs(5),
    )
    .await;

    assert!(
        result.is_err(),
        "connect must fail on non-250 EHLO response"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("250") && msg.contains("RFC 5321"),
                "error must mention 250 and RFC 5321: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
    server.await.unwrap();
}

#[tokio::test]
async fn connect_sends_quit_when_starttls_unavailable() {
    // RFC 5321 Section 4.1.1.10: after 220 greeting + successful EHLO,
    // if STARTTLS is requested but the server doesn't advertise it,
    // the client must send QUIT before closing the connection.
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();

        // Send 220 greeting.
        socket
            .write_all(b"220 mail.example.com ESMTP\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // Read EHLO.
        let mut buf = [0u8; 4096];
        let n = socket.read(&mut buf).await.unwrap();
        let cmd = String::from_utf8_lossy(&buf[..n]);
        assert!(cmd.starts_with("EHLO "), "expected EHLO, got: {cmd}");

        // Respond to EHLO WITHOUT STARTTLS capability.
        socket
            .write_all(b"250-mail.example.com\r\n250 PIPELINING\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // Client should discover STARTTLS is missing and send QUIT.
        let mut accumulated = Vec::new();
        let quit_received = tokio::time::timeout(Duration::from_secs(3), async {
            loop {
                let n = socket.read(&mut buf).await.unwrap();
                if n == 0 {
                    return false;
                }
                accumulated.extend_from_slice(&buf[..n]);
                if String::from_utf8_lossy(&accumulated).contains("QUIT") {
                    return true;
                }
            }
        })
        .await;

        assert!(
            matches!(quit_received, Ok(true)),
            "client must send QUIT when STARTTLS is unavailable \
             (RFC 5321 Section 4.1.1.10): quit_received={quit_received:?}"
        );

        socket.write_all(b"221 Bye\r\n").await.unwrap();
        let _ = socket.flush().await;
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let result = SmtpConnection::connect(
        "127.0.0.1",
        addr.port(),
        TlsMode::StartTls,
        Duration::from_secs(5),
    )
    .await;

    match result {
        Err(Error::StartTlsUnavailable) => {}
        Err(other) => panic!("expected StartTlsUnavailable, got: {other:?}"),
        Ok(_) => panic!("connect must fail when STARTTLS unavailable"),
    }
    server.await.unwrap();
}

// ── RFC 5321 §4.1.1.1 — HELO fallback must preserve server greeting domain ──

#[tokio::test]
async fn helo_fallback_preserves_greeting_name() {
    // RFC 5321 Section 4.1.1.1: the HELO response format is
    //   helo-ok-rsp = "250" SP Domain [ SP helo-greet ] CRLF
    // The Domain is the server's greeting name and must be captured
    // in `ServerCapabilities::greeting_name`, even when falling back
    // from EHLO to HELO.
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();

        // Server greeting.
        socket
            .write_all(b"220 mail.example.com ESMTP\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // Read EHLO command.
        let mut buf = [0u8; 4096];
        let n = socket.read(&mut buf).await.unwrap();
        let cmd = String::from_utf8_lossy(&buf[..n]);
        assert!(cmd.starts_with("EHLO "), "expected EHLO, got: {cmd}");

        // Reject EHLO — server doesn't support ESMTP.
        socket.write_all(b"502 Not implemented\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // Client should fall back to HELO.
        let n = socket.read(&mut buf).await.unwrap();
        let cmd = String::from_utf8_lossy(&buf[..n]);
        assert!(cmd.starts_with("HELO "), "expected HELO, got: {cmd}");

        // Accept HELO with Domain and optional greeting text.
        socket
            .write_all(b"250 mail.example.com Hello client\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let conn = SmtpConnection::connect(
        "127.0.0.1",
        addr.port(),
        TlsMode::None,
        Duration::from_secs(5),
    )
    .await
    .expect("connection must succeed with HELO fallback");

    // The greeting_name must be "mail.example.com" — the Domain from
    // the HELO response (RFC 5321 Section 4.1.1.1).
    assert_eq!(
        conn.capabilities().await.greeting_name,
        "mail.example.com",
        "HELO fallback must preserve the server's greeting domain \
         (RFC 5321 Section 4.1.1.1: helo-ok-rsp = \"250\" SP Domain \
         [ SP helo-greet ] CRLF)"
    );

    server.await.unwrap();
}

// ── RFC 5321 §4.1.1.1 — HELO success MUST be 250, not any 2xx ───────

#[tokio::test]
async fn helo_fallback_non_250_2xx_rejected() {
    // RFC 5321 Section 4.1.1.1: helo-ok-rsp = "250" SP Domain
    // [ SP helo-greet ] CRLF. Only code 250 is valid for a HELO
    // success response. A 251 or other non-250 2xx must be rejected.
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();

        // Server greeting.
        socket
            .write_all(b"220 server.example.com SMTP\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // Read EHLO command.
        let mut buf = [0u8; 4096];
        let n = socket.read(&mut buf).await.unwrap();
        let cmd = String::from_utf8_lossy(&buf[..n]);
        assert!(cmd.starts_with("EHLO "), "expected EHLO, got: {cmd}");

        // Reject EHLO — trigger HELO fallback.
        socket.write_all(b"500 Not understood\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // Client should fall back to HELO.
        let n = socket.read(&mut buf).await.unwrap();
        let cmd = String::from_utf8_lossy(&buf[..n]);
        assert!(cmd.starts_with("HELO "), "expected HELO, got: {cmd}");

        // Respond with 251 — a 2xx but NOT 250 — violates RFC 5321 §4.1.1.1.
        socket.write_all(b"251 Not local\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // Client should reject the non-250 HELO response and send QUIT.
        let mut accumulated = Vec::new();
        let quit_received = tokio::time::timeout(Duration::from_secs(3), async {
            loop {
                let n = socket.read(&mut buf).await.unwrap();
                if n == 0 {
                    return false;
                }
                accumulated.extend_from_slice(&buf[..n]);
                if String::from_utf8_lossy(&accumulated).contains("QUIT") {
                    return true;
                }
            }
        })
        .await;
        assert!(
            matches!(quit_received, Ok(true)),
            "client must send QUIT after rejecting non-250 HELO response"
        );
        socket.write_all(b"221 Bye\r\n").await.unwrap();
        let _ = socket.flush().await;
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let result = SmtpConnection::connect(
        "127.0.0.1",
        addr.port(),
        TlsMode::None,
        Duration::from_secs(5),
    )
    .await;

    assert!(
        result.is_err(),
        "connect must fail when HELO response is 251 (not 250)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("250") && msg.contains("RFC 5321"),
                "error must mention 250 and RFC 5321: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
    server.await.unwrap();
}

// ── RFC 5321 §4.1.1.1 — EHLO must use client FQDN, not server host ──

#[tokio::test]
async fn ehlo_uses_client_domain_not_server_hostname() {
    // RFC 5321 Section 4.1.1.1: "In the EHLO command, the host sending
    // the command identifies itself; the command may be interpreted as
    // saying 'Hello, I am <domain>'". The argument MUST be the client's
    // FQDN, not the server's hostname or IP address. RFC 5321 Section
    // 4.1.4 adds that when no meaningful domain name is available, an
    // address-literal SHOULD be substituted.
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        // Send server greeting.
        socket
            .write_all(b"220 mock.server.com ESMTP\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // Read the EHLO command the client sends.
        let mut buf = [0u8; 4096];
        let n = socket.read(&mut buf).await.unwrap();
        let ehlo_line = String::from_utf8_lossy(&buf[..n]);

        // The EHLO argument must NOT be "127.0.0.1" (the server address
        // we connected to). When no meaningful client FQDN is available,
        // RFC 5321 Section 4.1.4 says an address-literal SHOULD be used.
        assert!(
            !ehlo_line.contains("EHLO 127.0.0.1"),
            "EHLO must use client FQDN, not server address: {ehlo_line}"
        );
        assert!(
            ehlo_line.starts_with("EHLO [127.0.0.1]\r\n"),
            "expected EHLO to use the default address-literal fallback, got: {ehlo_line}"
        );

        // Send EHLO response.
        socket.write_all(b"250 mock.server.com\r\n").await.unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let result = SmtpConnection::connect(
        "127.0.0.1",
        addr.port(),
        TlsMode::None,
        Duration::from_secs(5),
    )
    .await;

    // The connect should succeed if the fix is correct.
    match result {
        Ok(_) => {}
        Err(e) => panic!("connect failed: {e}"),
    }
    server.await.unwrap();
}

// -------------------------------------------------------------------
// BDAT/CHUNKING send (RFC 3030)
// -------------------------------------------------------------------

#[tokio::test]
async fn bdat_send_success() {
    // RFC 3030 Section 3: BDAT sends the message without dot-stuffing.
    let stream = mock_interactive_server(vec![
        // MAIL FROM
        ("MAIL FROM:", "250 OK\r\n"),
        // RCPT TO
        ("RCPT TO:", "250 OK\r\n"),
        // BDAT with LAST flag
        ("BDAT ", "250 OK\r\n"),
    ])
    .await;

    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Chunking],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .send_bdat(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello",
            None,
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_ok(), "expected success, got: {result:?}");
}

// ── RFC 3030 §2 — BDAT with BODY=BINARYMIME in MAIL FROM ─────────
#[tokio::test]
async fn bdat_send_with_params_includes_body_binarymime() {
    // RFC 3030 Section 2: "A MIME-based system MUST use the
    // BODY=BINARYMIME parameter" when using BDAT to transmit binary
    // content. send_bdat must accept MailFromParams so callers can
    // declare BODY=BINARYMIME.
    use crate::types::{BodyType, MailFromParams};
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = vec![0u8; 4096];

        // Wait for MAIL FROM and verify BODY=BINARYMIME is present.
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0);
            accumulated.extend_from_slice(&buf[..n]);
            let text = String::from_utf8_lossy(&accumulated);
            if text.contains("MAIL FROM:") {
                assert!(
                    text.contains("BODY=BINARYMIME"),
                    "MAIL FROM must include BODY=BINARYMIME for binary \
                     content via BDAT (RFC 3030 Section 2). Got: {text}"
                );
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // RCPT TO.
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("RCPT TO:") {
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // BDAT.
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("BDAT ") {
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Chunking, SmtpExtension::BinaryMime],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        body: Some(BodyType::BinaryMime),
        ..Default::default()
    };
    let result = conn
        .send_bdat(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"\x00\x01\x02binary content\xff\xfe",
            Some(&params),
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_ok(), "send_bdat with params failed: {result:?}");
    server.await.unwrap();
}

#[tokio::test]
async fn bdat_send_without_chunking_returns_error() {
    // Attempting BDAT when server doesn't support CHUNKING must fail.
    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let result = conn
        .send_bdat(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Hello",
            None,
            Duration::from_secs(1),
        )
        .await;

    assert!(result.is_err());
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(msg.contains("CHUNKING"), "expected CHUNKING mention: {msg}");
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

// ── RFC 3030 §3 — RSET after failed BDAT ─────────────────────────

#[tokio::test]
async fn bdat_send_failure_sends_rset() {
    // RFC 3030 Section 3: "The resulting state from a failed BDAT
    // command is indeterminate.  A RSET command MUST be issued to
    // clear the transaction before additional commands may be sent."
    //
    // After a non-success response to BDAT LAST, the client must
    // send RSET so the connection is left in a clean state.
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = [0u8; 4096];

        // Wait for MAIL FROM.
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0, "connection closed while waiting for MAIL FROM");
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("MAIL FROM:") {
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // Wait for RCPT TO — accept it.
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0, "connection closed while waiting for RCPT TO");
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("RCPT TO:") {
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // Wait for BDAT — reject it.
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0, "connection closed while waiting for BDAT");
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("BDAT ") {
                break;
            }
        }
        socket
            .write_all(b"554 Transaction failed\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // Client must send RSET after BDAT failure (RFC 3030 Section 3).
        accumulated.clear();
        let rset_received = tokio::time::timeout(Duration::from_secs(3), async {
            loop {
                let n = socket.read(&mut buf).await.unwrap();
                if n == 0 {
                    return false;
                }
                accumulated.extend_from_slice(&buf[..n]);
                if String::from_utf8_lossy(&accumulated).contains("RSET") {
                    return true;
                }
            }
        })
        .await;

        assert!(
            matches!(rset_received, Ok(true)),
            "client must send RSET after failed BDAT to clear \
             indeterminate state (RFC 3030 Section 3): \
             rset_received={rset_received:?}"
        );

        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Chunking],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .send_bdat(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello",
            None,
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_err());
    server.await.unwrap();
}

// -------------------------------------------------------------------
// send_with_params — BODY= and SMTPUTF8 (RFC 1652/6531)
// -------------------------------------------------------------------

#[tokio::test]
async fn send_with_params_includes_body_and_smtputf8() {
    // RFC 1652 Section 3: BODY=8BITMIME in MAIL FROM.
    // RFC 6531 Section 3.4: SMTPUTF8 parameter in MAIL FROM.
    use crate::types::{BodyType, MailFromParams};
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = vec![0u8; 4096];

        // Wait for MAIL FROM and verify params.
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0);
            accumulated.extend_from_slice(&buf[..n]);
            let text = String::from_utf8_lossy(&accumulated);
            if text.contains("MAIL FROM:") {
                assert!(
                    text.contains("BODY=8BITMIME"),
                    "expected BODY=8BITMIME in: {text}"
                );
                assert!(text.contains("SMTPUTF8"), "expected SMTPUTF8 in: {text}");
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // RCPT TO.
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("RCPT TO:") {
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // DATA.
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("DATA") {
                break;
            }
        }
        socket.write_all(b"354 Start\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // Terminator.
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("\r\n.\r\n") {
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::EightBitMime, SmtpExtension::SmtpUtf8],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        body: Some(BodyType::EightBitMime),
        smtputf8: true,
        ..Default::default()
    };
    let result = conn
        .send_with_params(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nH\xc3\xa9llo",
            Some(&params),
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_ok(), "send_with_params failed: {result:?}");
    server.await.unwrap();
}

// -------------------------------------------------------------------
// Empty recipients — must fail before touching the wire
// -------------------------------------------------------------------

#[tokio::test]
async fn send_empty_recipients_returns_protocol_error() {
    // RFC 5321 Section 3.3: at least one RCPT TO is required.
    // Calling send() with an empty recipients slice must return an
    // error immediately without sending MAIL FROM to the server.
    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[],
            b"Subject: Test\r\n\r\nHello",
            Duration::from_secs(1),
        )
        .await;

    assert!(result.is_err(), "empty recipients must fail");
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("recipient"),
                "error should mention recipients: {msg}"
            );
        }
        other => panic!("expected Protocol error for empty recipients, got: {other:?}"),
    }
}

#[tokio::test]
async fn send_bdat_empty_recipients_returns_protocol_error() {
    // Same validation for BDAT path.
    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Chunking],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .send_bdat(
            &ReversePath::new("sender@example.com").unwrap(),
            &[],
            b"Hello",
            None,
            Duration::from_secs(1),
        )
        .await;

    assert!(result.is_err());
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("recipient"),
                "error should mention recipients: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

#[tokio::test]
async fn send_lmtp_empty_recipients_returns_protocol_error() {
    // Same validation for LMTP path.
    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, ServerCapabilities::default(), Protocol::Lmtp);

    let result = conn
        .send_lmtp(
            &ReversePath::new("sender@example.com").unwrap(),
            &[],
            b"Hello",
            None,
            Duration::from_secs(1),
        )
        .await;

    assert!(result.is_err());
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("recipient"),
                "error should mention recipients: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

// -------------------------------------------------------------------
// Sequential send — all RCPT TOs fail
// -------------------------------------------------------------------
#[tokio::test]
async fn sequential_send_all_rcpt_tos_fail() {
    let stream = mock_interactive_server(vec![
        // MAIL FROM
        ("MAIL FROM:", "250 OK\r\n"),
        // RCPT TO #1 rejected
        ("RCPT TO:", "550 User unknown\r\n"),
        // RCPT TO #2 rejected
        ("RCPT TO:", "550 User unknown\r\n"),
    ])
    .await;

    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[
                ForwardPath::new("bad1@example.com").unwrap(),
                ForwardPath::new("bad2@example.com").unwrap(),
            ],
            b"Subject: Test\r\n\r\nHello",
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_err());
    match result.unwrap_err() {
        Error::AllRecipientsFailed { count, responses } => {
            assert_eq!(count, 2);
            assert_eq!(responses.len(), 2);
        }
        other => panic!("expected AllRecipientsFailed, got: {other:?}"),
    }
}

// ── RFC 1870 §4 — message exceeding SIZE limit must be rejected ──

#[tokio::test]
async fn send_rejects_message_exceeding_size_limit() {
    // RFC 1870 Section 4: "If the client determines that the message
    // is larger than the fixed maximum message size declared by the
    // server, the client SHOULD NOT send the message."
    // The client must check message length against the server's SIZE
    // limit and return an error before touching the wire.
    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Size(Some(100))],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    // Message of 200 bytes exceeds the 100-byte limit.
    let big_message = vec![b'X'; 200];
    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            &big_message,
            Duration::from_secs(1),
        )
        .await;

    assert!(
        result.is_err(),
        "send() must reject messages exceeding server SIZE limit (RFC 1870 Section 4)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("SIZE") || msg.contains("size") || msg.contains("exceeds"),
                "error should mention SIZE limit: {msg}"
            );
        }
        other => panic!("expected Protocol error for SIZE limit, got: {other:?}"),
    }
}

#[tokio::test]
async fn send_bdat_rejects_message_exceeding_size_limit() {
    // Same SIZE pre-check for the BDAT path.
    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Chunking, SmtpExtension::Size(Some(50))],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let big_message = vec![b'X'; 100];
    let result = conn
        .send_bdat(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            &big_message,
            None,
            Duration::from_secs(1),
        )
        .await;

    assert!(
        result.is_err(),
        "send_bdat() must reject messages exceeding server SIZE limit"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("SIZE") || msg.contains("size") || msg.contains("exceeds"),
                "error should mention SIZE limit: {msg}"
            );
        }
        other => panic!("expected Protocol error for SIZE limit, got: {other:?}"),
    }
}

#[tokio::test]
async fn send_allows_message_within_size_limit() {
    // When the message fits within the server's SIZE limit, send must proceed.
    let stream = mock_interactive_server(vec![
        ("MAIL FROM:", "250 OK\r\n"),
        ("RCPT TO:", "250 OK\r\n"),
        ("DATA", "354 Start\r\n"),
        ("\r\n.\r\n", "250 OK\r\n"),
    ])
    .await;

    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Size(Some(10000))],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nSmall message",
            Duration::from_secs(5),
        )
        .await;

    assert!(
        result.is_ok(),
        "message within SIZE limit must succeed: {result:?}"
    );
}

// ── RFC 4954 §4 — auth error must preserve reply code ──────────────

#[tokio::test]
async fn auth_failure_preserves_reply_code() {
    // RFC 4954 Section 4: AUTH failure responses include specific
    // reply codes — 454 (temporary), 534 (too weak), 535 (invalid
    // credentials). The Error must preserve the SmtpResponse so
    // callers can distinguish retryable from permanent failures.
    let stream = mock_server(vec!["535 5.7.8 Authentication credentials invalid\r\n"]).await;
    // A legacy SASL-IR keyword is advertised, but one-step AUTH comes
    // from RFC 4954 Section 4 itself.
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::Auth(vec![crate::types::AuthMechanism::Plain]),
            SmtpExtension::SaslIr,
        ],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .auth_plain("user", "wrongpass", Duration::from_secs(5))
        .await;

    assert!(result.is_err());
    match result.unwrap_err() {
        Error::Auth { response, .. } => {
            assert_eq!(
                response.code, 535,
                "auth error must preserve the reply code"
            );
        }
        other => panic!("expected Auth error, got: {other:?}"),
    }
}

#[tokio::test]
async fn auth_transient_failure_is_retryable() {
    // RFC 4954 Section 4: 454 is a transient auth failure that
    // may succeed on retry. Error::Auth must report is_transient()
    // for 4xx codes.
    let stream = mock_server(vec!["454 4.7.0 Temporary authentication failure\r\n"]).await;
    // A legacy SASL-IR keyword is advertised.
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::Auth(vec![crate::types::AuthMechanism::Plain]),
            SmtpExtension::SaslIr,
        ],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .auth_plain("user", "pass", Duration::from_secs(5))
        .await;

    assert!(result.is_err());
    let err = result.unwrap_err();
    assert!(
        err.is_transient(),
        "454 auth failure must be transient (retryable), got: {err:?}"
    );
}

// ── capabilities() getter ───────────────────────────────────────────

#[tokio::test]
async fn capabilities_getter_returns_server_extensions() {
    // Callers need to inspect server capabilities to make
    // protocol-compliant decisions (e.g., checking CHUNKING before
    // using BDAT per RFC 3030, or checking 8BITMIME before
    // declaring BODY=8BITMIME per RFC 1652).
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::Pipelining,
            SmtpExtension::Chunking,
            SmtpExtension::EightBitMime,
        ],
    };

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();
    let stream = TcpStream::connect(addr).await.unwrap();
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let retrieved = conn.capabilities().await;
    assert!(
        retrieved.supports_pipelining(),
        "capabilities() must expose server extensions"
    );
    assert!(
        retrieved.supports_chunking(),
        "capabilities() must expose CHUNKING"
    );
    assert!(
        retrieved.supports_8bitmime(),
        "capabilities() must expose 8BITMIME"
    );
}

// ── RFC 3030 §2 — BODY=BINARYMIME must not be used with DATA ──────

#[tokio::test]
async fn send_with_params_rejects_binarymime_on_data_path() {
    // RFC 3030 Section 2: "BINARYMIME cannot be used with the DATA
    // command. If a BINARYMIME transaction is to be sent, the BDAT
    // command MUST be used."
    // send_with_params() uses DATA, so BODY=BINARYMIME must be rejected.
    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Chunking, SmtpExtension::BinaryMime],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = crate::types::MailFromParams {
        body: Some(crate::types::BodyType::BinaryMime),
        ..Default::default()
    };
    let result = conn
        .send_with_params(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"\x00\x01binary content\xff",
            Some(&params),
            Duration::from_secs(1),
        )
        .await;

    assert!(
        result.is_err(),
        "BODY=BINARYMIME must not be used with DATA (RFC 3030 Section 2)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("BINARYMIME") || msg.contains("BDAT"),
                "error should mention BINARYMIME/BDAT: {msg}"
            );
        }
        other => panic!("expected Protocol error for BINARYMIME+DATA, got: {other:?}"),
    }
}

// ── RFC 5321 §4.5.3.1.5 — response buffer limit ─────────────────

#[tokio::test]
async fn read_response_rejects_oversized_response() {
    // RFC 5321 Section 4.5.3.1.5: reply lines should be at most 512
    // octets. The client must enforce a maximum response buffer size
    // to prevent a malicious server from exhausting memory.
    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        // Send a response line with 100K bytes (no CRLF).
        let huge = vec![b'X'; 100_000];
        socket.write_all(b"250 ").await.unwrap();
        socket.write_all(&huge).await.unwrap();
        tokio::time::sleep(Duration::from_secs(5)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let result = tokio::time::timeout(Duration::from_secs(3), conn.read_response_public()).await;

    match result {
        Ok(Err(Error::Protocol(msg))) => {
            assert!(
                msg.contains("response") || msg.contains("buffer") || msg.contains("limit"),
                "error should mention buffer limit: {msg}"
            );
        }
        Ok(Err(_)) => {} // Any error is acceptable for oversized response.
        Ok(Ok(_)) => {
            panic!("read_response must reject oversized responses (RFC 5321 Section 4.5.3.1.5)")
        }
        Err(_) => panic!("read_response should not time out — it should reject quickly"),
    }
}

// ── RFC 3030 §2 — BINARYMIME must not be used with DATA in LMTP ──

#[tokio::test]
async fn send_lmtp_rejects_binarymime_with_data() {
    // RFC 3030 Section 2: "BINARYMIME MUST NOT be used with the DATA
    // command." send_lmtp uses DATA, so it must reject BODY=BINARYMIME.
    // This check already exists in send_with_params but was missing
    // from send_lmtp.
    use crate::types::{BodyType, MailFromParams};

    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, ServerCapabilities::default(), Protocol::Lmtp);

    let params = MailFromParams {
        body: Some(BodyType::BinaryMime),
        ..Default::default()
    };
    let result = conn
        .send_lmtp(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"binary content",
            Some(&params),
            Duration::from_secs(1),
        )
        .await;

    assert!(result.is_err(), "send_lmtp with BODY=BINARYMIME must fail");
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("BINARYMIME"),
                "error should mention BINARYMIME: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

// ── RFC 3030 §3 + RFC 2033 §4.2 — send_bdat must reject LMTP ─────

#[tokio::test]
async fn send_bdat_rejects_lmtp_connections() {
    // RFC 3030 Section 3: "An LMTP server receiving a BDAT with the
    // LAST parameter returns one reply for each RCPT command."
    // send_bdat reads a single response after BDAT LAST, which is
    // correct for SMTP but wrong for LMTP. It must reject LMTP
    // connections to prevent silent data loss.
    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Chunking],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Lmtp);

    let result = conn
        .send_bdat(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Hello",
            None,
            Duration::from_secs(1),
        )
        .await;

    assert!(result.is_err(), "send_bdat on LMTP must fail");
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(msg.contains("LMTP"), "error should mention LMTP: {msg}");
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

// ── RFC 6531 §3.4 — SMTPUTF8 requires server support ─────────────

#[tokio::test]
async fn send_with_params_rejects_smtputf8_without_server_support() {
    // RFC 6531 Section 3.4: "A client MUST NOT use the SMTPUTF8
    // option on the MAIL command unless the server offers the
    // SMTPUTF8 extension."
    use crate::types::MailFromParams;

    let stream = mock_server(vec![]).await;
    // Server does NOT advertise SMTPUTF8.
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let params = MailFromParams {
        smtputf8: true,
        ..Default::default()
    };
    let result = conn
        .send_with_params(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Hello",
            Some(&params),
            Duration::from_secs(1),
        )
        .await;

    assert!(result.is_err(), "SMTPUTF8 without server support must fail");
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("SMTPUTF8"),
                "error should mention SMTPUTF8: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

// ── RFC 1652 — BODY=8BITMIME requires server support ─────────────

#[tokio::test]
async fn send_with_params_rejects_8bitmime_without_server_support() {
    // RFC 1652 / RFC 5321 Section 2.2.1: ESMTP parameters must only
    // be used when the server advertises the corresponding extension.
    use crate::types::{BodyType, MailFromParams};

    let stream = mock_server(vec![]).await;
    // Server does NOT advertise 8BITMIME.
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let params = MailFromParams {
        body: Some(BodyType::EightBitMime),
        ..Default::default()
    };
    let result = conn
        .send_with_params(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Hello",
            Some(&params),
            Duration::from_secs(1),
        )
        .await;

    assert!(
        result.is_err(),
        "BODY=8BITMIME without server support must fail"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("8BITMIME"),
                "error should mention 8BITMIME: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

// ── RFC 5321 §4.5.2 — BODY=7BIT silently omitted without 8BITMIME ──

#[test]
fn body_7bit_omitted_without_8bitmime_capability() {
    // RFC 5321 Section 4.5.2: 7-bit is the default encoding.
    // RFC 6152 Section 3: the BODY keyword is an ESMTP extension.
    // When the server does not advertise 8BITMIME, the encoder
    // silently omits the redundant BODY=7BIT parameter rather
    // than rejecting the request.
    use crate::types::{BodyType, MailFromParams};
    use bytes::BytesMut;

    // Server does NOT advertise 8BITMIME.
    let caps = smtp_caps_no_pipelining();

    let params = MailFromParams {
        body: Some(BodyType::SevenBit),
        ..Default::default()
    };
    let mut buf = BytesMut::new();
    let rp_val = ReversePath::new("sender@example.com").unwrap();
    SmtpConnection::encode_mail_from_cmd(&caps, &mut buf, &rp_val, 5, Some(&params), false)
        .unwrap();
    let cmd = String::from_utf8(buf.to_vec()).unwrap();

    assert!(
        !cmd.contains("BODY="),
        "BODY=7BIT must be silently omitted when the server lacks \
         8BITMIME support (RFC 5321 Section 4.5.2). Got: {cmd}"
    );
}

// ── RFC 6152 §3 — BODY=7BIT must reject 8-bit content ────────────

#[tokio::test]
async fn send_with_body_7bit_rejects_8bit_content() {
    // RFC 6152 Section 3: "A value of '7BIT' indicates that the
    // message is all 7bit." When the caller declares BODY=7BIT,
    // the library must validate that the content is actually 7-bit,
    // even when the server supports 8BITMIME. The BODY declaration
    // is a protocol-level commitment about the content type.
    use crate::types::{BodyType, MailFromParams};

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::EightBitMime],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        body: Some(BodyType::SevenBit),
        ..Default::default()
    };
    // Message contains 0xC3 0xA9 (UTF-8 for 'é'), which are > 0x7F.
    let result = conn
        .send_with_params(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nH\xc3\xa9llo\r\n",
            Some(&params),
            Duration::from_secs(1),
        )
        .await;

    assert!(
        result.is_err(),
        "BODY=7BIT with 8-bit content must be rejected \
         (RFC 6152 Section 3)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("8-bit") || msg.contains("7-bit") || msg.contains("0x7F"),
                "error should mention 8-bit/7-bit content: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

#[tokio::test]
async fn send_bdat_with_body_7bit_rejects_8bit_content() {
    // RFC 6152 Section 3: BODY=7BIT content validation applies
    // to the BDAT path as well — the BODY parameter in MAIL FROM
    // declares the content type regardless of transport method.
    use crate::types::{BodyType, MailFromParams};

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::EightBitMime, SmtpExtension::Chunking],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        body: Some(BodyType::SevenBit),
        ..Default::default()
    };
    let result = conn
        .send_bdat(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nH\xc3\xa9llo\r\n",
            Some(&params),
            Duration::from_secs(1),
        )
        .await;

    assert!(
        result.is_err(),
        "BDAT with BODY=7BIT and 8-bit content must be rejected \
         (RFC 6152 Section 3)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("8-bit") || msg.contains("7-bit") || msg.contains("0x7F"),
                "error should mention 8-bit/7-bit content: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

#[tokio::test]
async fn send_lmtp_with_body_7bit_rejects_8bit_content() {
    // RFC 6152 Section 3: BODY=7BIT content validation applies
    // to LMTP DATA path as well.
    use crate::types::{BodyType, MailFromParams};

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::EightBitMime],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Lmtp);

    let params = MailFromParams {
        body: Some(BodyType::SevenBit),
        ..Default::default()
    };
    let result = conn
        .send_lmtp(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nH\xc3\xa9llo\r\n",
            Some(&params),
            Duration::from_secs(1),
        )
        .await;

    assert!(
        result.is_err(),
        "LMTP with BODY=7BIT and 8-bit content must be rejected \
         (RFC 6152 Section 3)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("8-bit") || msg.contains("7-bit") || msg.contains("0x7F"),
                "error should mention 8-bit/7-bit content: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

#[tokio::test]
async fn send_lmtp_bdat_with_body_7bit_rejects_8bit_content() {
    // RFC 6152 Section 3: BODY=7BIT content validation applies
    // to LMTP BDAT path as well.
    use crate::types::{BodyType, MailFromParams};

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::EightBitMime, SmtpExtension::Chunking],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Lmtp);

    let params = MailFromParams {
        body: Some(BodyType::SevenBit),
        ..Default::default()
    };
    let result = conn
        .send_lmtp_bdat(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nH\xc3\xa9llo\r\n",
            Some(&params),
            Duration::from_secs(1),
        )
        .await;

    assert!(
        result.is_err(),
        "LMTP BDAT with BODY=7BIT and 8-bit content must be rejected \
         (RFC 6152 Section 3)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("8-bit") || msg.contains("7-bit") || msg.contains("0x7F"),
                "error should mention 8-bit/7-bit content: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

// ── RFC 5321 §3.3 — RSET after all RCPT TOs fail (sequential) ────

#[tokio::test]
async fn sequential_send_all_rcpt_tos_fail_sends_rset() {
    // RFC 5321 Section 3.3: when all RCPT TOs fail, the client
    // must send RSET to abort the mail transaction opened by
    // MAIL FROM, leaving the connection in a clean state.
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = [0u8; 4096];

        // Wait for MAIL FROM.
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0, "connection closed while waiting for MAIL FROM");
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("MAIL FROM:") {
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // Wait for RCPT TO — reject it.
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0, "connection closed while waiting for RCPT TO");
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("RCPT TO:") {
                break;
            }
        }
        socket.write_all(b"550 User unknown\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // Client must send RSET to abort the transaction.
        // Wait for it with a short timeout so the test fails
        // deterministically if RSET is not sent.
        accumulated.clear();
        let rset_received = tokio::time::timeout(Duration::from_secs(3), async {
            loop {
                let n = socket.read(&mut buf).await.unwrap();
                if n == 0 {
                    return false; // Connection closed without RSET.
                }
                accumulated.extend_from_slice(&buf[..n]);
                if String::from_utf8_lossy(&accumulated).contains("RSET") {
                    return true;
                }
            }
        })
        .await;

        assert!(
            matches!(rset_received, Ok(true)),
            "client must send RSET after all RCPT TOs fail \
             (RFC 5321 Section 3.3): rset_received={rset_received:?}"
        );

        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("bad@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello",
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_err());
    match result.unwrap_err() {
        Error::AllRecipientsFailed { count, .. } => {
            assert_eq!(count, 1);
        }
        other => panic!("expected AllRecipientsFailed, got: {other:?}"),
    }

    // Join the server to propagate any assertion failures.
    server.await.unwrap();
}

// ── RFC 3030 §2 — BODY=BINARYMIME requires server support ────────

#[tokio::test]
async fn send_bdat_rejects_binarymime_without_server_support() {
    // RFC 3030 Section 2: BINARYMIME is a separate extension from
    // CHUNKING. The server must advertise both for BODY=BINARYMIME
    // via BDAT to be valid.
    use crate::types::{BodyType, MailFromParams};

    let stream = mock_server(vec![]).await;
    // Server advertises CHUNKING but NOT BINARYMIME.
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Chunking],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        body: Some(BodyType::BinaryMime),
        ..Default::default()
    };
    let result = conn
        .send_bdat(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"\x00\x01binary",
            Some(&params),
            Duration::from_secs(1),
        )
        .await;

    assert!(
        result.is_err(),
        "BODY=BINARYMIME without BINARYMIME extension must fail"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("BINARYMIME"),
                "error should mention BINARYMIME: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

// ── RFC 5321 §4.1.2 — CRLF injection prevention ──────────────────

#[test]
fn reverse_path_rejects_crlf_in_sender() {
    // RFC 5321 Section 4.1.2: addresses follow the `mailbox` grammar
    // which prohibits CR/LF. Embedding CRLF in the sender address
    // would allow SMTP command injection.
    let result = ReversePath::new("evil@x.com\r\nRCPT TO:<victim@x.com>");
    assert!(
        result.is_err(),
        "CRLF in sender must be rejected by ReversePath"
    );
}

#[test]
fn forward_path_rejects_crlf_in_recipient() {
    // RFC 5321 Section 4.1.2: recipient addresses must not contain
    // CR/LF to prevent SMTP command injection.
    let result = ForwardPath::new("evil@x.com\r\nMAIL FROM:<attacker@x.com>");
    assert!(
        result.is_err(),
        "CRLF in recipient must be rejected by ForwardPath"
    );
}

// BDAT and LMTP CRLF injection tests are covered by the ReversePath
// and ForwardPath constructors above — the same validation applies
// regardless of the send path (RFC 5321 Section 4.1.2).

// ── RFC 4954 §6 — AUTH must cancel on 334 challenge ─────────────────

#[tokio::test]
async fn auth_plain_cancels_on_334_challenge() {
    // RFC 4954 Section 6: "If the client wishes to cancel an
    // authentication exchange, it issues a line with a single '*'."
    //
    // When the server sends a 334 challenge instead of accepting or
    // rejecting AUTH PLAIN with initial response, the client must
    // send "*\r\n" to cancel the exchange. Otherwise the session
    // remains stuck in AUTH state and subsequent commands are
    // misinterpreted.
    let stream = mock_interactive_server(vec![
        ("AUTH PLAIN", "334 Y2hhbGxlbmdl\r\n"),
        ("*", "535 5.7.8 Authentication failed\r\n"),
    ])
    .await;
    // A legacy SASL-IR keyword is advertised, but RFC 4954 Section 4
    // already allows the initial response on the AUTH command line.
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::Auth(vec![crate::types::AuthMechanism::Plain]),
            SmtpExtension::SaslIr,
        ],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .auth_plain("user", "pass", Duration::from_secs(5))
        .await;

    assert!(result.is_err(), "auth must fail when server sends 334");
    match result.unwrap_err() {
        Error::Auth { response, .. } => {
            assert_eq!(
                response.code, 535,
                "after cancelling the 334 challenge, the final error must \
                 be the server's 535 reply (RFC 4954 Section 6)"
            );
        }
        other => panic!("expected Auth error, got: {other:?}"),
    }
}

#[tokio::test]
async fn auth_plain_cancelled_exchange_rejects_spurious_success() {
    // RFC 4954 Section 6: after the client cancels with a single "*",
    // the server MUST reject the AUTH command with 501. A 2xx reply
    // after cancellation is therefore a server protocol violation and
    // must not be surfaced as a normal authentication failure.
    let stream = mock_interactive_server(vec![
        ("AUTH PLAIN", "334 Y2hhbGxlbmdl\r\n"),
        ("*", "235 2.7.0 Authentication successful\r\n"),
    ])
    .await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::Auth(vec![crate::types::AuthMechanism::Plain]),
            SmtpExtension::SaslIr,
        ],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .auth_plain("user", "pass", Duration::from_secs(5))
        .await;

    match result {
        Err(Error::Protocol(msg)) => {
            assert!(
                msg.contains("501") || msg.contains("cancel") || msg.contains("RFC 4954 Section 6"),
                "protocol error should explain the post-cancel AUTH violation: {msg}"
            );
        }
        other => panic!(
            "AUTH success after client cancellation must be a protocol error \
             (RFC 4954 Section 6), got: {other:?}"
        ),
    }

    let authenticated = conn.inner.lock().await.authenticated;
    assert!(
        !authenticated,
        "client must remain unauthenticated after cancelling AUTH"
    );
}

#[tokio::test]
async fn auth_xoauth2_cancels_on_334_challenge() {
    // RFC 4954 Section 6: same cancellation logic applies to XOAUTH2.
    // If the server responds to AUTH XOAUTH2 with a 334 challenge,
    // the client must send "*\r\n" to cancel before returning.
    let stream = mock_interactive_server(vec![
        ("AUTH XOAUTH2", "334 eyJzdGF0dXMiOiI0MDEifQ==\r\n"),
        ("*", "535 5.7.8 Authentication failed\r\n"),
    ])
    .await;
    // A legacy SASL-IR keyword is advertised, but RFC 4954 Section 4
    // already allows the initial response on the AUTH command line.
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::Auth(vec![crate::types::AuthMechanism::XOAuth2]),
            SmtpExtension::SaslIr,
        ],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .auth_xoauth2("user", "token", Duration::from_secs(5))
        .await;

    assert!(result.is_err(), "auth must fail when server sends 334");
    match result.unwrap_err() {
        Error::Auth { response, .. } => {
            assert_eq!(
                response.code, 535,
                "after cancelling the 334 challenge, the final error must \
                 be the server's 535 reply (RFC 4954 Section 6)"
            );
        }
        other => panic!("expected Auth error, got: {other:?}"),
    }
}

// ── RFC 7628 §3.2.3 — OAUTHBEARER sends AQ== (not *) on 334 ──────

#[tokio::test]
async fn auth_oauthbearer_sends_aq_on_334_challenge() {
    // RFC 7628 Section 3.2.3: when the server rejects an OAUTHBEARER
    // attempt with a 334 challenge containing a JSON error, the client
    // MUST send the base64-encoded SOH byte ("AQ==") as the error
    // acknowledgment — NOT the generic SASL abort ("*") from
    // RFC 4954 Section 6.
    //
    // The server then replies with the final error (e.g. 535).
    let stream = mock_interactive_server(vec![
        ("AUTH OAUTHBEARER", "334 eyJzdGF0dXMiOiI0MDEifQ==\r\n"),
        ("AQ==", "535 5.7.8 Authentication failed\r\n"),
    ])
    .await;
    // A legacy SASL-IR keyword is advertised, but RFC 4954 Section 4
    // already allows the initial response on the AUTH command line.
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::Auth(vec![crate::types::AuthMechanism::OAuthBearer]),
            SmtpExtension::SaslIr,
        ],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .auth_oauthbearer("token123", Duration::from_secs(5))
        .await;

    assert!(result.is_err(), "auth must fail when server sends 334");
    match result.unwrap_err() {
        Error::Auth { response, .. } => {
            assert_eq!(
                response.code, 535,
                "after acknowledging the 334 challenge with AQ==, the final error \
                 must be the server's 535 reply (RFC 7628 Section 3.2.3)"
            );
        }
        other => panic!("expected Auth error, got: {other:?}"),
    }
}

// ── RFC 2034 §3 — enhanced code with no trailing text ─────────────

#[test]
fn parse_response_enhanced_code_no_trailing_text() {
    // RFC 2034 Section 3: "Any additional text … if any, SHOULD be a
    // complete line." The "if any" means text after the enhanced code
    // is optional. try_parse_response must extract the enhanced code
    // even when no text follows it.
    let buf = b"550 5.1.1\r\n";
    let (resp, _consumed) = SmtpConnection::try_parse_response(buf).unwrap().unwrap();
    assert_eq!(resp.code, 550);
    let esc = resp.enhanced_code.unwrap();
    assert_eq!(esc.class, 5);
    assert_eq!(esc.subject, 1);
    assert_eq!(esc.detail, 1);
    assert!(
        resp.lines[0].is_empty(),
        "text should be empty when enhanced code is the entire text, got: {:?}",
        resp.lines[0]
    );
}

// ── RFC 5321 §3.3 — RSET after DATA rejection (sequential) ────────

#[tokio::test]
async fn sequential_send_data_rejected_sends_rset() {
    // RFC 5321 Section 3.3: when the DATA command is rejected (non-354)
    // after MAIL FROM succeeded and recipients were accepted, the client
    // must send RSET to abort the mail transaction so the connection is
    // left in a clean state.
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = [0u8; 4096];

        // Wait for MAIL FROM.
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0, "connection closed while waiting for MAIL FROM");
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("MAIL FROM:") {
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // Wait for RCPT TO — accept it.
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0, "connection closed while waiting for RCPT TO");
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("RCPT TO:") {
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // Wait for DATA — reject it.
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0, "connection closed while waiting for DATA");
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("DATA") {
                break;
            }
        }
        socket
            .write_all(b"554 Transaction failed\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // Client must send RSET to abort the transaction.
        accumulated.clear();
        let rset_received = tokio::time::timeout(Duration::from_secs(3), async {
            loop {
                let n = socket.read(&mut buf).await.unwrap();
                if n == 0 {
                    return false;
                }
                accumulated.extend_from_slice(&buf[..n]);
                if String::from_utf8_lossy(&accumulated).contains("RSET") {
                    return true;
                }
            }
        })
        .await;

        assert!(
            matches!(rset_received, Ok(true)),
            "client must send RSET after DATA rejection to clean up the \
             mail transaction (RFC 5321 Section 3.3): rset_received={rset_received:?}"
        );

        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello",
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_err());
    server.await.unwrap();
}

// ── RFC 5321 §3.3 — RSET after DATA rejection (pipelined) ─────────

#[tokio::test]
async fn pipelined_send_data_rejected_sends_rset() {
    // RFC 5321 Section 3.3: when the DATA command is rejected (non-354)
    // in pipelined mode after MAIL FROM succeeded and recipients were
    // accepted, the client must send RSET to abort the mail transaction.
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = [0u8; 4096];

        // Read pipelined commands (MAIL FROM + RCPT TO + DATA).
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(
                n > 0,
                "connection closed while waiting for pipelined commands"
            );
            accumulated.extend_from_slice(&buf[..n]);
            let text = String::from_utf8_lossy(&accumulated);
            if text.contains("DATA") {
                break;
            }
        }

        // Respond: MAIL FROM OK, RCPT TO OK, DATA rejected.
        socket
            .write_all(b"250 OK\r\n250 OK\r\n554 Transaction failed\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // Client must send RSET after DATA rejection.
        accumulated.clear();
        let rset_received = tokio::time::timeout(Duration::from_secs(3), async {
            loop {
                let n = socket.read(&mut buf).await.unwrap();
                if n == 0 {
                    return false;
                }
                accumulated.extend_from_slice(&buf[..n]);
                if String::from_utf8_lossy(&accumulated).contains("RSET") {
                    return true;
                }
            }
        })
        .await;

        assert!(
            matches!(rset_received, Ok(true)),
            "client must send RSET after pipelined DATA rejection to clean up \
             the mail transaction (RFC 5321 Section 3.3): rset_received={rset_received:?}"
        );

        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    let conn = SmtpConnection::from_plain(stream, smtp_caps_with_pipelining(), Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello",
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_err());
    server.await.unwrap();
}

// ── RFC 2033 §4.2 / RFC 5321 §3.3 — RSET after DATA rejection (LMTP) ──

#[tokio::test]
async fn lmtp_send_data_rejected_sends_rset() {
    // RFC 2033 Section 4.2 / RFC 5321 Section 3.3: when the DATA
    // command is rejected in LMTP after MAIL FROM succeeded and
    // recipients were accepted, the client must send RSET to abort
    // the mail transaction.
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = [0u8; 4096];

        // Wait for MAIL FROM.
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0, "connection closed while waiting for MAIL FROM");
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("MAIL FROM:") {
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // Wait for RCPT TO — accept it.
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0, "connection closed while waiting for RCPT TO");
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("RCPT TO:") {
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // Wait for DATA — reject it.
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0, "connection closed while waiting for DATA");
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("DATA") {
                break;
            }
        }
        socket
            .write_all(b"554 Transaction failed\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // Client must send RSET after DATA rejection.
        accumulated.clear();
        let rset_received = tokio::time::timeout(Duration::from_secs(3), async {
            loop {
                let n = socket.read(&mut buf).await.unwrap();
                if n == 0 {
                    return false;
                }
                accumulated.extend_from_slice(&buf[..n]);
                if String::from_utf8_lossy(&accumulated).contains("RSET") {
                    return true;
                }
            }
        })
        .await;

        assert!(
            matches!(rset_received, Ok(true)),
            "LMTP client must send RSET after DATA rejection to clean up \
             the mail transaction (RFC 2033 Section 4.2 / RFC 5321 Section 3.3): \
             rset_received={rset_received:?}"
        );

        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    let conn = SmtpConnection::from_plain(stream, ServerCapabilities::default(), Protocol::Lmtp);

    let result = conn
        .send_lmtp(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello",
            None,
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_err());
    server.await.unwrap();
}

// ── RFC 3030 §3 + RFC 2033 §4.2 — LMTP BDAT per-recipient responses ──

#[tokio::test]
async fn lmtp_bdat_per_recipient_responses() {
    // RFC 3030 Section 3 + RFC 2033 Section 4.2: BDAT LAST over LMTP
    // must return per-recipient responses, just like DATA over LMTP.
    // Binary content with NUL bytes requires BODY=BINARYMIME
    // (RFC 3030 Section 4 / RFC 5321 Section 4.5.2).
    use crate::types::{BodyType, MailFromParams};

    let stream = mock_interactive_server(vec![
        // MAIL FROM
        ("MAIL FROM:", "250 OK\r\n"),
        // RCPT TO #1 — accepted
        ("RCPT TO:", "250 OK\r\n"),
        // RCPT TO #2 — rejected
        ("RCPT TO:", "550 Unknown user\r\n"),
        // RCPT TO #3 — accepted
        ("RCPT TO:", "250 OK\r\n"),
        // BDAT LAST: LMTP returns one response per accepted recipient
        // (RFC 2033 Section 4.2).
        (
            "BDAT ",
            "250 Delivered to rcpt1\r\n550 Delivery failed for rcpt3\r\n",
        ),
    ])
    .await;

    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Chunking, SmtpExtension::BinaryMime],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Lmtp);

    let params = MailFromParams {
        body: Some(BodyType::BinaryMime),
        ..Default::default()
    };
    let results = conn
        .send_lmtp_bdat(
            &ReversePath::new("sender@example.com").unwrap(),
            &[
                ForwardPath::new("rcpt1@example.com").unwrap(),
                ForwardPath::new("rcpt2@example.com").unwrap(),
                ForwardPath::new("rcpt3@example.com").unwrap(),
            ],
            b"\x00\x01\x02binary content\xff\xfe",
            Some(&params),
            Duration::from_secs(5),
        )
        .await
        .unwrap();

    // Only 2 recipients were accepted by RCPT TO, so 2 results.
    assert_eq!(results.results.len(), 2);
    assert_eq!(results.results[0].recipient.as_str(), "rcpt1@example.com");
    assert!(results.results[0].response.is_success());
    assert_eq!(results.results[1].recipient.as_str(), "rcpt3@example.com");
    assert!(results.results[1].response.is_permanent_error());
}

// ── RFC 4954 §4 — AUTH line length limit (RFC 5321 §4.5.3.1.4) ──

#[tokio::test]
async fn auth_plain_long_credentials_uses_two_step() {
    // RFC 4954 §4: "If use of the initial response argument would
    // cause the AUTH command to exceed [the 512-octet line limit],
    // the client MUST NOT use the initial response parameter."
    //
    // With a username and password totalling > 371 chars, the base64
    // encoding of "\0user\0pass" exceeds the room left after
    // "AUTH PLAIN " + CRLF = 13 octets, pushing the command past 512.
    use tokio::io::AsyncReadExt;

    let long_user = "u".repeat(200);
    let long_pass = "p".repeat(200);

    // Verify the one-line form would exceed 512 octets.
    let mut check_buf = BytesMut::new();
    encode::encode_auth_plain(&mut check_buf, &long_user, &long_pass);
    assert!(
        check_buf.len() > 512,
        "test setup: one-line AUTH PLAIN must exceed 512 octets, got {}",
        check_buf.len()
    );

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let long_user_clone = long_user.clone();
    let long_pass_clone = long_pass.clone();
    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = [0u8; 8192];

        // Read the first line from the client.
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0, "connection closed before reading AUTH command");
            accumulated.extend_from_slice(&buf[..n]);
            if accumulated.windows(2).any(|w| w == b"\r\n") {
                break;
            }
        }

        let first_line = String::from_utf8_lossy(&accumulated);
        // The first line MUST be "AUTH PLAIN\r\n" — no initial response.
        assert!(
            first_line.starts_with("AUTH PLAIN\r\n"),
            "RFC 4954 §4: long credentials must use two-step AUTH. \
             Expected 'AUTH PLAIN\\r\\n', got: {:?}",
            &first_line[..first_line.len().min(80)]
        );

        // Send 334 server challenge (RFC 4954 §5).
        socket.write_all(b"334\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // Read the base64 credentials line.
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0, "connection closed before reading base64 credentials");
            accumulated.extend_from_slice(&buf[..n]);
            if accumulated.windows(2).any(|w| w == b"\r\n") {
                break;
            }
        }

        // Verify the base64 decodes to the correct credentials.
        let cred_line = String::from_utf8_lossy(&accumulated);
        let b64 = cred_line.trim_end_matches("\r\n");
        let decoded = base64::engine::general_purpose::STANDARD
            .decode(b64)
            .unwrap();
        let mut expected = Vec::new();
        expected.push(0u8);
        expected.extend_from_slice(long_user_clone.as_bytes());
        expected.push(0u8);
        expected.extend_from_slice(long_pass_clone.as_bytes());
        assert_eq!(
            decoded, expected,
            "base64 credentials must decode correctly"
        );

        // Send success.
        socket
            .write_all(b"235 2.7.0 Authentication successful\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    // SASL-IR is advertised — verifies that the line-length limit
    // still forces a two-step exchange even when SASL-IR is available.
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::Auth(vec![crate::types::AuthMechanism::Plain]),
            SmtpExtension::SaslIr,
        ],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .auth_plain(&long_user, &long_pass, Duration::from_secs(5))
        .await;

    assert!(
        result.is_ok(),
        "auth_plain with long credentials should succeed via two-step: {:?}",
        result.unwrap_err()
    );
    server.await.unwrap();
}

#[tokio::test]
async fn auth_xoauth2_long_token_uses_two_step() {
    // RFC 4954 §4: same line-length rule applies to AUTH XOAUTH2.
    // A very long OAuth2 token will push the base64 past 512 octets.
    use tokio::io::AsyncReadExt;

    let user = "user@example.com";
    let long_token = "t".repeat(500);

    // Verify the one-line form would exceed 512 octets.
    let mut check_buf = BytesMut::new();
    encode::encode_auth_xoauth2(&mut check_buf, user, &long_token);
    assert!(
        check_buf.len() > 512,
        "test setup: one-line AUTH XOAUTH2 must exceed 512 octets, got {}",
        check_buf.len()
    );

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let long_token_clone = long_token.clone();
    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = [0u8; 8192];

        // Read the first line from the client.
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0, "connection closed before reading AUTH command");
            accumulated.extend_from_slice(&buf[..n]);
            if accumulated.windows(2).any(|w| w == b"\r\n") {
                break;
            }
        }

        let first_line = String::from_utf8_lossy(&accumulated);
        assert!(
            first_line.starts_with("AUTH XOAUTH2\r\n"),
            "RFC 4954 §4: long token must use two-step AUTH. \
             Expected 'AUTH XOAUTH2\\r\\n', got: {:?}",
            &first_line[..first_line.len().min(80)]
        );

        // Send 334 server challenge.
        socket.write_all(b"334\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // Read the base64 credentials line.
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0, "connection closed before reading base64 token");
            accumulated.extend_from_slice(&buf[..n]);
            if accumulated.windows(2).any(|w| w == b"\r\n") {
                break;
            }
        }

        // Verify the base64 decodes correctly.
        let cred_line = String::from_utf8_lossy(&accumulated);
        let b64 = cred_line.trim_end_matches("\r\n");
        let decoded = base64::engine::general_purpose::STANDARD
            .decode(b64)
            .unwrap();
        let expected = format!(
            "user={}\x01auth=Bearer {}\x01\x01",
            "user@example.com", long_token_clone
        );
        assert_eq!(
            decoded,
            expected.as_bytes(),
            "base64 XOAUTH2 token must decode correctly"
        );

        // Send success.
        socket
            .write_all(b"235 2.7.0 Authentication successful\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    // SASL-IR is advertised — verifies that the line-length limit
    // still forces a two-step exchange even when SASL-IR is available.
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::Auth(vec![crate::types::AuthMechanism::XOAuth2]),
            SmtpExtension::SaslIr,
        ],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .auth_xoauth2(user, &long_token, Duration::from_secs(5))
        .await;

    assert!(
        result.is_ok(),
        "auth_xoauth2 with long token should succeed via two-step: {:?}",
        result.unwrap_err()
    );
    server.await.unwrap();
}

#[tokio::test]
async fn auth_plain_short_credentials_uses_one_step() {
    // Verify that short credentials still use the single-line form
    //. "AUTH PLAIN <base64>\r\n" should all fit in
    // one line when credentials are small.
    use tokio::io::AsyncReadExt;

    let user = "alice";
    let pass = "secret";

    // Verify the one-line form fits in 512 octets.
    let mut check_buf = BytesMut::new();
    encode::encode_auth_plain(&mut check_buf, user, pass);
    assert!(
        check_buf.len() <= 512,
        "test setup: one-line AUTH PLAIN must fit in 512 octets, got {}",
        check_buf.len()
    );

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = [0u8; 4096];

        // Read the first line from the client.
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0, "connection closed before reading AUTH command");
            accumulated.extend_from_slice(&buf[..n]);
            if accumulated.windows(2).any(|w| w == b"\r\n") {
                break;
            }
        }

        let first_line = String::from_utf8_lossy(&accumulated);
        // Must start with "AUTH PLAIN " (with a space, not just CRLF)
        // to confirm the initial response is included on the same line.
        assert!(
            first_line.starts_with("AUTH PLAIN "),
            "Short credentials should use one-step AUTH PLAIN. \
             Expected line starting with 'AUTH PLAIN ', got: {:?}",
            &first_line[..first_line.len().min(80)]
        );

        // Send success.
        socket
            .write_all(b"235 2.7.0 Authentication successful\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    // SASL-IR is advertised so the initial response should be included.
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::Auth(vec![crate::types::AuthMechanism::Plain]),
            SmtpExtension::SaslIr,
        ],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn.auth_plain(user, pass, Duration::from_secs(5)).await;

    assert!(
        result.is_ok(),
        "auth_plain with short credentials should succeed: {:?}",
        result.unwrap_err()
    );
    server.await.unwrap();
}

#[test]
fn parse_response_rejects_overlong_reply_line() {
    // The client enforces a permissive 8192-octet reply line limit
    // (relaxed from RFC 5321 Section 4.5.3.1.5's 512-octet limit
    // per Postel's law). Lines exceeding 8192 octets are rejected.
    let mut line = Vec::new();
    line.extend_from_slice(b"250 ");
    // 8192 - 4 (code + space) - 2 (CRLF) = 8186 bytes of text is the max.
    // Add 8187 bytes of text to exceed the limit.
    line.extend(std::iter::repeat(b'X').take(8187));
    line.extend_from_slice(b"\r\n");
    assert!(
        line.len() > 8192,
        "test setup: line must exceed 8192 octets"
    );
    let result = SmtpConnection::try_parse_response(&line);
    assert!(
        result.is_err(),
        "reply line exceeding 8192 octets must be rejected"
    );
}

#[test]
fn parse_response_accepts_max_length_reply_line() {
    // The permissive 8192-octet limit (relaxed from RFC 5321
    // Section 4.5.3.1.5 per Postel's law). A line of exactly 8192
    // octets should be accepted.
    let mut line = Vec::new();
    line.extend_from_slice(b"250 ");
    // 8192 - 4 (code + space) - 2 (CRLF) = 8186 bytes of text.
    line.extend(std::iter::repeat(b'X').take(8186));
    line.extend_from_slice(b"\r\n");
    assert_eq!(line.len(), 8192);
    let result = SmtpConnection::try_parse_response(&line);
    assert!(
        result.unwrap().is_some(),
        "reply line of exactly 8192 octets must be accepted"
    );
}

// ── RFC 5321 §4.5.3.1.4 — command line length validation ────────────

#[test]
fn reverse_path_rejects_overlong_address() {
    // RFC 5321 Section 4.5.3.1.3 / 4.5.3.1.4: addresses exceeding
    // the 254-octet limit (256-octet path) are rejected by the
    // ReversePath constructor.
    let long_local = "a".repeat(499 - "@example.com".len());
    let overlong_addr = format!("{long_local}@example.com");
    assert_eq!(overlong_addr.len(), 499);

    let result = ReversePath::new(&overlong_addr);
    assert!(
        result.is_err(),
        "overlong reverse-path must be rejected (RFC 5321 Section 4.5.3.1.3)"
    );
}

#[test]
fn forward_path_rejects_overlong_address() {
    // RFC 5321 Section 4.5.3.1.3 / 4.5.3.1.4: addresses exceeding
    // the 254-octet limit are rejected by the ForwardPath constructor.
    let long_local = "b".repeat(501 - "@example.com".len());
    let overlong_rcpt = format!("{long_local}@example.com");
    assert_eq!(overlong_rcpt.len(), 501);

    let result = ForwardPath::new(&overlong_rcpt);
    assert!(
        result.is_err(),
        "overlong forward-path must be rejected (RFC 5321 Section 4.5.3.1.3)"
    );
}

#[tokio::test]
async fn send_accepts_mail_from_at_path_limit() {
    // RFC 5321 Section 4.5.3.1.3: an address of exactly 254 octets
    // produces a 256-octet path and is at the limit.
    //
    // Note: the previous test `send_accepts_mail_from_at_512_limit`
    // used a 498-octet address, which now exceeds the 256-octet path
    // limit. The effective limit for a bare MAIL FROM address is 254
    // octets (path limit), well below the 512-octet command line limit.
    let domain_189 = format!("{}.{}.{}", "q".repeat(63), "r".repeat(63), "s".repeat(61));
    let max_addr = format!("{}@{domain_189}", "c".repeat(64));
    assert_eq!(max_addr.len(), 254);

    let stream = mock_interactive_server(vec![
        ("MAIL FROM:", "250 OK\r\n"),
        ("RCPT TO:", "250 OK\r\n"),
        ("DATA", "354 Start\r\n"),
        ("\r\n.\r\n", "250 OK\r\n"),
    ])
    .await;

    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new(&max_addr).unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello",
            Duration::from_secs(5),
        )
        .await;

    assert!(
        result.is_ok(),
        "MAIL FROM at exactly 256-octet path must be accepted: {result:?}"
    );
}

#[test]
fn pipelined_forward_path_rejects_overlong_rcpt_to() {
    // RFC 5321 Section 4.5.3.1.3: each recipient path must not exceed
    // 256 octets. Validation now happens in ForwardPath::new().
    let long_local = "d".repeat(501 - "@example.com".len());
    let overlong_rcpt = format!("{long_local}@example.com");
    assert_eq!(overlong_rcpt.len(), 501);

    let result = ForwardPath::new(&overlong_rcpt);
    assert!(
        result.is_err(),
        "overlong forward-path must be rejected (RFC 5321 Section 4.5.3.1.3)"
    );
}

#[test]
fn bdat_forward_path_rejects_overlong_rcpt_to() {
    // RFC 5321 Section 4.5.3.1.3: BDAT path also validates path length
    // via ForwardPath::new().
    let long_local = "e".repeat(501 - "@example.com".len());
    let overlong_rcpt = format!("{long_local}@example.com");

    let result = ForwardPath::new(&overlong_rcpt);
    assert!(
        result.is_err(),
        "overlong forward-path must be rejected (RFC 5321 Section 4.5.3.1.3)"
    );
}

// ── RFC 5321 §4.5.3.1.3 — reverse-path / forward-path length limit ──

#[test]
fn reverse_path_rejects_overlong_255_octet_address() {
    // RFC 5321 Section 4.5.3.1.3: "The maximum total length of a
    // reverse-path or forward-path is 256 octets (including the
    // punctuation and element separators)."
    // The reverse-path is `<addr>`, so the address itself can be at
    // most 254 octets (256 - 2 for angle brackets).
    let domain_190 = format!("{}.{}.{}", "u".repeat(63), "v".repeat(63), "w".repeat(62));
    let overlong_addr = format!("{}@{domain_190}", "a".repeat(64));
    assert_eq!(overlong_addr.len(), 255);

    let result = ReversePath::new(&overlong_addr);
    assert!(
        result.is_err(),
        "reverse-path exceeding 256 octets must be rejected (RFC 5321 Section 4.5.3.1.3)"
    );
}

#[test]
fn forward_path_rejects_overlong_255_octet_address() {
    // RFC 5321 Section 4.5.3.1.3: forward-path (RCPT TO address)
    // also has a 256-octet limit including angle brackets.
    let domain_190 = format!("{}.{}.{}", "y".repeat(63), "z".repeat(63), "k".repeat(62));
    let overlong_rcpt = format!("{}@{domain_190}", "b".repeat(64));
    assert_eq!(overlong_rcpt.len(), 255);

    let result = ForwardPath::new(&overlong_rcpt);
    assert!(
        result.is_err(),
        "forward-path exceeding 256 octets must be rejected (RFC 5321 Section 4.5.3.1.3)"
    );
}

#[test]
fn path_types_accept_address_at_path_limit() {
    // An address of exactly 254 octets gives a path of exactly 256
    // octets (including `<` and `>`) and must be accepted.
    let domain_189 = format!("{}.{}.{}", "m".repeat(63), "n".repeat(63), "o".repeat(61));
    let max_addr = format!("{}@{domain_189}", "c".repeat(64));
    assert_eq!(max_addr.len(), 254);

    let rp = ReversePath::new(&max_addr);
    assert!(
        rp.is_ok(),
        "reverse-path at exactly 254 octets must be accepted: {rp:?}"
    );

    let fp = ForwardPath::new(&max_addr);
    assert!(
        fp.is_ok(),
        "forward-path at exactly 254 octets must be accepted: {fp:?}"
    );
}

#[test]
fn bdat_reverse_path_rejects_overlong_address() {
    // RFC 5321 Section 4.5.3.1.3: same path limit applies to BDAT path.
    // Validation now happens in ReversePath::new().
    let overlong_addr = format!("{}@example.com", "a".repeat(255 - "@example.com".len()));
    assert!(overlong_addr.len() > 254);

    let result = ReversePath::new(&overlong_addr);
    assert!(
        result.is_err(),
        "BDAT: overlong reverse-path must be rejected (RFC 5321 Section 4.5.3.1.3)"
    );
}

#[test]
fn lmtp_forward_path_rejects_overlong_address() {
    // RFC 5321 Section 4.5.3.1.3: same path limit applies to LMTP path.
    // Validation now happens in ForwardPath::new().
    let overlong_rcpt = format!("{}@example.com", "b".repeat(255 - "@example.com".len()));
    assert!(overlong_rcpt.len() > 254);

    let result = ForwardPath::new(&overlong_rcpt);
    assert!(
        result.is_err(),
        "LMTP: overlong forward-path must be rejected (RFC 5321 Section 4.5.3.1.3)"
    );
}

// ── RFC 5321 §4.1.1.6 — VRFY command ────────────────────────────

#[tokio::test]
async fn vrfy_success() {
    // RFC 5321 Section 4.1.1.6: VRFY verifies a user/mailbox.
    // 250 response confirms the user exists.
    let stream = mock_server(vec!["250 User Name <user@example.com>\r\n"]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let resp = conn.vrfy("user@example.com", Duration::from_secs(5)).await;
    assert!(resp.is_ok(), "vrfy should succeed: {resp:?}");
    let resp = resp.unwrap();
    assert_eq!(resp.code, 250);
    assert!(resp.lines[0].contains("user@example.com"));
}

#[tokio::test]
async fn vrfy_not_implemented() {
    // RFC 5321 Section 3.5.3: servers MAY disable VRFY with 502.
    let stream = mock_server(vec!["502 VRFY command is disabled\r\n"]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let resp = conn
        .vrfy("user@example.com", Duration::from_secs(5))
        .await
        .unwrap();
    assert_eq!(resp.code, 502);
}

#[tokio::test]
async fn vrfy_rejects_crlf_injection() {
    // RFC 5321 Section 4.1.2: VRFY argument must not contain CRLF.
    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let result = conn
        .vrfy("user\r\nMAIL FROM:<evil@x.com>", Duration::from_secs(1))
        .await;
    assert!(result.is_err(), "CRLF in VRFY argument must be rejected");
}

// ── RFC 5321 §4.1.1.7 — EXPN command ────────────────────────────

#[tokio::test]
async fn expn_success() {
    // RFC 5321 Section 4.1.1.7: EXPN expands a mailing list.
    // Multi-line 250 response lists the members.
    let stream = mock_server(vec![
        "250-Alice <alice@example.com>\r\n250 Bob <bob@example.com>\r\n",
    ])
    .await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let resp = conn.expn("staff", Duration::from_secs(5)).await;
    assert!(resp.is_ok(), "expn should succeed: {resp:?}");
    let resp = resp.unwrap();
    assert_eq!(resp.code, 250);
    assert_eq!(resp.lines.len(), 2);
}

#[tokio::test]
async fn expn_not_implemented() {
    // RFC 5321 Section 3.5.3: servers MAY disable EXPN with 502.
    let stream = mock_server(vec!["502 EXPN command is disabled\r\n"]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let resp = conn.expn("staff", Duration::from_secs(5)).await.unwrap();
    assert_eq!(resp.code, 502);
}

#[tokio::test]
async fn expn_rejects_crlf_injection() {
    // RFC 5321 Section 4.1.2: EXPN argument must not contain CRLF.
    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let result = conn
        .expn("list\r\nRCPT TO:<evil@x.com>", Duration::from_secs(1))
        .await;
    assert!(result.is_err(), "CRLF in EXPN argument must be rejected");
}

// ── RFC 5321 §4.1.1.8 — HELP command ────────────────────────────

#[tokio::test]
async fn help_without_argument_succeeds() {
    // RFC 5321 Section 4.1.1.8: HELP may be issued without an argument.
    let stream = mock_server(vec!["214 Supported commands: EHLO MAIL RCPT DATA\r\n"]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let resp = conn.help(None, Duration::from_secs(5)).await;
    assert!(resp.is_ok(), "help(None) should succeed: {resp:?}");
    let resp = resp.unwrap();
    assert_eq!(resp.code, 214);
    assert!(resp.lines[0].contains("Supported commands"));
}

#[tokio::test]
async fn help_with_argument_succeeds() {
    // RFC 5321 Section 4.1.1.8: HELP may take a String argument to ask
    // for topic-specific information.
    let stream = mock_server(vec![
        "211 MAIL FROM:<reverse-path> [SP Mail-parameters]\r\n",
    ])
    .await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let resp = conn.help(Some("MAIL"), Duration::from_secs(5)).await;
    assert!(
        resp.is_ok(),
        "help(Some(\"MAIL\")) should succeed: {resp:?}"
    );
    let resp = resp.unwrap();
    assert_eq!(resp.code, 211);
    assert!(resp.lines[0].contains("MAIL FROM"));
}

#[tokio::test]
async fn help_rejects_empty_argument() {
    // RFC 5321 Section 4.1.1.8: `[ SP String ]` allows omitting the
    // argument entirely, but if present the String must be non-empty.
    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let result = conn.help(Some(""), Duration::from_secs(1)).await;
    assert!(
        result.is_err(),
        "HELP with an empty String argument must be rejected"
    );
}

// ── RFC 5321 §2.2.1 / RFC 1870 §3 — SIZE requires server support ──

#[tokio::test]
async fn send_with_params_rejects_size_without_server_support() {
    // RFC 5321 Section 2.2.1: "An SMTP client MUST NOT use SMTP
    // service extensions that have not been offered by the server."
    // RFC 1870 Section 3: the SIZE parameter is part of the SIZE
    // extension. If the server does not advertise SIZE, the client
    // must not include SIZE= in MAIL FROM.
    use crate::types::MailFromParams;

    let stream = mock_server(vec![]).await;
    // Server does NOT advertise SIZE.
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let params = MailFromParams {
        size: Some(1024),
        ..Default::default()
    };
    let result = conn
        .send_with_params(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Hello",
            Some(&params),
            Duration::from_secs(1),
        )
        .await;

    assert!(
        result.is_err(),
        "SIZE parameter without server SIZE support must fail \
         (RFC 5321 Section 2.2.1 / RFC 1870 Section 3)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(msg.contains("SIZE"), "error should mention SIZE: {msg}");
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

// ── RFC 5321 §2.3.8 — bare CR/LF in DATA message body ──────────────

#[tokio::test]
async fn send_rejects_bare_lf_in_message() {
    // RFC 5321 Section 2.3.8: SMTP DATA requires CRLF line endings.
    // Bare LF (\n not preceded by \r) is a protocol violation.
    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\n\nBare LF body",
            Duration::from_secs(1),
        )
        .await;

    assert!(
        result.is_err(),
        "bare LF in message data must be rejected (RFC 5321 Section 2.3.8)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("bare LF") || msg.contains("CRLF"),
                "error should mention bare LF or CRLF: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

#[tokio::test]
async fn send_rejects_bare_cr_in_message() {
    // RFC 5321 Section 2.3.8: bare CR (\r not followed by \n) is
    // a protocol violation in SMTP DATA.
    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\rBare CR body\r\n",
            Duration::from_secs(1),
        )
        .await;

    assert!(
        result.is_err(),
        "bare CR in message data must be rejected (RFC 5321 Section 2.3.8)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("bare CR") || msg.contains("CRLF"),
                "error should mention bare CR or CRLF: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

// ── RFC 5321 §4.5.2 — NUL bytes prohibited in DATA content ────────

#[tokio::test]
async fn send_rejects_null_byte_in_data() {
    // RFC 5321 Section 4.5.2: "In the absence of a server-offered SMTP
    // extension explicitly permitting it, a sending SMTP system MUST NOT
    // send a message that contains octets with a value of 0x00."
    // The DATA path must reject messages containing NUL bytes.
    // (The BDAT path allows binary content, so NUL is permitted there.)
    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello\x00World\r\n",
            Duration::from_secs(1),
        )
        .await;

    assert!(
        result.is_err(),
        "NUL byte in DATA content must be rejected (RFC 5321 Section 4.5.2)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("NUL") || msg.contains("0x00"),
                "error should mention NUL byte: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

#[tokio::test]
async fn send_lmtp_rejects_null_byte_in_data() {
    // RFC 5321 Section 4.5.2: same NUL byte check for LMTP DATA path.
    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, ServerCapabilities::default(), Protocol::Lmtp);

    let result = conn
        .send_lmtp(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nContains\x00NUL\r\n",
            None,
            Duration::from_secs(1),
        )
        .await;

    assert!(
        result.is_err(),
        "LMTP: NUL byte in DATA content must be rejected (RFC 5321 Section 4.5.2)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("NUL") || msg.contains("0x00"),
                "error should mention NUL byte: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

#[tokio::test]
async fn send_bdat_allows_null_byte_in_content() {
    // RFC 3030 Section 4: BDAT with BODY=BINARYMIME sends binary
    // content without dot-stuffing or DATA restrictions. NUL bytes
    // are permitted when BINARYMIME is declared.
    use crate::types::{BodyType, MailFromParams};

    let stream = mock_interactive_server(vec![
        ("MAIL FROM:", "250 OK\r\n"),
        ("RCPT TO:", "250 OK\r\n"),
        ("BDAT ", "250 OK\r\n"),
    ])
    .await;

    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Chunking, SmtpExtension::BinaryMime],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        body: Some(BodyType::BinaryMime),
        ..Default::default()
    };
    let result = conn
        .send_bdat(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"\x00\x01\x02binary content\xff\xfe",
            Some(&params),
            Duration::from_secs(5),
        )
        .await;

    assert!(
        result.is_ok(),
        "BDAT with BODY=BINARYMIME must allow NUL bytes \
         (RFC 3030 Section 4): {result:?}"
    );
}

#[tokio::test]
async fn send_accepts_proper_crlf_message() {
    // Messages with proper CRLF line endings must be accepted.
    let stream = mock_interactive_server(vec![
        ("MAIL FROM:", "250 OK\r\n"),
        ("RCPT TO:", "250 OK\r\n"),
        ("DATA", "354 Start\r\n"),
        ("\r\n.\r\n", "250 OK\r\n"),
    ])
    .await;

    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nProper CRLF body\r\n",
            Duration::from_secs(5),
        )
        .await;

    assert!(
        result.is_ok(),
        "message with proper CRLF must be accepted: {result:?}"
    );
}

#[tokio::test]
async fn send_lmtp_rejects_bare_lf_in_message() {
    // RFC 5321 Section 2.3.8: same bare LF check for LMTP DATA path.
    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, ServerCapabilities::default(), Protocol::Lmtp);

    let result = conn
        .send_lmtp(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\n\nBare LF",
            None,
            Duration::from_secs(1),
        )
        .await;

    assert!(
        result.is_err(),
        "LMTP: bare LF in message data must be rejected (RFC 5321 Section 2.3.8)"
    );
}

// ── RFC 5321 §4.5.3.1.6 — text line length (1000 octets including CRLF) ──

#[tokio::test]
async fn send_rejects_overlong_text_line() {
    // RFC 5321 Section 4.5.3.1.6: "The maximum total length of a
    // text line including the <CRLF> is 1000 octets."
    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    // Build a message with a 1001-octet line (999 chars + CRLF = 1001).
    let mut message = Vec::new();
    message.extend_from_slice(b"Subject: Test\r\n\r\n");
    message.extend(std::iter::repeat(b'X').take(999));
    message.extend_from_slice(b"\r\n");

    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            &message,
            Duration::from_secs(1),
        )
        .await;

    assert!(
        result.is_err(),
        "text line exceeding 1000 octets must be rejected \
         (RFC 5321 Section 4.5.3.1.6)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("1000") || msg.contains("text line"),
                "error should mention 1000-octet limit: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

#[tokio::test]
async fn send_accepts_text_line_at_1000_limit() {
    // RFC 5321 Section 4.5.3.1.6: a line of exactly 1000 octets
    // (998 content + CRLF) must be accepted.
    let stream = mock_interactive_server(vec![
        ("MAIL FROM:", "250 OK\r\n"),
        ("RCPT TO:", "250 OK\r\n"),
        ("DATA", "354 Start\r\n"),
        ("\r\n.\r\n", "250 OK\r\n"),
    ])
    .await;

    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    // Build a message with a line of exactly 1000 octets (998 + CRLF).
    let mut message = Vec::new();
    message.extend_from_slice(b"Subject: Test\r\n\r\n");
    message.extend(std::iter::repeat(b'X').take(998));
    message.extend_from_slice(b"\r\n");

    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            &message,
            Duration::from_secs(5),
        )
        .await;

    assert!(
        result.is_ok(),
        "text line of exactly 1000 octets must be accepted: {result:?}"
    );
}

#[tokio::test]
async fn send_rejects_overlong_trailing_line_without_crlf() {
    // RFC 5321 Section 4.5.3.1.6: a trailing segment without CRLF
    // will have CRLF appended by the DATA terminator, so its
    // effective line length is (bytes + 2). Must be rejected if
    // that exceeds 1000.
    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    // 999 bytes with no trailing CRLF → effective 1001 with CRLF.
    let mut message = Vec::new();
    message.extend_from_slice(b"Subject: Test\r\n\r\n");
    message.extend(std::iter::repeat(b'Y').take(999));

    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            &message,
            Duration::from_secs(1),
        )
        .await;

    assert!(
        result.is_err(),
        "trailing line exceeding 1000 octets (with CRLF) must be rejected"
    );
}

// ── RFC 5321 §4.5.3.1.6 — transparency dot excluded from line length ──

/// RFC 5321 Section 4.5.3.1.6: "The maximum total length of a text
/// line including the <CRLF> is 1000 octets (not counting the leading
/// dot duplicated for transparency)."
///
/// The transparency dot added by dot-stuffing (RFC 5321 Section 4.5.2)
/// is explicitly excluded from the limit. The 1000-octet check applies
/// to the raw (pre-stuffed) line length.
#[test]
fn test_dot_stuffing_transparency_dot_excluded_from_line_length() {
    // Case 1: A dot-prefixed line of exactly 1000 bytes raw
    // (including CRLF). The transparency dot is not counted, so
    // this is at the limit and must be accepted.
    //
    // "." + "a" * 997 + "\r\n" = 1000 bytes raw.
    let mut msg_at_limit = Vec::new();
    msg_at_limit.extend_from_slice(b"Subject: Test\r\n\r\n");
    msg_at_limit.push(b'.');
    msg_at_limit.extend(std::iter::repeat(b'a').take(997));
    msg_at_limit.extend_from_slice(b"\r\n");

    let dot_line_len = 1 + 997 + 2; // 1000 raw
    assert_eq!(
        dot_line_len, 1000,
        "test setup: raw line must be 1000 bytes"
    );

    let result = SmtpConnection::validate_data_message(&msg_at_limit);
    assert!(
        result.is_ok(),
        "a dot-prefixed line of 1000 bytes raw must be accepted because \
         the transparency dot is not counted \
         (RFC 5321 Section 4.5.3.1.6): {result:?}"
    );

    // Case 2: A dot-prefixed line of 1001 bytes raw exceeds the
    // limit and must be rejected.
    //
    // "." + "a" * 998 + "\r\n" = 1001 bytes raw.
    let mut msg_over_limit = Vec::new();
    msg_over_limit.extend_from_slice(b"Subject: Test\r\n\r\n");
    msg_over_limit.push(b'.');
    msg_over_limit.extend(std::iter::repeat(b'a').take(998));
    msg_over_limit.extend_from_slice(b"\r\n");

    let dot_line_len2 = 1 + 998 + 2; // 1001 raw
    assert_eq!(
        dot_line_len2, 1001,
        "test setup: raw line must be 1001 bytes"
    );

    let result = SmtpConnection::validate_data_message(&msg_over_limit);
    assert!(
        result.is_err(),
        "a dot-prefixed line of 1001 bytes raw must be rejected \
         (RFC 5321 Section 4.5.3.1.6)"
    );

    // Case 3: A non-dot line of exactly 1000 bytes (including CRLF)
    // is at the limit and must be accepted.
    //
    // "a" * 998 + "\r\n" = 1000 bytes.
    let mut msg_no_dot = Vec::new();
    msg_no_dot.extend_from_slice(b"Subject: Test\r\n\r\n");
    msg_no_dot.extend(std::iter::repeat(b'a').take(998));
    msg_no_dot.extend_from_slice(b"\r\n");

    let result = SmtpConnection::validate_data_message(&msg_no_dot);
    assert!(
        result.is_ok(),
        "a non-dot line of exactly 1000 bytes must be accepted: {result:?}"
    );
}

// ── RFC 5321 §4.5.3.1.6 — text line limit is 1000 octets including CRLF ──

/// RFC 5321 Section 4.5.3.1.6: "The maximum total length of a text
/// line including the <CRLF> is 1000 octets (not counting the leading
/// dot duplicated for transparency)."
///
/// A line of 998 content chars + CRLF = 1000 octets total. This is
/// exactly at the limit and must be accepted.
#[test]
fn text_line_exactly_1000_bytes_including_crlf_is_accepted() {
    // 998 content bytes + "\r\n" = 1000 bytes total (including CRLF).
    // RFC 5321 Section 4.5.3.1.6 allows up to 1000 octets including CRLF.
    let mut msg = Vec::new();
    msg.extend_from_slice(b"Subject: Test\r\n\r\n");
    msg.extend(std::iter::repeat(b'X').take(998));
    msg.extend_from_slice(b"\r\n");

    let result = SmtpConnection::validate_data_message(&msg);
    assert!(
        result.is_ok(),
        "a text line of exactly 1000 octets (998 content + CRLF) must be \
         accepted per RFC 5321 Section 4.5.3.1.6: {result:?}"
    );
}

/// RFC 5321 Section 4.5.3.1.6: a line of 999 content chars + CRLF =
/// 1001 octets total. This exceeds the 1000-octet limit and must be
/// rejected.
#[test]
fn text_line_1001_bytes_including_crlf_is_rejected() {
    // 999 content bytes + "\r\n" = 1001 bytes total.
    let mut msg = Vec::new();
    msg.extend_from_slice(b"Subject: Test\r\n\r\n");
    msg.extend(std::iter::repeat(b'X').take(999));
    msg.extend_from_slice(b"\r\n");

    let result = SmtpConnection::validate_data_message(&msg);
    assert!(
        result.is_err(),
        "a text line of 1001 octets (999 content + CRLF) must be rejected \
         per RFC 5321 Section 4.5.3.1.6"
    );
}

/// RFC 5321 Section 4.5.3.1.6: "not counting the leading dot
/// duplicated for transparency." A dot-prefixed line of 998 content
/// chars + CRLF = 1000 octets must be accepted, because the
/// transparency dot added during dot-stuffing is excluded from the
/// count.
#[test]
fn dot_prefixed_line_at_1000_bytes_is_accepted_transparency_dot_excluded() {
    // "." + "a" * 997 + "\r\n" = 1000 bytes raw content.
    // After dot-stuffing: ".." + "a" * 997 + "\r\n" = 1001 bytes on wire,
    // but RFC 5321 Section 4.5.3.1.6 says "not counting the leading dot
    // duplicated for transparency", so the limit applies to the 1000-byte
    // pre-stuffed form.
    let mut msg = Vec::new();
    msg.extend_from_slice(b"Subject: Test\r\n\r\n");
    msg.push(b'.');
    msg.extend(std::iter::repeat(b'a').take(997));
    msg.extend_from_slice(b"\r\n");

    let raw_line_len = 1 + 997 + 2;
    assert_eq!(
        raw_line_len, 1000,
        "test setup: raw line must be 1000 bytes"
    );

    let result = SmtpConnection::validate_data_message(&msg);
    assert!(
        result.is_ok(),
        "a dot-prefixed line of 1000 octets must be accepted because the \
         transparency dot is not counted per RFC 5321 Section 4.5.3.1.6: {result:?}"
    );
}

// ── RFC 1652 §1 / RFC 5321 §2.3.1 — 8-bit content requires 8BITMIME ──

#[tokio::test]
async fn send_rejects_8bit_content_without_8bitmime() {
    // RFC 1652 Section 1: "In the absence of this extension, an SMTP
    // client MUST NOT transmit 8-bit data in the mail body."
    // RFC 5321 Section 2.3.1: without 8BITMIME, SMTP is limited to
    // 7-bit content.
    //
    // When the server does NOT advertise 8BITMIME (or BINARYMIME),
    // messages containing bytes > 0x7F must be rejected before
    // transmission.
    let stream = mock_server(vec![]).await;
    // Server does NOT support 8BITMIME.
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    // Message with 8-bit UTF-8 content ("é" = 0xC3 0xA9).
    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            "Subject: Test\r\n\r\nHéllo\r\n".as_bytes(),
            Duration::from_secs(1),
        )
        .await;

    assert!(
        result.is_err(),
        "8-bit content must be rejected when server does not support \
         8BITMIME (RFC 1652 Section 1)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("8-bit") || msg.contains("8BITMIME") || msg.contains("7-bit"),
                "error should mention 8-bit content restriction: {msg}"
            );
        }
        other => panic!("expected Protocol error for 8-bit content, got: {other:?}"),
    }
}

#[tokio::test]
async fn send_allows_8bit_content_with_8bitmime_support() {
    // RFC 1652 Section 3: when the server advertises 8BITMIME,
    // 8-bit content is permitted in the message body.
    let stream = mock_interactive_server(vec![
        ("MAIL FROM:", "250 OK\r\n"),
        ("RCPT TO:", "250 OK\r\n"),
        ("DATA", "354 Start\r\n"),
        ("\r\n.\r\n", "250 OK\r\n"),
    ])
    .await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::EightBitMime],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            "Subject: Test\r\n\r\nHéllo\r\n".as_bytes(),
            Duration::from_secs(5),
        )
        .await;

    assert!(
        result.is_ok(),
        "8-bit content must be allowed when server supports 8BITMIME \
         (RFC 1652 Section 3): {result:?}"
    );
}

#[tokio::test]
async fn send_allows_7bit_content_without_8bitmime() {
    // RFC 5321 Section 2.3.1: 7-bit content is always permitted
    // regardless of server extensions.
    let stream = mock_interactive_server(vec![
        ("MAIL FROM:", "250 OK\r\n"),
        ("RCPT TO:", "250 OK\r\n"),
        ("DATA", "354 Start\r\n"),
        ("\r\n.\r\n", "250 OK\r\n"),
    ])
    .await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello world\r\n",
            Duration::from_secs(5),
        )
        .await;

    assert!(
        result.is_ok(),
        "7-bit content must always be allowed: {result:?}"
    );
}

#[tokio::test]
async fn send_lmtp_rejects_8bit_content_without_8bitmime() {
    // RFC 1652 Section 1: same 8-bit restriction applies to LMTP
    // DATA path.
    let stream = mock_server(vec![]).await;
    // Server does NOT support 8BITMIME.
    let conn = SmtpConnection::from_plain(stream, ServerCapabilities::default(), Protocol::Lmtp);

    let result = conn
        .send_lmtp(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            "Subject: Test\r\n\r\nHéllo\r\n".as_bytes(),
            None,
            Duration::from_secs(1),
        )
        .await;

    assert!(
        result.is_err(),
        "LMTP: 8-bit content must be rejected without 8BITMIME \
         (RFC 1652 Section 1)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("8-bit") || msg.contains("8BITMIME") || msg.contains("7-bit"),
                "error should mention 8-bit content restriction: {msg}"
            );
        }
        other => panic!("expected Protocol error for 8-bit content, got: {other:?}"),
    }
}

#[tokio::test]
async fn send_rejects_8bit_content_with_binarymime_without_8bitmime() {
    // RFC 6152 Section 3: 8-bit DATA requires the 8BITMIME keyword.
    // Advertising BINARYMIME alone does not permit 8-bit content on the
    // DATA path.
    let stream = mock_interactive_server(vec![
        ("MAIL FROM:", "250 OK\r\n"),
        ("RCPT TO:", "250 OK\r\n"),
        ("DATA", "354 Start\r\n"),
        ("\r\n.\r\n", "250 OK\r\n"),
    ])
    .await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::BinaryMime, SmtpExtension::Chunking],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            "Subject: Test\r\n\r\nHéllo\r\n".as_bytes(),
            Duration::from_secs(5),
        )
        .await;

    assert!(
        result.is_err(),
        "8-bit DATA must be rejected when the server omits 8BITMIME, \
         even if it advertises BINARYMIME: {result:?}"
    );
}

// ── RFC 4954 §4 — AUTH PLAIN may send an initial response directly ──

#[tokio::test]
async fn auth_plain_uses_initial_response_without_sasl_ir() {
    // RFC 4954 Section 4 defines SMTP AUTH as:
    //   AUTH mechanism [initial-response]
    // The initial response is part of the AUTH command syntax itself,
    // so the client should send it even when no legacy SASL-IR keyword
    // is advertised.
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = [0u8; 4096];

        // Read the AUTH command.
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0, "connection closed while waiting for AUTH");
            accumulated.extend_from_slice(&buf[..n]);
            let text = String::from_utf8_lossy(&accumulated);
            if text.contains("\r\n") {
                assert!(
                    text.starts_with("AUTH PLAIN ") && !text.starts_with("AUTH PLAIN\r\n"),
                    "RFC 4954 Section 4: AUTH PLAIN should include an \
                     initial response even without SASL-IR. Got: {text:?}"
                );
                break;
            }
        }

        // Respond with success.
        socket
            .write_all(b"235 2.7.0 Authentication successful\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Auth(vec![
            crate::types::AuthMechanism::Plain,
        ])],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .auth_plain("user", "pass", Duration::from_secs(5))
        .await;

    assert!(result.is_ok(), "auth_plain should succeed: {result:?}");
    server.await.unwrap();
}

#[tokio::test]
async fn auth_plain_uses_initial_response_with_sasl_ir() {
    // A legacy `SASL-IR` keyword does not change SMTP semantics:
    // RFC 4954 Section 4 already allows an AUTH initial response on
    // the command line. This test verifies we still send it when the
    // keyword is present.
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = [0u8; 4096];

        // Read the AUTH command.
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0, "connection closed while waiting for AUTH");
            accumulated.extend_from_slice(&buf[..n]);
            let text = String::from_utf8_lossy(&accumulated);
            if text.contains("\r\n") {
                // With SASL-IR, the command should be "AUTH PLAIN <base64>\r\n".
                assert!(
                    text.starts_with("AUTH PLAIN ") && !text.starts_with("AUTH PLAIN\r\n"),
                    "with SASL-IR, AUTH PLAIN must include the initial \
                     response (RFC 4954 Section 4). Got: {text:?}"
                );
                break;
            }
        }

        // Respond with success.
        socket
            .write_all(b"235 2.7.0 Authentication successful\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    // Server advertises the legacy SASL-IR keyword.
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::Auth(vec![crate::types::AuthMechanism::Plain]),
            SmtpExtension::SaslIr,
        ],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .auth_plain("user", "pass", Duration::from_secs(5))
        .await;

    assert!(result.is_ok(), "auth_plain should succeed: {result:?}");
    server.await.unwrap();
}

#[tokio::test]
async fn auth_plain_with_authzid_uses_initial_response_with_sasl_ir() {
    // RFC 4616 Section 2: PLAIN credentials are
    // authzid NUL authcid NUL passwd when an authorization identity
    // is supplied. RFC 4954 Section 4 allows AUTH PLAIN to carry that
    // full triplet on the AUTH line; a legacy SASL-IR keyword does
    // not change the wire format.
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = [0u8; 4096];
        let mut accumulated = Vec::new();

        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0, "connection closed while waiting for AUTH");
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("\r\n") {
                break;
            }
        }

        let line = String::from_utf8_lossy(&accumulated);
        assert!(
            line.starts_with("AUTH PLAIN "),
            "AUTH PLAIN must include an initial response. Got: {line:?}"
        );
        let b64 = line
            .strip_prefix("AUTH PLAIN ")
            .and_then(|s| s.strip_suffix("\r\n"))
            .expect("AUTH line should have base64 payload");
        let decoded = base64::engine::general_purpose::STANDARD
            .decode(b64)
            .expect("AUTH PLAIN payload must be valid base64");
        assert_eq!(
            decoded, b"admin@example.com\0user\0pass",
            "AUTH PLAIN with authzid must encode authzid NUL authcid NUL passwd \
             (RFC 4616 Section 2)"
        );

        socket
            .write_all(b"235 2.7.0 Authentication successful\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::Auth(vec![crate::types::AuthMechanism::Plain]),
            SmtpExtension::SaslIr,
        ],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .auth_plain_with_authzid("admin@example.com", "user", "pass", Duration::from_secs(5))
        .await;

    assert!(
        result.is_ok(),
        "AUTH PLAIN with authzid should succeed: {result:?}"
    );
    server.await.unwrap();
}

#[tokio::test]
async fn auth_plain_with_authzid_uses_initial_response_without_sasl_ir() {
    // RFC 4954 Section 4 allows AUTH PLAIN to carry an initial
    // response directly on the command line without a separate
    // SASL-IR advertisement. RFC 4616 Section 2 still requires the
    // payload to encode authzid NUL authcid NUL passwd.
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = [0u8; 4096];

        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0, "connection closed while waiting for AUTH");
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("\r\n") {
                break;
            }
        }
        let line = String::from_utf8_lossy(&accumulated);
        assert!(
            line.starts_with("AUTH PLAIN ") && !line.starts_with("AUTH PLAIN\r\n"),
            "RFC 4954 Section 4: AUTH PLAIN with authzid should include an \
             initial response even without SASL-IR. Got: {line:?}"
        );
        let b64 = line
            .strip_prefix("AUTH PLAIN ")
            .and_then(|s| s.strip_suffix("\r\n"))
            .expect("AUTH line should include a base64 payload");
        let decoded = base64::engine::general_purpose::STANDARD
            .decode(b64)
            .expect("AUTH PLAIN payload must be valid base64");
        assert_eq!(
            decoded, b"admin@example.com\0user\0pass",
            "AUTH PLAIN with authzid must encode authzid NUL authcid NUL passwd \
             (RFC 4616 Section 2)"
        );

        socket
            .write_all(b"235 2.7.0 Authentication successful\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Auth(vec![
            crate::types::AuthMechanism::Plain,
        ])],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .auth_plain_with_authzid("admin@example.com", "user", "pass", Duration::from_secs(5))
        .await;

    assert!(
        result.is_ok(),
        "AUTH PLAIN with authzid should succeed: {result:?}"
    );
    server.await.unwrap();
}

#[tokio::test]
async fn auth_plain_with_authzid_rejects_empty_authzid() {
    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Auth(vec![
            crate::types::AuthMechanism::Plain,
        ])],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .auth_plain_with_authzid("", "user", "pass", Duration::from_secs(1))
        .await;

    assert!(
        result.is_err(),
        "AUTH PLAIN with an explicit empty authzid must be rejected \
         (RFC 4616 Section 2: authzid = 1*SAFE)"
    );
}

#[tokio::test]
async fn auth_plain_with_authzid_rejects_nul_in_authzid() {
    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Auth(vec![
            crate::types::AuthMechanism::Plain,
        ])],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .auth_plain_with_authzid("admin\0example.com", "user", "pass", Duration::from_secs(1))
        .await;

    assert!(
        result.is_err(),
        "AUTH PLAIN authzid must reject embedded NUL delimiters \
         (RFC 4616 Section 2)"
    );
}

#[test]
fn build_plain_credentials_rejects_control_chars_in_username() {
    let result = SmtpConnection::build_plain_credentials(None, "us\ner", "pass");

    assert!(
        matches!(result, Err(Error::Protocol(ref msg)) if msg.contains("control")),
        "AUTH PLAIN authcid must reject control characters \
         (RFC 4616 Section 2 / StringPrep handling), got: {result:?}"
    );
}

#[test]
fn build_plain_credentials_rejects_control_chars_in_password() {
    let result = SmtpConnection::build_plain_credentials(None, "user", "pa\rss");

    assert!(
        matches!(result, Err(Error::Protocol(ref msg)) if msg.contains("control")),
        "AUTH PLAIN passwd must reject control characters \
         (RFC 4616 Section 2 / StringPrep handling), got: {result:?}"
    );
}

#[test]
fn ehlo_parses_sasl_ir_extension() {
    // Some SMTP servers advertise a legacy `SASL-IR` EHLO keyword.
    // The parser should preserve it for compatibility/introspection,
    // even though RFC 4954 does not require it for AUTH initial responses.
    let resp = SmtpResponse {
        code: 250,
        enhanced_code: None,
        lines: vec![
            "mail.example.com".into(),
            "AUTH PLAIN".into(),
            "SASL-IR".into(),
            "PIPELINING".into(),
        ],
    };
    let caps = SmtpConnection::parse_capabilities(&resp);
    assert!(
        caps.supports_sasl_ir(),
        "SASL-IR must be recognized as an EHLO extension"
    );
}

// ── RFC 5321 §4.1.1.1 — EHLO domain must be printable ASCII ──────

#[tokio::test]
async fn ehlo_rejects_empty_domain() {
    // RFC 5321 Section 4.1.1.1: the EHLO argument must be a Domain
    // or address-literal, both of which are non-empty by their ABNF
    // grammar. An empty EHLO domain must be rejected.
    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, ServerCapabilities::default(), Protocol::Smtp);
    let result = conn.set_ehlo_domain("").await;

    assert!(
        result.is_err(),
        "empty EHLO domain must be rejected (RFC 5321 Section 4.1.1.1)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("EHLO") || msg.contains("empty") || msg.contains("domain"),
                "error should mention EHLO domain: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

#[tokio::test]
async fn ehlo_rejects_non_ascii_domain() {
    // RFC 5321 Section 4.1.1.1: the EHLO argument is a Domain
    // (RFC 5321 Section 4.1.2) or address-literal, both restricted
    // to printable ASCII. Non-ASCII EHLO domains must be rejected
    // even when SMTPUTF8 is in use (RFC 6531 does not extend EHLO
    // domain syntax).
    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, ServerCapabilities::default(), Protocol::Smtp);
    let result = conn.set_ehlo_domain("ünïcödé.example.com").await;

    assert!(
        result.is_err(),
        "non-ASCII EHLO domain must be rejected (RFC 5321 Section 4.1.1.1)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("EHLO")
                    || msg.contains("printable")
                    || msg.contains("ASCII")
                    || msg.contains("RFC 5321"),
                "error should cite RFC 5321 domain rules: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

#[tokio::test]
async fn ehlo_rejects_control_char_in_domain() {
    // RFC 5321 Section 4.1.1.1: EHLO domain must not contain
    // control characters. NUL (0x00) is not part of the Domain
    // grammar.
    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, ServerCapabilities::default(), Protocol::Smtp);
    let result = conn.set_ehlo_domain("mail\x00.example.com").await;

    assert!(
        result.is_err(),
        "NUL byte in EHLO domain must be rejected (RFC 5321 Section 4.1.1.1)"
    );
}

// ── RFC 5321 §4.1.1.1 — set_ehlo_domain must validate eagerly ──

#[tokio::test]
async fn set_ehlo_domain_rejects_empty_eagerly() {
    // RFC 5321 Section 4.1.1.1: the EHLO argument must be non-empty.
    // set_ehlo_domain must validate eagerly and return Err for empty
    // domains, rather than deferring validation to ehlo().
    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, ServerCapabilities::default(), Protocol::Smtp);
    let result = conn.set_ehlo_domain("").await;
    assert!(
        result.is_err(),
        "set_ehlo_domain must reject empty domain eagerly \
         (RFC 5321 Section 4.1.1.1)"
    );
}

#[tokio::test]
async fn set_ehlo_domain_rejects_control_chars_eagerly() {
    // RFC 5321 Section 4.1.1.1: EHLO domain must be printable ASCII.
    // Control characters (including NUL, CR, LF) must be rejected
    // at set time, not deferred to ehlo().
    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, ServerCapabilities::default(), Protocol::Smtp);
    let result = conn.set_ehlo_domain("host\x00.example.com").await;
    assert!(
        result.is_err(),
        "set_ehlo_domain must reject NUL byte eagerly \
         (RFC 5321 Section 4.1.1.1)"
    );
}

#[tokio::test]
async fn set_ehlo_domain_rejects_non_ascii_eagerly() {
    // RFC 5321 Section 4.1.1.1 / RFC 6531: SMTPUTF8 does NOT extend
    // the EHLO domain syntax. Non-ASCII domains must be rejected.
    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, ServerCapabilities::default(), Protocol::Smtp);
    let result = conn.set_ehlo_domain("ünïcödé.example.com").await;
    assert!(
        result.is_err(),
        "set_ehlo_domain must reject non-ASCII domain eagerly \
         (RFC 5321 Section 4.1.1.1)"
    );
}

#[tokio::test]
async fn set_ehlo_domain_rejects_empty_label_eagerly() {
    // RFC 5321 Section 4.1.2: Domain = sub-domain *("." sub-domain).
    // Empty labels are not allowed, so "mail..example.com" must be
    // rejected at set time rather than deferred until EHLO.
    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, ServerCapabilities::default(), Protocol::Smtp);
    let result = conn.set_ehlo_domain("mail..example.com").await;
    assert!(
        result.is_err(),
        "set_ehlo_domain must reject empty labels eagerly \
         (RFC 5321 Section 4.1.2)"
    );
}

#[tokio::test]
async fn set_ehlo_domain_accepts_valid_domain() {
    // Valid printable ASCII domain must be accepted.
    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, ServerCapabilities::default(), Protocol::Smtp);
    let result = conn.set_ehlo_domain("mail.example.com").await;
    assert!(
        result.is_ok(),
        "set_ehlo_domain must accept valid domain: {:?}",
        result.unwrap_err()
    );
}

#[tokio::test]
async fn set_ehlo_domain_accepts_address_literal() {
    // RFC 5321 Section 4.1.1.1: address-literal form [127.0.0.1]
    // must be accepted.
    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, ServerCapabilities::default(), Protocol::Smtp);
    let result = conn.set_ehlo_domain("[127.0.0.1]").await;
    assert!(
        result.is_ok(),
        "set_ehlo_domain must accept address literal: {:?}",
        result.unwrap_err()
    );
}

#[test]
fn default_ehlo_domain_uses_address_literal_fallback() {
    // RFC 5321 Section 4.1.4: when the client cannot determine a
    // meaningful domain name, it SHOULD substitute an address-literal.
    let domain = default_ehlo_domain().expect("default EHLO domain must be valid");
    assert_eq!(domain.as_str(), "[127.0.0.1]");
}

// ── RFC 5321 §4.1.1.1 — rehlo re-issues EHLO mid-session ────────

/// RFC 5321 Section 4.1.1.1: "An EHLO command MAY be issued by a
/// client later in the session." After `set_ehlo_domain()`, the
/// client must be able to re-issue EHLO/LHLO so the server receives
/// the new domain and the client refreshes its capability snapshot.
#[tokio::test]
async fn rehlo_reissues_ehlo_with_new_domain() {
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = [0u8; 4096];

        // Wait for the first EHLO (sent during initial EHLO after connect).
        // The mock connection bypasses connect_inner so we send it manually.
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            if n == 0 {
                break;
            }
            accumulated.extend_from_slice(&buf[..n]);
            let text = String::from_utf8_lossy(&accumulated);
            if text.contains("EHLO ") && text.contains("\r\n") {
                // First EHLO received — verify it uses the new domain.
                assert!(
                    text.contains("EHLO client.example.com"),
                    "rehlo must send EHLO with the updated domain \
                     (RFC 5321 Section 4.1.1.1). Got: {text}"
                );
                break;
            }
        }

        // Respond with capabilities including CHUNKING (new capability).
        socket
            .write_all(
                b"250-mail.example.com\r\n\
                  250-PIPELINING\r\n\
                  250 CHUNKING\r\n",
            )
            .await
            .unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    // Start with no CHUNKING in capabilities.
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Pipelining],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    // Verify CHUNKING is NOT supported before rehlo.
    assert!(
        !conn.capabilities().await.supports_chunking(),
        "pre-condition: CHUNKING must not be supported before rehlo"
    );

    // Set a new EHLO domain.
    conn.set_ehlo_domain("client.example.com").await.unwrap();

    // Re-issue EHLO to refresh capabilities (RFC 5321 Section 4.1.1.1).
    let result = conn.rehlo(Duration::from_secs(5)).await;
    assert!(result.is_ok(), "rehlo must succeed: {result:?}");

    // After rehlo, the capabilities must be refreshed.
    assert!(
        conn.capabilities().await.supports_chunking(),
        "rehlo must refresh capabilities — CHUNKING must now be supported \
         (RFC 5321 Section 4.1.1.1)"
    );

    server.await.unwrap();
}

// ── RFC 5321 §4.1.4 — rehlo uses HELO after HELO fallback ──────

/// RFC 5321 Section 4.1.4: once the session has fallen back to HELO
/// (because the server rejected EHLO), subsequent `rehlo` calls must
/// continue using HELO rather than re-attempting EHLO.
#[tokio::test]
async fn rehlo_uses_helo_after_helo_fallback() {
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = [0u8; 4096];

        // Server greeting.
        socket
            .write_all(b"220 legacy.server.com SMTP\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // Read initial EHLO — reject it.
        let n = socket.read(&mut buf).await.unwrap();
        let cmd = String::from_utf8_lossy(&buf[..n]);
        assert!(
            cmd.starts_with("EHLO "),
            "client should try EHLO first, got: {cmd}"
        );
        socket
            .write_all(b"502 Command not implemented\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // Read HELO fallback.
        let n = socket.read(&mut buf).await.unwrap();
        let cmd = String::from_utf8_lossy(&buf[..n]);
        assert!(
            cmd.starts_with("HELO "),
            "client must fall back to HELO: {cmd}"
        );
        socket
            .write_all(b"250 legacy.server.com\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // Now wait for rehlo — it MUST be HELO, not EHLO.
        let n = socket.read(&mut buf).await.unwrap();
        let cmd = String::from_utf8_lossy(&buf[..n]);
        assert!(
            cmd.starts_with("HELO "),
            "rehlo must send HELO (not EHLO) after HELO fallback \
             (RFC 5321 Section 4.1.4). Got: {cmd}"
        );
        socket
            .write_all(b"250 legacy.server.com\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let conn = SmtpConnection::connect(
        "127.0.0.1",
        addr.port(),
        TlsMode::None,
        Duration::from_secs(5),
    )
    .await
    .unwrap();

    // rehlo after HELO fallback — must send HELO, not EHLO.
    conn.rehlo(Duration::from_secs(5)).await.unwrap();

    server.await.unwrap();
}

/// RFC 5321 Section 4.1.1.1: when the client has no meaningful domain
/// name, it SHOULD send an address-literal. That identity must still be
/// usable after the session has fallen back to HELO.
#[tokio::test]
async fn rehlo_uses_helo_with_address_literal_after_helo_fallback() {
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = [0u8; 4096];

        let n = socket.read(&mut buf).await.unwrap();
        let cmd = String::from_utf8_lossy(&buf[..n]);
        assert!(
            cmd.starts_with("HELO [127.0.0.1]\r\n"),
            "rehlo must preserve the configured address-literal in HELO fallback mode. Got: {cmd}"
        );

        socket
            .write_all(b"250 legacy.server.com\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(50)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    let conn = SmtpConnection::from_plain(stream, ServerCapabilities::default(), Protocol::Smtp);

    conn.set_ehlo_domain("[127.0.0.1]").await.unwrap();
    {
        let mut inner = conn.inner.lock().await;
        inner.helo_mode = true;
    }

    let result = conn.rehlo(Duration::from_secs(5)).await;
    assert!(
        result.is_ok(),
        "HELO fallback must accept configured address-literals: {result:?}"
    );

    server.await.unwrap();
}

// ── RFC 3030 §2 — BINARYMIME requires CHUNKING ──────────────────

#[tokio::test]
async fn validate_params_rejects_binarymime_without_chunking() {
    // RFC 3030 Section 2: "BINARYMIME MUST be used in conjunction
    // with the CHUNKING service extension." validate_params must
    // reject BODY=BINARYMIME when the server advertises BINARYMIME
    // but NOT CHUNKING. This is a defense-in-depth check — all
    // public BDAT paths also check for CHUNKING independently.
    use crate::types::{BodyType, MailFromParams};

    let stream = mock_server(vec![]).await;
    // Server advertises BINARYMIME but NOT CHUNKING — a server
    // misconfiguration that the client must still reject.
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::BinaryMime],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        body: Some(BodyType::BinaryMime),
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;

    assert!(
        result.is_err(),
        "BODY=BINARYMIME without CHUNKING must be rejected (RFC 3030 Section 2)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("CHUNKING"),
                "error should mention CHUNKING: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

// ── RFC 1870 §5 — SIZE must exclude dot-stuffing overhead (pipelined) ──

#[tokio::test]
async fn size_param_excludes_dot_stuffing_overhead() {
    // RFC 1870 Section 5: "The message size is defined as the
    // number of octets, including CR-LF pairs, but not the SMTP
    // DATA command's terminating dot or doubled quoting dots."
    // The SIZE parameter must use the raw message size, excluding
    // dot-stuffing overhead.
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    // Message with lines starting with '.' — dot-stuffing adds
    // extra bytes that SIZE must include.
    let message = b"Subject: Test\r\n\r\n.line1\r\n.line2\r\n";
    let raw_len = message.len();
    let stuffed_len = encode::dot_stuff(message).len();
    assert!(
        stuffed_len > raw_len,
        "test setup: stuffed size ({stuffed_len}) must exceed \
         raw size ({raw_len})"
    );

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = vec![0u8; 4096];

        // Wait for MAIL FROM and capture SIZE value.
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0);
            accumulated.extend_from_slice(&buf[..n]);
            let text = String::from_utf8_lossy(&accumulated);
            if text.contains("MAIL FROM:") {
                let size_idx = text.find("SIZE=").expect(
                    "MAIL FROM must include SIZE= when server \
                     advertises SIZE",
                );
                let after_size = &text[size_idx + 5..];
                let size_str: String = after_size
                    .chars()
                    .take_while(char::is_ascii_digit)
                    .collect();
                let declared_size: usize = size_str.parse().unwrap();
                // RFC 1870 Section 5: SIZE must be the raw message
                // size, not the dot-stuffed wire size.
                assert_eq!(
                    declared_size, raw_len,
                    "RFC 1870 Section 5: SIZE must be the raw message \
                     size ({raw_len}), not the dot-stuffed wire \
                     size ({stuffed_len}). Got: {declared_size}"
                );
                break;
            }
        }

        // Complete the transaction.
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("RCPT TO:") {
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("DATA") {
                break;
            }
        }
        socket.write_all(b"354 Start\r\n").await.unwrap();
        socket.flush().await.unwrap();
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("\r\n.\r\n") {
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Size(None)],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            message,
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_ok(), "send failed: {result:?}");
    server.await.unwrap();
}

// ── RFC 1870 §5 / §4 — size limit check must use raw message size ──

#[tokio::test]
async fn size_limit_check_uses_raw_message_size() {
    // RFC 1870 Section 5: "The message size is defined as the number
    // of octets, including CR-LF pairs, but not the SMTP DATA
    // command's terminating dot or doubled quoting dots."
    // RFC 1870 Section 4: the size limit check must compare the
    // raw message size (excluding dot-stuffing) against the server's
    // limit.
    let stream = mock_server(vec![]).await;

    // Message: every line starts with '.', maximizing dot-stuffing.
    // 5 lines of ".X\r\n" = 20 bytes raw, 25 bytes dot-stuffed.
    let message = b".X\r\n.X\r\n.X\r\n.X\r\n.X\r\n";
    let raw_len = message.len(); // 20 bytes

    // Server limit is below the raw message size, so it must be
    // rejected based on raw size (not dot-stuffed size).
    let limit = raw_len - 1;

    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Size(Some(limit as u64))],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            message,
            Duration::from_secs(5),
        )
        .await;

    assert!(
        result.is_err(),
        "RFC 1870 Section 5 / Section 4: raw message \
         ({raw_len} bytes) exceeds server limit ({limit} bytes); \
         must be rejected"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("SIZE") && msg.contains("exceeds"),
                "error must mention SIZE limit: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

// ── RFC 3207 §4 — STARTTLS must accept only 220, not any 2xx ─────

#[tokio::test]
async fn starttls_rejects_non_220_success_code() {
    // RFC 3207 Section 4: the only valid success response to
    // STARTTLS is 220. Other 2xx codes (e.g. 250) are not valid
    // and must be treated as errors.
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        // Server greeting.
        socket
            .write_all(b"220 mail.example.com ESMTP\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // Read EHLO.
        let mut buf = [0u8; 4096];
        let _ = socket.read(&mut buf).await.unwrap();

        // EHLO response with STARTTLS.
        socket
            .write_all(b"250-mail.example.com\r\n250 STARTTLS\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // Read STARTTLS command.
        let _ = socket.read(&mut buf).await.unwrap();

        // Respond with 250 instead of 220 — invalid per RFC 3207 §4.
        socket.write_all(b"250 Go ahead\r\n").await.unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(500)).await;
    });

    let result = SmtpConnection::connect(
        "127.0.0.1",
        addr.port(),
        TlsMode::StartTls,
        Duration::from_secs(5),
    )
    .await;

    // The error must be a Protocol error about the invalid response
    // code, NOT an I/O error from a failed TLS handshake (which
    // would mean the code incorrectly proceeded to TLS negotiation
    // after a non-220 response).
    match result {
        Ok(_) => panic!("STARTTLS with non-220 must fail"),
        Err(Error::Protocol(msg)) => {
            assert!(
                msg.contains("220") || msg.contains("STARTTLS"),
                "error should mention 220 or STARTTLS: {msg}"
            );
        }
        Err(other) => panic!(
            "STARTTLS with non-220 response (250) must produce a \
             Protocol error, not {other:?} (RFC 3207 Section 4)"
        ),
    }
}

// ── RFC 5321 §4.1.2 / RFC 6531 §3.3 — non-ASCII address validation ──

#[tokio::test]
async fn non_ascii_sender_rejected_without_smtputf8() {
    // RFC 5321 Section 4.1.2: SMTP mailbox addresses use the `Mailbox`
    // grammar which is restricted to 7-bit ASCII. Non-ASCII addresses
    // require the SMTPUTF8 extension (RFC 6531 Section 3.3).
    // The raw send APIs should surface the dedicated SMTPUTF8 error,
    // just like send().
    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("ünïcödé@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello",
            Duration::from_secs(1),
        )
        .await;

    assert!(
        result.is_err(),
        "non-ASCII sender without SMTPUTF8 must be rejected"
    );
    assert!(
        matches!(result, Err(Error::SmtpUtf8Required)),
        "expected Error::SmtpUtf8Required, got: {result:?}"
    );
}

#[tokio::test]
async fn non_ascii_recipient_rejected_without_smtputf8() {
    // RFC 5321 Section 4.1.2: recipient addresses must also be 7-bit
    // ASCII unless the SMTPUTF8 extension is in use (RFC 6531 Section 3.3).
    // The raw send APIs should surface the dedicated SMTPUTF8 error,
    // just like send().
    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("ünïcödé@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello",
            Duration::from_secs(1),
        )
        .await;

    assert!(
        result.is_err(),
        "non-ASCII recipient without SMTPUTF8 must be rejected"
    );
    assert!(
        matches!(result, Err(Error::SmtpUtf8Required)),
        "expected Error::SmtpUtf8Required, got: {result:?}"
    );
}

#[tokio::test]
async fn non_ascii_address_allowed_with_smtputf8() {
    // RFC 6531 Section 3.3: when SMTPUTF8 is active, non-ASCII
    // addresses are permitted in MAIL FROM and RCPT TO.
    use crate::types::MailFromParams;

    let stream = mock_interactive_server(vec![
        ("MAIL FROM:", "250 OK\r\n"),
        ("RCPT TO:", "250 OK\r\n"),
        ("DATA", "354 Start\r\n"),
        ("\r\n.\r\n", "250 OK\r\n"),
    ])
    .await;
    // RFC 6531 Section 3.2: a compliant SMTPUTF8 server MUST also
    // support 8BITMIME. Include both extensions to model a valid server.
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::SmtpUtf8, SmtpExtension::EightBitMime],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        smtputf8: true,
        ..Default::default()
    };
    let result = conn
        .send_with_params(
            &ReversePath::new("ünïcödé@example.com").unwrap(),
            &[ForwardPath::new("réçîpïënt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello",
            Some(&params),
            Duration::from_secs(5),
        )
        .await;

    assert!(
        result.is_ok(),
        "non-ASCII addresses with SMTPUTF8 must succeed: {result:?}"
    );
}

// ── RFC 5321 §4.1.2 / RFC 6531 §3.3 — send_lmtp_bdat must reject non-ASCII ──

#[tokio::test]
async fn send_lmtp_bdat_rejects_non_ascii_sender_without_smtputf8() {
    // RFC 5321 Section 4.1.2 / RFC 6531 Section 3.3: addresses must
    // be 7-bit ASCII unless the SMTPUTF8 extension is active.
    // send_lmtp_bdat must validate this, just like send_bdat, send,
    // and send_lmtp do. The raw send APIs should surface the dedicated
    // SMTPUTF8 error, just like send().
    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Chunking],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Lmtp);

    let result = conn
        .send_lmtp_bdat(
            &ReversePath::new("sénder@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Hello",
            None,
            Duration::from_secs(1),
        )
        .await;

    assert!(
        result.is_err(),
        "send_lmtp_bdat must reject non-ASCII sender without SMTPUTF8 \
         (RFC 5321 Section 4.1.2 / RFC 6531 Section 3.3)"
    );
    assert!(
        matches!(result, Err(Error::SmtpUtf8Required)),
        "expected Error::SmtpUtf8Required, got: {result:?}"
    );
}

#[tokio::test]
async fn send_lmtp_bdat_rejects_non_ascii_recipient_without_smtputf8() {
    // RFC 5321 Section 4.1.2 / RFC 6531 Section 3.3: recipient
    // addresses must also be validated for ASCII-only characters
    // when SMTPUTF8 is not active. The raw send APIs should surface
    // the dedicated SMTPUTF8 error, just like send().
    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Chunking],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Lmtp);

    let result = conn
        .send_lmtp_bdat(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("réçîpïënt@example.com").unwrap()],
            b"Hello",
            None,
            Duration::from_secs(1),
        )
        .await;

    assert!(
        result.is_err(),
        "send_lmtp_bdat must reject non-ASCII recipient without SMTPUTF8 \
         (RFC 5321 Section 4.1.2 / RFC 6531 Section 3.3)"
    );
    assert!(
        matches!(result, Err(Error::SmtpUtf8Required)),
        "expected Error::SmtpUtf8Required, got: {result:?}"
    );
}

// ── RFC 5321 §4.1.2 — control characters in addresses ─────────────

#[test]
fn reverse_path_rejects_null_byte_in_sender() {
    // RFC 5321 Section 4.1.2 / RFC 5322 Section 3.2.3: the Mailbox
    // grammar restricts addresses to printable ASCII (atext: 0x21-0x7E).
    // NUL bytes (0x00) and other control characters are not valid.
    let result = ReversePath::new("user\x00@example.com");
    assert!(
        result.is_err(),
        "NUL byte in sender address must be rejected (RFC 5321 Section 4.1.2)"
    );
}

#[test]
fn forward_path_rejects_control_char_in_recipient() {
    // RFC 5321 Section 4.1.2: DEL (0x7F) is a control character
    // not in the atext grammar. Must be rejected.
    let result = ForwardPath::new("user\x7F@example.com");
    assert!(
        result.is_err(),
        "DEL (0x7F) in recipient address must be rejected (RFC 5321 Section 4.1.2)"
    );
}

// ── RFC 5321 §4.1.2 — angle brackets break Path delimiter syntax ────

#[test]
fn reverse_path_rejects_angle_bracket_in_sender() {
    // RFC 5321 Section 4.1.2: Path = "<" Mailbox ">". If the address
    // itself contains '>', the encoded command "MAIL FROM:<addr>" is
    // malformed — the server would see a premature end of the path.
    let result = ReversePath::new("user>@example.com");
    assert!(
        result.is_err(),
        "'>' in sender address must be rejected (RFC 5321 Section 4.1.2)"
    );
}

#[test]
fn forward_path_rejects_angle_bracket_in_recipient() {
    // RFC 5321 Section 4.1.2: Path = "<" Mailbox ">". A '<' in the
    // address would create nested angle brackets.
    let result = ForwardPath::new("user<name@example.com");
    assert!(
        result.is_err(),
        "'<' in recipient address must be rejected (RFC 5321 Section 4.1.2)"
    );
}

// BDAT angle bracket test is covered by ReversePath constructor above —
// the same validation applies regardless of the send path
// (RFC 5321 Section 4.1.2).

// ── RFC 4954 §6 — two-step AUTH must cancel on 334 after credentials ──

#[tokio::test]
async fn auth_plain_two_step_cancels_on_334_after_credentials() {
    // RFC 4954 Section 6: "If the client wishes to cancel an
    // authentication exchange, it issues a line with a single '*'."
    //
    // In the two-step AUTH PLAIN flow, if the server responds to the
    // credentials with a 334 challenge instead of 235/5xx, the client
    // must send "*\r\n" to cancel the SASL exchange. Without
    // cancellation, the session remains stuck in AUTH state and
    // subsequent commands are misinterpreted as continuation data.
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = [0u8; 4096];

        // Read "AUTH PLAIN\r\n" from the explicit two-step helper.
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0, "connection closed while waiting for AUTH");
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("\r\n") {
                break;
            }
        }

        // Send 334 challenge (expected in two-step).
        socket.write_all(b"334\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // Read base64 credentials.
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0, "connection closed while waiting for credentials");
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("\r\n") {
                break;
            }
        }

        // Respond with 334 (unexpected challenge after credentials).
        socket.write_all(b"334 Y2hhbGxlbmdl\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // Client must send "*\r\n" to cancel the SASL exchange
        // (RFC 4954 Section 6).
        accumulated.clear();
        let cancel_received = tokio::time::timeout(Duration::from_secs(3), async {
            loop {
                let n = socket.read(&mut buf).await.unwrap();
                if n == 0 {
                    return false;
                }
                accumulated.extend_from_slice(&buf[..n]);
                let text = String::from_utf8_lossy(&accumulated);
                if text.contains('*') {
                    return true;
                }
            }
        })
        .await;

        assert!(
            matches!(cancel_received, Ok(true)),
            "two-step AUTH PLAIN must send '*' to cancel after \
             unexpected 334 challenge (RFC 4954 Section 6): \
             cancel_received={cancel_received:?}"
        );

        // Server responds to cancellation with 535.
        socket
            .write_all(b"535 5.7.8 Authentication failed\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    // Minimal AUTH capabilities are sufficient because the test calls
    // the shared two-step helper directly.
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Auth(vec![
            crate::types::AuthMechanism::Plain,
        ])],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);
    let encoded_creds = SmtpConnection::build_plain_credentials(None, "user", "pass").unwrap();

    let result = {
        let mut inner = conn.inner.lock().await;
        SmtpConnection::auth_two_step(&mut inner, "PLAIN", &encoded_creds, b"*\r\n").await
    };

    assert!(result.is_err(), "auth must fail on unexpected 334");
    match result.unwrap_err() {
        Error::Auth { response, .. } => {
            assert_eq!(
                response.code, 535,
                "after cancelling the 334, the final error must be the \
                 server's 535 reply (RFC 4954 Section 6)"
            );
        }
        other => panic!("expected Auth error, got: {other:?}"),
    }

    server.await.unwrap();
}

#[tokio::test]
async fn auth_xoauth2_two_step_cancels_on_334_after_credentials() {
    // RFC 4954 Section 6: same cancellation rule applies to the
    // two-step AUTH XOAUTH2 flow. Google's XOAUTH2 implementation
    // sends a 334 with base64-encoded error JSON when auth fails.
    // The client must send "*\r\n" to cancel before reading the
    // final 535 error.
    use base64::Engine;
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = [0u8; 4096];

        // Read "AUTH XOAUTH2\r\n" from the explicit two-step helper.
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0, "connection closed while waiting for AUTH");
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("\r\n") {
                break;
            }
        }

        // Send 334 challenge.
        socket.write_all(b"334\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // Read base64 XOAUTH2 token.
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0, "connection closed while waiting for token");
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("\r\n") {
                break;
            }
        }

        // Respond with 334 error detail (Google XOAUTH2 pattern).
        socket
            .write_all(b"334 eyJzdGF0dXMiOiI0MDEifQ==\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // Client must send "*\r\n" to cancel.
        accumulated.clear();
        let cancel_received = tokio::time::timeout(Duration::from_secs(3), async {
            loop {
                let n = socket.read(&mut buf).await.unwrap();
                if n == 0 {
                    return false;
                }
                accumulated.extend_from_slice(&buf[..n]);
                let text = String::from_utf8_lossy(&accumulated);
                if text.contains('*') {
                    return true;
                }
            }
        })
        .await;

        assert!(
            matches!(cancel_received, Ok(true)),
            "two-step AUTH XOAUTH2 must send '*' to cancel after \
             334 error detail (RFC 4954 Section 6): \
             cancel_received={cancel_received:?}"
        );

        socket
            .write_all(b"535 5.7.8 Authentication failed\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    // Minimal AUTH capabilities are sufficient because the test calls
    // the shared two-step helper directly.
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Auth(vec![
            crate::types::AuthMechanism::XOAuth2,
        ])],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);
    let encoded_creds = base64::engine::general_purpose::STANDARD
        .encode(b"user=user@example.com\x01auth=Bearer token\x01\x01");

    let result = {
        let mut inner = conn.inner.lock().await;
        SmtpConnection::auth_two_step(&mut inner, "XOAUTH2", &encoded_creds, b"*\r\n").await
    };

    assert!(result.is_err(), "auth must fail on 334 error detail");
    match result.unwrap_err() {
        Error::Auth { response, .. } => {
            assert_eq!(
                response.code, 535,
                "after cancelling the 334, the final error must be 535"
            );
        }
        other => panic!("expected Auth error, got: {other:?}"),
    }

    server.await.unwrap();
}

#[test]
fn reverse_path_rejects_control_char_even_with_smtputf8_intent() {
    // RFC 6531 Section 3.3 extends Mailbox to allow UTF-8 but does
    // NOT permit ASCII control characters. NUL (0x00) must still be
    // rejected by the ReversePath constructor regardless of SMTPUTF8.
    let result = ReversePath::new("user\x00@example.com");
    assert!(
        result.is_err(),
        "NUL byte in sender must be rejected even with SMTPUTF8 intent \
         (RFC 6531 Section 3.3 does not permit control characters)"
    );
}

// ── RFC 4954 §3 — AUTH mechanism must be advertised by server ──────

#[tokio::test]
async fn auth_plain_rejects_unadvertised_mechanism() {
    // RFC 4954 Section 3: "An SMTP client MUST NOT use an AUTH
    // mechanism unless the name of the SASL mechanism has been
    // advertised to the client." auth_plain() must verify that
    // PLAIN is listed in the server's AUTH capabilities before
    // sending the AUTH command.
    let stream = mock_server(vec![]).await;
    // Server does NOT advertise AUTH PLAIN — only XOAUTH2.
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::Auth(vec![crate::types::AuthMechanism::XOAuth2]),
            SmtpExtension::SaslIr,
        ],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .auth_plain("user", "pass", Duration::from_secs(1))
        .await;

    assert!(
        result.is_err(),
        "AUTH PLAIN must be rejected when server does not advertise \
         PLAIN (RFC 4954 Section 3)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("PLAIN") || msg.contains("AUTH") || msg.contains("advertis"),
                "error should mention unadvertised mechanism: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

#[tokio::test]
async fn auth_xoauth2_rejects_unadvertised_mechanism() {
    // RFC 4954 Section 3: same requirement for XOAUTH2.
    let stream = mock_server(vec![]).await;
    // Server advertises AUTH PLAIN but NOT XOAUTH2.
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::Auth(vec![crate::types::AuthMechanism::Plain]),
            SmtpExtension::SaslIr,
        ],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .auth_xoauth2("user", "token", Duration::from_secs(1))
        .await;

    assert!(
        result.is_err(),
        "AUTH XOAUTH2 must be rejected when server does not advertise \
         XOAUTH2 (RFC 4954 Section 3)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("XOAUTH2") || msg.contains("AUTH") || msg.contains("advertis"),
                "error should mention unadvertised mechanism: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

#[tokio::test]
async fn auth_plain_rejects_when_no_auth_extension() {
    // RFC 4954 Section 3: if the server does not advertise AUTH at
    // all, all AUTH mechanisms must be rejected.
    let stream = mock_server(vec![]).await;
    // No AUTH extension at all.
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Pipelining],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .auth_plain("user", "pass", Duration::from_secs(1))
        .await;

    assert!(
        result.is_err(),
        "AUTH PLAIN must be rejected when server does not advertise \
         any AUTH extension (RFC 4954 Section 3)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("PLAIN") || msg.contains("AUTH") || msg.contains("advertis"),
                "error should mention unadvertised mechanism: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

// ── RFC 4616 §2 — authcid and passwd must not be empty ─────────────

#[tokio::test]
async fn auth_plain_rejects_empty_username() {
    // RFC 4616 Section 2: authcid = 1*SAFE — the authentication
    // identity must be at least one character. An empty username
    // produces an invalid SASL PLAIN message (\0\0pass).
    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::Auth(vec![crate::types::AuthMechanism::Plain]),
            SmtpExtension::SaslIr,
        ],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn.auth_plain("", "pass", Duration::from_secs(1)).await;

    assert!(
        result.is_err(),
        "AUTH PLAIN with empty username must be rejected (RFC 4616 Section 2)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("empty") || msg.contains("username"),
                "error should mention empty username: {msg}"
            );
        }
        other => panic!("expected Protocol error for empty username, got: {other:?}"),
    }
}

#[tokio::test]
async fn auth_plain_rejects_empty_password() {
    // RFC 4616 Section 2: passwd = 1*SAFE — the password must be
    // at least one character. An empty password produces an invalid
    // SASL PLAIN message (\0user\0).
    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::Auth(vec![crate::types::AuthMechanism::Plain]),
            SmtpExtension::SaslIr,
        ],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn.auth_plain("user", "", Duration::from_secs(1)).await;

    assert!(
        result.is_err(),
        "AUTH PLAIN with empty password must be rejected (RFC 4616 Section 2)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("empty") || msg.contains("password"),
                "error should mention empty password: {msg}"
            );
        }
        other => panic!("expected Protocol error for empty password, got: {other:?}"),
    }
}

// ── RFC 4616 §2 — NUL byte in credentials corrupts SASL PLAIN ──

#[tokio::test]
async fn auth_plain_rejects_nul_in_username() {
    // RFC 4616 Section 2: authcid = 1*SAFE, where SAFE excludes NUL
    // (UTF1 = %x01-7F). A NUL byte in the username would act as a
    // SASL PLAIN delimiter, corrupting the credential encoding:
    // the server would split on the wrong NUL and authenticate
    // with a truncated/wrong identity.
    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::Auth(vec![crate::types::AuthMechanism::Plain]),
            SmtpExtension::SaslIr,
        ],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .auth_plain("user\0evil", "pass", Duration::from_secs(1))
        .await;

    assert!(
        result.is_err(),
        "AUTH PLAIN must reject username containing NUL byte (RFC 4616 Section 2)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(msg.contains("NUL"), "error should mention NUL byte: {msg}");
        }
        other => panic!("expected Protocol error for NUL in username, got: {other:?}"),
    }
}

#[tokio::test]
async fn auth_plain_rejects_nul_in_password() {
    // RFC 4616 Section 2: passwd = 1*SAFE, where SAFE excludes NUL
    // (UTF1 = %x01-7F). A NUL byte in the password would corrupt
    // the SASL PLAIN message by introducing a spurious delimiter.
    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::Auth(vec![crate::types::AuthMechanism::Plain]),
            SmtpExtension::SaslIr,
        ],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .auth_plain("user", "pass\0word", Duration::from_secs(1))
        .await;

    assert!(
        result.is_err(),
        "AUTH PLAIN must reject password containing NUL byte (RFC 4616 Section 2)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(msg.contains("NUL"), "error should mention NUL byte: {msg}");
        }
        other => panic!("expected Protocol error for NUL in password, got: {other:?}"),
    }
}

// ── XOAUTH2 — SOH delimiter in credentials corrupts SASL string ──

#[tokio::test]
async fn auth_xoauth2_rejects_soh_in_username() {
    // Google XOAUTH2 uses SOH (\x01) as the SASL string delimiter:
    // "user=<user>\x01auth=Bearer <token>\x01\x01". A SOH byte in
    // the username would corrupt the SASL encoding by introducing
    // a spurious delimiter.
    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::Auth(vec![crate::types::AuthMechanism::XOAuth2]),
            SmtpExtension::SaslIr,
        ],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .auth_xoauth2("user\x01evil", "token", Duration::from_secs(1))
        .await;

    assert!(
        result.is_err(),
        "AUTH XOAUTH2 must reject username containing SOH byte"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("SOH") || msg.contains("0x01"),
                "error should mention SOH/0x01: {msg}"
            );
        }
        other => panic!("expected Protocol error for SOH in username, got: {other:?}"),
    }
}

#[tokio::test]
async fn auth_xoauth2_rejects_soh_in_token() {
    // A SOH (\x01) byte in the token would corrupt the XOAUTH2
    // SASL string by introducing a spurious delimiter, terminating
    // the "auth=Bearer ..." field early.
    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::Auth(vec![crate::types::AuthMechanism::XOAuth2]),
            SmtpExtension::SaslIr,
        ],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .auth_xoauth2("user", "token\x01bad", Duration::from_secs(1))
        .await;

    assert!(
        result.is_err(),
        "AUTH XOAUTH2 must reject token containing SOH byte"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("SOH") || msg.contains("0x01"),
                "error should mention SOH/0x01: {msg}"
            );
        }
        other => panic!("expected Protocol error for SOH in token, got: {other:?}"),
    }
}

// ── RFC 4954 §12 — auth-response line must not exceed 12288 octets ──

#[tokio::test]
async fn auth_plain_two_step_rejects_overlong_credentials() {
    // RFC 4954 Section 12: "auth-response = *(VCHAR / '=') CRLF
    // ; maximum 12288 octets excluding CRLF"
    // When base64-encoded credentials exceed 12288 octets, the
    // two-step AUTH exchange must reject them.
    // The server sends 334 (challenge), then the client cancels
    // with "*\r\n", and the server responds with 501.
    let stream = mock_server(vec!["334\r\n", "501 Authentication cancelled\r\n"]).await;
    // Very long credentials: ~9KB user + ~9KB pass → base64 >> 12288 octets
    let long_user = "u".repeat(7000);
    let long_pass = "p".repeat(7000);

    // Verify test setup: base64 of "\0{user}\0{pass}" must exceed 12288.
    use base64::Engine;
    let mut creds = Vec::with_capacity(2 + long_user.len() + long_pass.len());
    creds.push(0);
    creds.extend_from_slice(long_user.as_bytes());
    creds.push(0);
    creds.extend_from_slice(long_pass.as_bytes());
    let encoded_len = base64::engine::general_purpose::STANDARD
        .encode(&creds)
        .len();
    assert!(
        encoded_len > 12288,
        "test setup: base64 credentials must exceed 12288 octets, got {encoded_len}"
    );

    // The auth-response itself exceeds RFC 4954's 12288-octet limit,
    // so the test exercises the two-step error path.
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Auth(vec![
            crate::types::AuthMechanism::Plain,
        ])],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .auth_plain(&long_user, &long_pass, Duration::from_secs(5))
        .await;

    assert!(
        result.is_err(),
        "auth-response exceeding 12288 octets must be rejected \
         (RFC 4954 Section 12)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("12288") || msg.contains("auth-response"),
                "error should mention 12288-octet limit: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

#[tokio::test]
async fn auth_login_rejects_overlong_username() {
    // RFC 4954 Section 12: "auth-response = *(VCHAR / '=') CRLF
    // ; maximum 12288 octets excluding CRLF"
    // When the base64-encoded username exceeds 12288 octets, the
    // AUTH LOGIN exchange must cancel with "*\r\n" and return an error.
    //
    // The mock server sends:
    // 1. "334 VXNlcm5hbWU6\r\n" — challenge for username
    // 2. "501 Authentication cancelled\r\n" — after client cancels
    let stream = mock_server(vec![
        "334 VXNlcm5hbWU6\r\n",
        "501 Authentication cancelled\r\n",
    ])
    .await;

    // 9217 chars → base64 encodes to ceil(9217/3)*4 = 12292 octets > 12288
    let long_user = "u".repeat(9217);
    let normal_pass = "password";

    // Verify test setup: base64 of the username must exceed 12288.
    use base64::Engine;
    let encoded_len = base64::engine::general_purpose::STANDARD
        .encode(long_user.as_bytes())
        .len();
    assert!(
        encoded_len > 12288,
        "test setup: base64 username must exceed 12288 octets, got {encoded_len}"
    );

    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Auth(vec![
            crate::types::AuthMechanism::Login,
        ])],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .auth_login(&long_user, normal_pass, Duration::from_secs(5))
        .await;

    assert!(
        result.is_err(),
        "auth_login must reject username whose base64 exceeds 12288 octets \
         (RFC 4954 Section 12)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("12288") || msg.contains("auth-response"),
                "error should mention 12288-octet limit: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

#[tokio::test]
async fn auth_login_rejects_overlong_password() {
    // RFC 4954 Section 12: same limit applies to the password response.
    // The mock server sends:
    // 1. "334 VXNlcm5hbWU6\r\n" — challenge for username (accepted)
    // 2. "334 UGFzc3dvcmQ6\r\n" — challenge for password
    // 3. "501 Authentication cancelled\r\n" — after client cancels
    let stream = mock_server(vec![
        "334 VXNlcm5hbWU6\r\n",
        "334 UGFzc3dvcmQ6\r\n",
        "501 Authentication cancelled\r\n",
    ])
    .await;

    let normal_user = "user";
    // 9217 chars → base64 encodes to 12292 octets > 12288
    let long_pass = "p".repeat(9217);

    // Verify test setup: base64 of the password must exceed 12288.
    use base64::Engine;
    let encoded_len = base64::engine::general_purpose::STANDARD
        .encode(long_pass.as_bytes())
        .len();
    assert!(
        encoded_len > 12288,
        "test setup: base64 password must exceed 12288 octets, got {encoded_len}"
    );

    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Auth(vec![
            crate::types::AuthMechanism::Login,
        ])],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .auth_login(normal_user, &long_pass, Duration::from_secs(5))
        .await;

    assert!(
        result.is_err(),
        "auth_login must reject password whose base64 exceeds 12288 octets \
         (RFC 4954 Section 12)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("12288") || msg.contains("auth-response"),
                "error should mention 12288-octet limit: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

// ── NUL bytes in AUTH LOGIN credentials — defense-in-depth ────────

#[tokio::test]
async fn auth_login_rejects_nul_in_username() {
    // draft-murchison-sasl-login; cf. RFC 4616 Section 2:
    // NUL (0x00) is never valid in credentials. While AUTH LOGIN
    // does not use NUL as a delimiter (unlike SASL PLAIN), embedded
    // NUL bytes can cause truncation on servers with C-style string
    // handling, leading to authentication with a wrong identity.
    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Auth(vec![
            crate::types::AuthMechanism::Login,
        ])],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .auth_login("user\0evil", "pass", Duration::from_secs(1))
        .await;

    assert!(
        result.is_err(),
        "AUTH LOGIN must reject username containing NUL byte \
         (draft-murchison-sasl-login; cf. RFC 4616 Section 2)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(msg.contains("NUL"), "error should mention NUL byte: {msg}");
        }
        other => panic!("expected Protocol error for NUL in username, got: {other:?}"),
    }
}

#[tokio::test]
async fn auth_login_rejects_nul_in_password() {
    // draft-murchison-sasl-login; cf. RFC 4616 Section 2:
    // Same rationale — NUL bytes are never valid in credentials.
    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Auth(vec![
            crate::types::AuthMechanism::Login,
        ])],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .auth_login("user", "pass\0word", Duration::from_secs(1))
        .await;

    assert!(
        result.is_err(),
        "AUTH LOGIN must reject password containing NUL byte \
         (draft-murchison-sasl-login; cf. RFC 4616 Section 2)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(msg.contains("NUL"), "error should mention NUL byte: {msg}");
        }
        other => panic!("expected Protocol error for NUL in password, got: {other:?}"),
    }
}

// ── RFC 6152 §3 — BODY param requirements ───────────────────────────

#[tokio::test]
async fn validate_params_accepts_body_7bit_with_binarymime() {
    // RFC 6152 Section 3: "the client SMTP MUST NOT use the BODY
    // parameter without the server advertising 8BITMIME or BINARYMIME
    // support." BODY=7BIT must be accepted when the server advertises
    // BINARYMIME (even without 8BITMIME).
    use crate::types::{BodyType, MailFromParams};

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::BinaryMime, SmtpExtension::Chunking],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        body: Some(BodyType::SevenBit),
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;

    assert!(
        result.is_ok(),
        "RFC 6152 Section 3: BODY=7BIT must be accepted when server \
         advertises BINARYMIME. Got error: {:?}",
        result.unwrap_err()
    );
}

#[tokio::test]
async fn validate_params_rejects_body_8bitmime_with_binarymime_without_8bitmime() {
    // RFC 6152 Section 3 requires the 8BITMIME keyword before a client
    // may declare BODY=8BITMIME. BINARYMIME alone does not satisfy that.
    use crate::types::{BodyType, MailFromParams};

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::BinaryMime, SmtpExtension::Chunking],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        body: Some(BodyType::EightBitMime),
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;

    assert!(
        result.is_err(),
        "BODY=8BITMIME must be rejected when the server omits 8BITMIME, even if it advertises BINARYMIME"
    );
}

#[tokio::test]
async fn validate_params_accepts_body_7bit_without_either_extension() {
    // RFC 5321 Section 4.5.2: 7-bit is the default encoding, so
    // BODY=7BIT is accepted without 8BITMIME or BINARYMIME.
    // The encoder silently omits the redundant parameter.
    use crate::types::{BodyType, MailFromParams};

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Pipelining],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        body: Some(BodyType::SevenBit),
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;

    assert!(
        result.is_ok(),
        "BODY=7BIT without 8BITMIME should be accepted because 7-bit \
         is already the default (RFC 5321 Section 4.5.2). \
         Got error: {:?}",
        result.err()
    );
}

// ── RFC 1870 §3 — SIZE must include implicit trailing CRLF ─────────

#[tokio::test]
async fn size_param_includes_implicit_trailing_crlf() {
    // RFC 1870 Section 3: SIZE includes "the terminating CRLF of the
    // last line." When the message does not end with CRLF, the sender
    // adds one before the terminating dot (RFC 5321 Section 4.1.1.4).
    // The SIZE parameter must count this implicit CRLF.
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    // Message that does NOT end with CRLF — the sender will add
    // "\r\n" before ".\r\n", making the effective content 2 bytes
    // larger than message.len().
    let message = b"Subject: Test\r\n\r\nHello";
    let raw_len = message.len();
    let expected_size = raw_len + 2; // +2 for implicit CRLF

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = vec![0u8; 4096];

        // Wait for MAIL FROM and check SIZE value.
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0);
            accumulated.extend_from_slice(&buf[..n]);
            let text = String::from_utf8_lossy(&accumulated);
            if text.contains("MAIL FROM:") {
                let size_idx = text.find("SIZE=").expect("MAIL FROM must include SIZE=");
                let after_size = &text[size_idx + 5..];
                let size_str: String = after_size
                    .chars()
                    .take_while(char::is_ascii_digit)
                    .collect();
                let declared_size: usize = size_str.parse().unwrap();
                assert_eq!(
                    declared_size, expected_size,
                    "RFC 1870 Section 3: SIZE must include the implicit \
                     trailing CRLF. Message is {raw_len} bytes but does \
                     not end with CRLF, so SIZE must be {expected_size} \
                     (raw + 2). Got: {declared_size}"
                );
                break;
            }
        }

        // Complete the transaction.
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("RCPT TO:") {
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("DATA") {
                break;
            }
        }
        socket.write_all(b"354 Start\r\n").await.unwrap();
        socket.flush().await.unwrap();
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("\r\n.\r\n") {
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Size(None)],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            message,
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_ok(), "send failed: {result:?}");
    server.await.unwrap();
}

// ── RFC 5321 §4.1.1.6/7 — VRFY/EXPN must validate printable ASCII ──

#[tokio::test]
async fn vrfy_rejects_non_ascii_argument() {
    // RFC 5321 Section 4.1.1.6: VRFY SP String CRLF, where
    // String = Atom / Quoted-string. Atom = 1*atext, which is
    // restricted to printable ASCII. Non-ASCII bytes must be
    // rejected.
    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let result = conn.vrfy("usér@example.com", Duration::from_secs(1)).await;
    assert!(
        result.is_err(),
        "VRFY with non-ASCII argument must be rejected \
         (RFC 5321 Section 4.1.1.6)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("non-ASCII") || msg.contains("printable"),
                "error should mention non-ASCII or printable: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

#[tokio::test]
async fn expn_rejects_non_ascii_argument() {
    // RFC 5321 Section 4.1.1.7: EXPN SP String CRLF, where
    // String = Atom / Quoted-string. Non-ASCII bytes must be
    // rejected.
    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let result = conn.expn("stäff", Duration::from_secs(1)).await;
    assert!(
        result.is_err(),
        "EXPN with non-ASCII argument must be rejected \
         (RFC 5321 Section 4.1.1.7)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("non-ASCII") || msg.contains("printable"),
                "error should mention non-ASCII or printable: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

#[tokio::test]
async fn vrfy_rejects_control_character_argument() {
    // RFC 5321 Section 4.1.1.6 / RFC 5322 Section 3.2.3: control
    // characters (0x00-0x1F, 0x7F) are not valid in the String
    // production used by VRFY.
    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let result = conn
        .vrfy("user\x01@example.com", Duration::from_secs(1))
        .await;
    assert!(
        result.is_err(),
        "VRFY with control character must be rejected \
         (RFC 5321 Section 4.1.1.6)"
    );
}

#[tokio::test]
async fn vrfy_accepts_valid_ascii_argument() {
    // Valid printable ASCII arguments must be accepted.
    let stream = mock_server(vec!["252 Cannot VRFY\r\n"]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let result = conn.vrfy("user@example.com", Duration::from_secs(1)).await;
    assert!(
        result.is_ok(),
        "VRFY with valid ASCII argument must succeed: {:?}",
        result.unwrap_err()
    );
}

// ── RFC 5321 §4.5.2 — BDAT must reject NUL without BINARYMIME ────

#[tokio::test]
async fn bdat_rejects_nul_bytes_without_binarymime() {
    // RFC 5321 Section 4.5.2: "a sending SMTP system MUST NOT send
    // a message that contains octets with a value of 0x00" unless a
    // server extension explicitly permits it. BINARYMIME (RFC 3030
    // Section 4) permits NUL bytes; CHUNKING alone does not.
    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Chunking],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let message = b"Subject: Test\r\n\r\nHello\x00World\r\n";
    let result = conn
        .send_bdat(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            message,
            None,
            Duration::from_secs(5),
        )
        .await;

    assert!(
        result.is_err(),
        "BDAT must reject NUL bytes without BINARYMIME (RFC 5321 Section 4.5.2)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("NUL") || msg.contains("0x00"),
                "error should mention NUL bytes: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

#[tokio::test]
async fn lmtp_bdat_rejects_nul_bytes_without_binarymime() {
    // RFC 5321 Section 4.5.2: same NUL byte restriction for LMTP BDAT.
    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Chunking],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Lmtp);

    let message = b"Subject: Test\r\n\r\nHello\x00World\r\n";
    let result = conn
        .send_lmtp_bdat(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            message,
            None,
            Duration::from_secs(5),
        )
        .await;

    assert!(
        result.is_err(),
        "LMTP BDAT must reject NUL bytes without BINARYMIME (RFC 5321 Section 4.5.2)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("NUL") || msg.contains("0x00"),
                "error should mention NUL bytes: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

// ── RFC 1652 §1 — BDAT must reject 8-bit content without 8BITMIME ──

#[tokio::test]
async fn bdat_rejects_8bit_content_without_8bitmime() {
    // RFC 1652 Section 1: "an SMTP client MUST NOT transmit 8-bit
    // data in the mail body" without 8BITMIME. RFC 3030 Section 3
    // says BDAT replaces DATA for message transport, so the same
    // content restrictions apply.
    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Chunking],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    // Message with 8-bit content (UTF-8 encoded é = 0xC3 0xA9)
    let message = "Subject: Test\r\n\r\nHéllo\r\n".as_bytes();
    let result = conn
        .send_bdat(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            message,
            None,
            Duration::from_secs(5),
        )
        .await;

    assert!(
        result.is_err(),
        "BDAT must reject 8-bit content without 8BITMIME (RFC 1652 Section 1)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("8-bit") || msg.contains("8BITMIME"),
                "error should mention 8-bit content: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

#[tokio::test]
async fn lmtp_bdat_rejects_8bit_content_without_8bitmime() {
    // RFC 1652 Section 1: same 7-bit restriction for LMTP BDAT.
    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Chunking],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Lmtp);

    let message = "Subject: Test\r\n\r\nHéllo\r\n".as_bytes();
    let result = conn
        .send_lmtp_bdat(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            message,
            None,
            Duration::from_secs(5),
        )
        .await;

    assert!(
        result.is_err(),
        "LMTP BDAT must reject 8-bit content without 8BITMIME (RFC 1652 Section 1)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("8-bit") || msg.contains("8BITMIME"),
                "error should mention 8-bit content: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

// ── BDAT allows NUL/8-bit with BINARYMIME (positive cases) ──────

#[tokio::test]
async fn bdat_allows_nul_bytes_with_binarymime() {
    // RFC 3030 Section 4: BINARYMIME permits NUL bytes.
    // This test confirms the fix doesn't over-restrict.
    use crate::types::{BodyType, MailFromParams};

    let stream = mock_interactive_server(vec![
        ("MAIL FROM:", "250 OK\r\n"),
        ("RCPT TO:", "250 OK\r\n"),
        ("BDAT ", "250 OK\r\n"),
    ])
    .await;

    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Chunking, SmtpExtension::BinaryMime],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        body: Some(BodyType::BinaryMime),
        ..Default::default()
    };
    let result = conn
        .send_bdat(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"\x00\x01\x02binary\xff\xfe",
            Some(&params),
            Duration::from_secs(5),
        )
        .await;

    assert!(
        result.is_ok(),
        "BDAT with BODY=BINARYMIME must allow NUL bytes: {result:?}"
    );
}

#[tokio::test]
async fn bdat_allows_8bit_content_with_8bitmime() {
    // RFC 1652: 8BITMIME extension enables 8-bit content.
    let stream = mock_interactive_server(vec![
        ("MAIL FROM:", "250 OK\r\n"),
        ("RCPT TO:", "250 OK\r\n"),
        ("BDAT ", "250 OK\r\n"),
    ])
    .await;

    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Chunking, SmtpExtension::EightBitMime],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let message = "Subject: Test\r\n\r\nHéllo\r\n".as_bytes();
    let result = conn
        .send_bdat(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            message,
            None,
            Duration::from_secs(5),
        )
        .await;

    assert!(
        result.is_ok(),
        "BDAT with 8BITMIME must allow 8-bit content: {result:?}"
    );
}

// ── RFC 5321 §3.1 — greeting MUST be 220 ────────────────────────────

#[tokio::test]
async fn greeting_rejects_non_220_success() {
    // RFC 5321 Section 3.1: "When the connection is established, the
    // SMTP server issues a positive response with the 220 service
    // ready greeting." A non-220 2xx response (e.g. 250) is a
    // protocol violation and must be rejected.
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        // Send a non-220 2xx greeting — a protocol violation.
        socket
            .write_all(b"250 mail.example.com Service ready\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();
        // Respond to EHLO so the connection succeeds if the
        // greeting check is too permissive (the bug).
        let mut buf = [0u8; 4096];
        let _ = socket.read(&mut buf).await;
        socket
            .write_all(b"250-mail.example.com\r\n250 OK\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(500)).await;
    });

    let result = SmtpConnection::connect(
        "127.0.0.1",
        addr.port(),
        TlsMode::None,
        Duration::from_secs(5),
    )
    .await;

    // Must fail because the greeting code is not 220.
    let err = match result {
        Ok(_) => panic!("non-220 2xx greeting must be rejected (RFC 5321 Section 3.1)"),
        Err(e) => e,
    };
    match err {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("220"),
                "error should mention expected code 220: {msg}"
            );
        }
        other => panic!("expected Protocol error for non-220 greeting, got: {other:?}"),
    }
}

// ── RFC 5321 §4.1.1.10 — QUIT on non-220 2xx greeting ──────────

#[tokio::test]
async fn connect_sends_quit_on_non_220_2xx_greeting() {
    // RFC 5321 Section 4.1.1.10: The client SHOULD send QUIT before
    // closing the connection, even when the server sent a non-standard
    // 2xx greeting (e.g. 250 instead of 220).  Previously, the code
    // only sent QUIT for 4xx/5xx greetings — this test verifies that
    // QUIT is also sent for non-220 2xx greetings.
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();

        // Send a non-220 2xx greeting — a protocol violation.
        socket.write_all(b"250 Welcome\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // Client should send QUIT even though the greeting is 2xx.
        let mut buf = [0u8; 4096];
        let mut accumulated = Vec::new();
        let quit_received = tokio::time::timeout(Duration::from_secs(3), async {
            loop {
                let n = socket.read(&mut buf).await.unwrap();
                if n == 0 {
                    return false;
                }
                accumulated.extend_from_slice(&buf[..n]);
                if String::from_utf8_lossy(&accumulated).contains("QUIT") {
                    return true;
                }
            }
        })
        .await;

        assert!(
            matches!(quit_received, Ok(true)),
            "client must send QUIT after receiving non-220 2xx greeting \
             (RFC 5321 Section 4.1.1.10): quit_received={quit_received:?}"
        );

        socket.write_all(b"221 Bye\r\n").await.unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let result = SmtpConnection::connect(
        "127.0.0.1",
        addr.port(),
        TlsMode::None,
        Duration::from_secs(5),
    )
    .await;

    assert!(result.is_err(), "connect must fail on non-220 2xx greeting");
    let err = result.expect_err("result must be Err");
    match &err {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("220"),
                "error should mention expected code 220: {msg}"
            );
        }
        other => panic!("expected Protocol error for non-220 2xx greeting, got: {other:?}"),
    }
    server.await.unwrap();
}

// ── RFC 2033 §4.3 — VRFY and EXPN are valid in LMTP ────────────

#[tokio::test]
async fn vrfy_allowed_on_lmtp_connection() {
    // RFC 2033 Section 4.3: only HELO, EHLO, and TURN "MUST NOT be
    // used with LMTP." VRFY and EXPN are "not required, but SHOULD
    // be used if possible" — meaning they are valid but optional.
    // The library must NOT reject VRFY on LMTP connections.
    let stream = mock_server(vec!["250 User Name <user@example.com>\r\n"]).await;
    let conn = SmtpConnection::from_plain(stream, ServerCapabilities::default(), Protocol::Lmtp);

    let result = conn.vrfy("user@example.com", Duration::from_secs(5)).await;
    assert!(
        result.is_ok(),
        "RFC 2033 Section 4.3: VRFY is valid in LMTP (only HELO, \
         EHLO, TURN are prohibited); got error: {result:?}"
    );
    let resp = result.unwrap();
    assert_eq!(resp.code, 250);
}

#[tokio::test]
async fn expn_allowed_on_lmtp_connection() {
    // RFC 2033 Section 4.3: only HELO, EHLO, and TURN "MUST NOT be
    // used with LMTP." EXPN is "not required, but SHOULD be used if
    // possible" — meaning it is valid but optional in LMTP.
    let stream = mock_server(vec![
        "250-Alice <alice@example.com>\r\n250 Bob <bob@example.com>\r\n",
    ])
    .await;
    let conn = SmtpConnection::from_plain(stream, ServerCapabilities::default(), Protocol::Lmtp);

    let result = conn.expn("staff", Duration::from_secs(5)).await;
    assert!(
        result.is_ok(),
        "RFC 2033 Section 4.3: EXPN is valid in LMTP (only HELO, \
         EHLO, TURN are prohibited); got error: {result:?}"
    );
    let resp = result.unwrap();
    assert_eq!(resp.code, 250);
    assert_eq!(resp.lines.len(), 2);
}

#[tokio::test]
async fn vrfy_non_ascii_uses_smtputf8_when_server_supports_it() {
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = [0u8; 1024];
        let n = tokio::time::timeout(Duration::from_secs(1), socket.read(&mut buf))
            .await
            .expect("server read timed out")
            .expect("server read failed");
        let received = std::str::from_utf8(&buf[..n]).expect("VRFY command must be UTF-8");
        assert_eq!(received, "VRFY josé SMTPUTF8\r\n");
        socket
            .write_all("250 José <josé@example.com>\r\n".as_bytes())
            .await
            .unwrap();
        socket.flush().await.unwrap();
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::SmtpUtf8],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn.vrfy("josé", Duration::from_secs(5)).await;
    let response = result.expect("VRFY with SMTPUTF8 support should succeed");
    assert_eq!(response.code, 250);
    assert_eq!(response.text(), "José <josé@example.com>");
    server.await.unwrap();
}

#[tokio::test]
async fn expn_non_ascii_uses_smtputf8_when_server_supports_it() {
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = [0u8; 1024];
        let n = tokio::time::timeout(Duration::from_secs(1), socket.read(&mut buf))
            .await
            .expect("server read timed out")
            .expect("server read failed");
        let received = std::str::from_utf8(&buf[..n]).expect("EXPN command must be UTF-8");
        assert_eq!(received, "EXPN équipe SMTPUTF8\r\n");
        socket
            .write_all(
                "250-Équipe <equipe@example.com>\r\n250 José <josé@example.com>\r\n".as_bytes(),
            )
            .await
            .unwrap();
        socket.flush().await.unwrap();
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::SmtpUtf8],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn.expn("équipe", Duration::from_secs(5)).await;
    let response = result.expect("EXPN with SMTPUTF8 support should succeed");
    assert_eq!(response.code, 250);
    assert_eq!(response.lines.len(), 2);
    assert_eq!(response.lines[0], "Équipe <equipe@example.com>");
    assert_eq!(response.lines[1], "José <josé@example.com>");
    server.await.unwrap();
}

// ── RFC 6152 §3 — send() must auto-declare BODY=8BITMIME for 8-bit content ──

#[tokio::test]
async fn send_auto_declares_body_8bitmime_for_8bit_content() {
    // RFC 6152 Section 3: "When a client SMTP transmits a message body
    // consisting of 8bit data to a server SMTP, it must also transmit a
    // BODY=8BITMIME parameter on the MAIL FROM command."
    //
    // The simple send() API must auto-detect 8-bit content (bytes > 0x7F)
    // and include BODY=8BITMIME in MAIL FROM when the server supports it.
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = vec![0u8; 4096];

        // Wait for MAIL FROM and verify BODY=8BITMIME is present.
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0);
            accumulated.extend_from_slice(&buf[..n]);
            let text = String::from_utf8_lossy(&accumulated);
            if text.contains("MAIL FROM:") {
                assert!(
                    text.contains("BODY=8BITMIME"),
                    "RFC 6152 Section 3: send() with 8-bit content must \
                     auto-declare BODY=8BITMIME in MAIL FROM when server \
                     supports 8BITMIME. Got: {text}"
                );
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // RCPT TO.
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("RCPT TO:") {
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // DATA.
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("DATA") {
                break;
            }
        }
        socket.write_all(b"354 Start\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // Terminator.
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("\r\n.\r\n") {
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    // Server supports 8BITMIME but NOT SMTPUTF8.
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::EightBitMime],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    // Message with 8-bit content (UTF-8 encoded "Héllo").
    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nH\xc3\xa9llo\r\n",
            Duration::from_secs(5),
        )
        .await;

    assert!(
        result.is_ok(),
        "send() with 8-bit content should succeed: {result:?}"
    );
    server.await.unwrap();
}

#[tokio::test]
async fn send_does_not_declare_body_8bitmime_for_7bit_content() {
    // When the message content is pure 7-bit ASCII, BODY=8BITMIME
    // should NOT be added to MAIL FROM — it's unnecessary and slightly
    // misleading (the content IS 7-bit).
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = vec![0u8; 4096];

        // Wait for MAIL FROM and verify BODY=8BITMIME is NOT present.
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0);
            accumulated.extend_from_slice(&buf[..n]);
            let text = String::from_utf8_lossy(&accumulated);
            if text.contains("MAIL FROM:") {
                assert!(
                    !text.contains("BODY="),
                    "send() with 7-bit content must not add BODY= parameter. \
                     Got: {text}"
                );
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();

        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("RCPT TO:") {
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();

        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("DATA") {
                break;
            }
        }
        socket.write_all(b"354 Start\r\n").await.unwrap();
        socket.flush().await.unwrap();

        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("\r\n.\r\n") {
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::EightBitMime],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    // Pure 7-bit ASCII message.
    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello world\r\n",
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_ok(), "send with 7-bit content failed: {result:?}");
    server.await.unwrap();
}

// ── RFC 6531 §3.1 item 4 / §3.4 — send() must auto-declare SMTPUTF8 ──

#[tokio::test]
async fn send_auto_declares_smtputf8_for_utf8_headers() {
    // RFC 6531 Section 3.1 item 4: SMTPUTF8 is required when the
    // message being sent is internationalized.
    // RFC 6531 Section 3.4: when SMTPUTF8 is used, MAIL FROM must
    // carry the SMTPUTF8 parameter.
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = vec![0u8; 4096];

        // Wait for MAIL FROM and verify SMTPUTF8 is present.
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0);
            accumulated.extend_from_slice(&buf[..n]);
            let text = String::from_utf8_lossy(&accumulated);
            if text.contains("MAIL FROM:") {
                assert!(
                    text.contains("SMTPUTF8"),
                    "RFC 6531 Section 3.4: send() with UTF-8 header octets \
                     must auto-declare SMTPUTF8 in MAIL FROM. Got: {text}"
                );
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // RCPT TO.
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("RCPT TO:") {
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // DATA.
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("DATA") {
                break;
            }
        }
        socket.write_all(b"354 Start\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // Terminator.
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("\r\n.\r\n") {
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::SmtpUtf8, SmtpExtension::EightBitMime],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Caf\xc3\xa9\r\n\r\nHello\r\n",
            Duration::from_secs(5),
        )
        .await;

    assert!(
        result.is_ok(),
        "send() with UTF-8 header octets should succeed with SMTPUTF8 support: {result:?}"
    );
    server.await.unwrap();
}

#[tokio::test]
async fn send_auto_declares_smtputf8_for_non_ascii_addresses() {
    // RFC 6531 Section 3.3: internationalized mailbox names require
    // SMTPUTF8 support.
    // RFC 6531 Section 3.4: when SMTPUTF8 is used, MAIL FROM must
    // include the SMTPUTF8 parameter.
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = vec![0u8; 4096];

        // Wait for MAIL FROM and verify SMTPUTF8 is present.
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0);
            accumulated.extend_from_slice(&buf[..n]);
            let text = String::from_utf8_lossy(&accumulated);
            if text.contains("MAIL FROM:") {
                assert!(
                    text.contains("SMTPUTF8"),
                    "RFC 6531 Section 3.4: send() with non-ASCII envelope \
                     addresses must auto-declare SMTPUTF8 in MAIL FROM. \
                     Got: {text}"
                );
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // RCPT TO.
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("RCPT TO:") {
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // DATA.
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("DATA") {
                break;
            }
        }
        socket.write_all(b"354 Start\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // Terminator.
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("\r\n.\r\n") {
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::SmtpUtf8, SmtpExtension::EightBitMime],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("ünïcödé@example.com").unwrap(),
            &[ForwardPath::new("réçîpïënt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello\r\n",
            Duration::from_secs(5),
        )
        .await;

    assert!(
        result.is_ok(),
        "send() with non-ASCII envelope addresses should succeed with SMTPUTF8 support: {result:?}"
    );
    server.await.unwrap();
}

// ── RFC 5321 §4.1.4 — HELO fallback restricted to 500/502/504 ──

#[tokio::test]
async fn ehlo_521_does_not_fall_back_to_helo() {
    // RFC 5321 Section 4.1.4: HELO fallback is for when "the server
    // does not support any SMTP service extensions," indicated by codes
    // 500, 502, 504. Code 521 (RFC 7504: "I do not accept mail")
    // is NOT about ESMTP support — HELO won't help.
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();

        // Server greeting.
        socket
            .write_all(b"220 no-mail.example.com ESMTP\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // Read EHLO.
        let mut buf = [0u8; 4096];
        let n = socket.read(&mut buf).await.unwrap();
        let cmd = String::from_utf8_lossy(&buf[..n]);
        assert!(cmd.starts_with("EHLO "), "expected EHLO, got: {cmd}");

        // Respond with 521 — server does not accept mail.
        socket
            .write_all(b"521 I do not accept mail\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // The client MUST NOT fall back to HELO — 521 is not about
        // missing ESMTP support.
        let helo_sent = tokio::time::timeout(Duration::from_secs(1), async {
            let mut accumulated = Vec::new();
            loop {
                let n = socket.read(&mut buf).await.unwrap();
                if n == 0 {
                    return false;
                }
                accumulated.extend_from_slice(&buf[..n]);
                let text = String::from_utf8_lossy(&accumulated);
                if text.contains("HELO ") {
                    return true;
                }
            }
        })
        .await;

        assert!(
            !matches!(helo_sent, Ok(true)),
            "client must NOT fall back to HELO after 521 EHLO response \
             (RFC 5321 Section 4.1.4 / RFC 7504): 521 means 'does not \
             accept mail', not 'does not support ESMTP'"
        );

        tokio::time::sleep(Duration::from_millis(100)).await;
    });

    let result = SmtpConnection::connect(
        "127.0.0.1",
        addr.port(),
        TlsMode::None,
        Duration::from_secs(5),
    )
    .await;

    // Must fail with permanent error (521), not succeed via HELO.
    match result {
        Err(Error::Permanent { code, .. }) => {
            assert_eq!(code, 521, "error must preserve the 521 code");
        }
        Err(other) => panic!("expected Permanent error with code 521, got: {other:?}"),
        Ok(_) => panic!("connect must fail on 521 EHLO response, not fall back to HELO"),
    }

    server.await.unwrap();
}

#[tokio::test]
async fn ehlo_550_does_not_fall_back_to_helo() {
    // RFC 5321 Section 4.3.2: code 550 in response to EHLO means
    // "reject the transaction for policy reasons." The server
    // understands ESMTP but is refusing this client — HELO fallback
    // would not bypass the policy and would mask the real error.
    //
    // Only 500, 502, 504 indicate the server does not support ESMTP
    // and warrant a HELO fallback (RFC 5321 Section 4.1.4).
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();

        // Server greeting.
        socket
            .write_all(b"220 policy.example.com ESMTP\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // Read EHLO.
        let mut buf = [0u8; 4096];
        let n = socket.read(&mut buf).await.unwrap();
        let cmd = String::from_utf8_lossy(&buf[..n]);
        assert!(cmd.starts_with("EHLO "), "expected EHLO, got: {cmd}");

        // Respond with 550 — policy rejection.
        socket.write_all(b"550 Access denied\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // The client MUST NOT fall back to HELO — 550 is a policy
        // rejection, not a lack of ESMTP support.
        let helo_sent = tokio::time::timeout(Duration::from_secs(1), async {
            let mut accumulated = Vec::new();
            loop {
                let n = socket.read(&mut buf).await.unwrap();
                if n == 0 {
                    return false;
                }
                accumulated.extend_from_slice(&buf[..n]);
                let text = String::from_utf8_lossy(&accumulated);
                if text.contains("HELO ") {
                    return true;
                }
            }
        })
        .await;

        assert!(
            !matches!(helo_sent, Ok(true)),
            "client must NOT fall back to HELO after 550 EHLO response \
             (RFC 5321 Section 4.3.2): 550 is a policy rejection, not \
             a lack of ESMTP support"
        );

        tokio::time::sleep(Duration::from_millis(100)).await;
    });

    let result = SmtpConnection::connect(
        "127.0.0.1",
        addr.port(),
        TlsMode::None,
        Duration::from_secs(5),
    )
    .await;

    // Must fail with permanent error (550), not succeed via HELO.
    match result {
        Err(Error::Permanent { code, .. }) => {
            assert_eq!(code, 550, "error must preserve the 550 code");
        }
        Err(other) => panic!("expected Permanent error with code 550, got: {other:?}"),
        Ok(_) => panic!("connect must fail on 550 EHLO response, not fall back to HELO"),
    }

    server.await.unwrap();
}

// ── RFC 5321 §4.1.4 — HELO fallback on 501 EHLO rejection ──────────

#[tokio::test]
async fn helo_fallback_when_ehlo_rejected_with_501() {
    // RFC 5321 Section 4.1.4: "If the EHLO command is not acceptable
    // to the SMTP server, 501, 500, 502, or 550 failure reply MUST be
    // returned." Code 501 ("Syntax error in parameters or arguments")
    // can be returned by legacy servers that don't understand the EHLO
    // verb at all. Per Postel's law, HELO fallback should be attempted.
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();

        // Server greeting.
        socket
            .write_all(b"220 legacy.server.com SMTP\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // Read EHLO command.
        let mut buf = [0u8; 4096];
        let n = socket.read(&mut buf).await.unwrap();
        let cmd = String::from_utf8_lossy(&buf[..n]);
        assert!(
            cmd.starts_with("EHLO "),
            "client should try EHLO first, got: {cmd}"
        );

        // Reject EHLO with 501 — server doesn't understand EHLO syntax.
        socket
            .write_all(b"501 Syntax error in parameters\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // Client should fall back to HELO (RFC 5321 Section 4.1.4).
        let n = socket.read(&mut buf).await.unwrap();
        let cmd = String::from_utf8_lossy(&buf[..n]);
        assert!(
            cmd.starts_with("HELO "),
            "client must fall back to HELO after 501 EHLO rejection: {cmd}"
        );

        // Accept HELO.
        socket
            .write_all(b"250 legacy.server.com\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let result = SmtpConnection::connect(
        "127.0.0.1",
        addr.port(),
        TlsMode::None,
        Duration::from_secs(5),
    )
    .await;

    match result {
        Ok(_) => {}
        Err(e) => panic!(
            "connection must succeed with HELO fallback on 501 EHLO rejection \
             (RFC 5321 Section 4.1.4): {e}"
        ),
    }
    server.await.unwrap();
}

// ── RFC 5321 §4.1.1.3 — RCPT TO requires non-empty Forward-path ──

#[test]
fn forward_path_rejects_empty_address() {
    // RFC 5321 Section 4.1.1.3: Forward-path = Path = "<" Mailbox ">".
    // Mailbox must be non-empty; "<>" is only valid as a null
    // reverse-path in MAIL FROM, not as a forward-path in RCPT TO.
    // ForwardPath::new() rejects empty strings at construction time.
    let result = ForwardPath::new("");
    assert!(
        result.is_err(),
        "ForwardPath must reject empty address (RFC 5321 Section 4.1.1.3)"
    );
}

#[test]
fn reverse_path_accepts_obsolete_source_routes() {
    // RFC 5321 Section 4.1.2: `Path = "<" [ A-d-l ":" ] Mailbox ">"`.
    // The obsolete source route "MUST BE accepted, SHOULD NOT be
    // generated, and SHOULD be ignored". ReversePath and ForwardPath
    // constructors must accept route-prefixed paths.
    let rp = ReversePath::new("@old.example,@relay.example:sender@example.com");
    assert!(
        rp.is_ok(),
        "ReversePath must accept obsolete source-routed paths \
         per RFC 5321 Section 4.1.2: {rp:?}"
    );
    let fp = ForwardPath::new("@old.example,@relay.example:rcpt@example.com");
    assert!(
        fp.is_ok(),
        "ForwardPath must accept obsolete source-routed paths \
         per RFC 5321 Section 4.1.2: {fp:?}"
    );
}

#[test]
fn reverse_path_counts_obsolete_source_route_toward_path_limit() {
    // RFC 5321 Section 4.5.3.1.3 applies to the full `Path`, including
    // the obsolete source route and its punctuation:
    // `Path = "<" [ A-d-l ":" ] Mailbox ">"`.
    let route_domain = format!("{}.{}.{}", "u".repeat(63), "v".repeat(63), "w".repeat(62));
    let sender = format!("@{route_domain},@{route_domain}:user@example.com");

    assert!(
        sender.len() + 2 > SmtpConnection::SMTP_MAX_PATH_LENGTH,
        "test precondition: full source-routed reverse-path must exceed the RFC 5321 256-octet limit"
    );
    assert!(
        "user@example.com".len() + 2 < SmtpConnection::SMTP_MAX_PATH_LENGTH,
        "test precondition: bare mailbox should remain within the path limit so the source route is what triggers the rejection"
    );

    let result = ReversePath::new(&sender);

    assert!(
        result.is_err(),
        "source-routed reverse-path must count toward the 256-octet path limit \
         (RFC 5321 Section 4.5.3.1.3)"
    );
}

// The send_bdat_rejects_empty_recipient, send_lmtp_rejects_empty_recipient,
// and send_lmtp_bdat_rejects_empty_recipient tests are covered by
// forward_path_rejects_empty_address above — ForwardPath::new("") returns
// an error at construction time, so the empty address can never reach
// the send methods (RFC 5321 Section 4.1.1.3).

// ── RFC 5321 §4.1.1.6/§4.1.1.7 — VRFY/EXPN require non-empty arg ──

#[tokio::test]
async fn vrfy_rejects_empty_argument() {
    // RFC 5321 Section 4.1.1.6: "VRFY" SP String CRLF — String
    // requires at least one character. Validation must fire before
    // any I/O (Error::Protocol).
    let stream = mock_server(vec![]).await;
    let caps = smtp_caps_no_pipelining();
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn.vrfy("", Duration::from_secs(5)).await;

    let err = result.expect_err("vrfy must reject empty argument (RFC 5321 Section 4.1.1.6)");
    assert!(
        matches!(&err, Error::Protocol(msg) if msg.to_lowercase().contains("empty")),
        "expected Error::Protocol mentioning empty argument, got: {err:?}"
    );
}

#[tokio::test]
async fn expn_rejects_empty_argument() {
    // RFC 5321 Section 4.1.1.7: "EXPN" SP String CRLF — String
    // requires at least one character. Validation must fire before
    // any I/O (Error::Protocol).
    let stream = mock_server(vec![]).await;
    let caps = smtp_caps_no_pipelining();
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn.expn("", Duration::from_secs(5)).await;

    let err = result.expect_err("expn must reject empty argument (RFC 5321 Section 4.1.1.7)");
    assert!(
        matches!(&err, Error::Protocol(msg) if msg.to_lowercase().contains("empty")),
        "expected Error::Protocol mentioning empty argument, got: {err:?}"
    );
}

/// `SmtpConnection` must implement Debug.
/// The output should include `ehlo_domain`, protocol, and transport
/// without exposing internal stream details.
#[tokio::test]
async fn debug_impl_shows_connection_metadata() {
    let stream = mock_server(vec!["220 test ready\r\n"]).await;
    let caps = ServerCapabilities {
        greeting_name: "mail.example.com".into(),
        extensions: Vec::new(),
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);
    let debug_str = format!("{conn:?}");
    assert!(
        debug_str.contains("SmtpConnection"),
        "Debug output must contain type name, got: {debug_str}"
    );
    assert!(
        debug_str.contains("ehlo_domain"),
        "Debug output must contain ehlo_domain field, got: {debug_str}"
    );
    assert!(
        debug_str.contains("protocol"),
        "Debug output must contain protocol field, got: {debug_str}"
    );
    assert!(
        debug_str.contains("transport"),
        "Debug output must contain transport field, got: {debug_str}"
    );
}

// --- Pre-refactor  ---
// Lock down the combined validation logic that will be extracted into helpers.

/// The CRLF-adjusted message size must equal `message.len()` when the
/// message already ends with CRLF, or `message.len()` + 2 otherwise.
#[test]
fn message_size_crlf_adjustment() {
    let with_crlf = b"Subject: test\r\n\r\nBody\r\n";
    let without_crlf = b"Subject: test\r\n\r\nBody";

    let size_with = if with_crlf.ends_with(b"\r\n") {
        with_crlf.len()
    } else {
        with_crlf.len() + 2
    };
    assert_eq!(size_with, with_crlf.len());

    let size_without = if without_crlf.ends_with(b"\r\n") {
        without_crlf.len()
    } else {
        without_crlf.len() + 2
    };
    assert_eq!(size_without, without_crlf.len() + 2);
}

/// `validate_no_nul_bytes` rejects NUL bytes and accepts clean data.
#[test]
fn validate_no_nul_rejects_nul_accepts_clean() {
    assert!(SmtpConnection::validate_no_nul_bytes(b"clean data").is_ok());
    assert!(SmtpConnection::validate_no_nul_bytes(b"has \x00 nul").is_err());
    assert!(SmtpConnection::validate_no_nul_bytes(b"").is_ok());
}

/// `validate_7bit_content` rejects bytes > 0x7F and accepts 7-bit data.
#[test]
fn validate_7bit_rejects_high_bytes() {
    assert!(SmtpConnection::validate_7bit_content(b"all ascii").is_ok());
    assert!(SmtpConnection::validate_7bit_content(b"has \x80 high").is_err());
    assert!(SmtpConnection::validate_7bit_content(b"\x7F is ok").is_ok());
    assert!(SmtpConnection::validate_7bit_content(b"").is_ok());
}

/// `message_contains_8bit` detects high bytes.
#[test]
fn message_8bit_detection() {
    assert!(!SmtpConnection::message_contains_8bit(b"pure ascii"));
    assert!(SmtpConnection::message_contains_8bit(b"caf\xC3\xA9"));
    assert!(!SmtpConnection::message_contains_8bit(b""));
}

/// RFC 6532 Sections 3.2 and 3.6: UTF-8 in the header block makes the
/// message internationalized and therefore requires SMTPUTF8.
#[test]
fn message_headers_require_smtputf8_detects_utf8_header_octets() {
    let raw = b"Subject: Test\r\nReturn-Path: <us\xC3\xADr@example.com>\r\n\r\nbody";
    assert!(SmtpConnection::message_headers_require_smtputf8(raw));
}

/// RFC 6531 Section 3.1 item 4: SMTPUTF8 is about internationalized
/// envelope/header syntax, not ordinary 8-bit body transfer.
#[test]
fn message_headers_require_smtputf8_ignores_utf8_body_octets() {
    let raw = b"Subject: Test\r\n\r\ncaf\xC3\xA9";
    assert!(
        !SmtpConnection::message_headers_require_smtputf8(raw),
        "UTF-8 confined to the body must not force SMTPUTF8"
    );
}

/// RFC 5322 Section 2.2: SMTPUTF8 detection must inspect only an actual
/// header block. Raw BDAT payloads with no header fields are body data,
/// even when they contain arbitrary high bytes or NULs.
#[test]
fn message_headers_require_smtputf8_ignores_messages_without_header_block() {
    let raw = b"\x00\xFFbinary payload";
    assert!(
        !SmtpConnection::message_headers_require_smtputf8(raw),
        "messages without a header block must not be treated as \
         internationalized headers"
    );
}

/// RFC 6531 Section 3.1 item 4 keys SMTPUTF8 off internationalized
/// headers, not arbitrary body text that merely contains a colon. Raw
/// single-line payloads without any header/body separator should be
/// treated conservatively as body-only data.
#[test]
fn message_headers_require_smtputf8_ignores_body_only_colon_line() {
    let raw = "Note: café".as_bytes();
    assert!(
        !SmtpConnection::message_headers_require_smtputf8(raw),
        "body-only payloads must not be reclassified as SMTPUTF8 headers"
    );
}

// ── Pre-refactor coverage: LMTP BDAT CHUNKING and LMTP SIZE limits ──

/// RFC 3030 Section 3: `send_lmtp_bdat` must reject when CHUNKING is missing.
#[tokio::test]
async fn send_lmtp_bdat_rejects_missing_chunking() {
    let stream = mock_server(vec![]).await;
    // No CHUNKING extension in capabilities.
    let conn = SmtpConnection::from_plain(stream, ServerCapabilities::default(), Protocol::Lmtp);

    let result = conn
        .send_lmtp_bdat(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Hello",
            None,
            Duration::from_secs(1),
        )
        .await;

    assert!(
        result.is_err(),
        "send_lmtp_bdat must reject when server lacks CHUNKING"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(msg.contains("CHUNKING"), "expected CHUNKING mention: {msg}");
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

/// RFC 1870 Section 4: `send_lmtp` must reject messages exceeding SIZE limit.
#[tokio::test]
async fn send_lmtp_rejects_message_exceeding_size_limit() {
    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Size(Some(50))],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Lmtp);

    let big_message = b"Subject: test\r\n\r\nXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\r\n";
    let result = conn
        .send_lmtp(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            big_message,
            None,
            Duration::from_secs(1),
        )
        .await;

    assert!(
        result.is_err(),
        "send_lmtp must reject messages exceeding server SIZE limit"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("SIZE") || msg.contains("size") || msg.contains("exceeds"),
                "error should mention SIZE limit: {msg}"
            );
        }
        other => panic!("expected Protocol error for SIZE limit, got: {other:?}"),
    }
}

/// RFC 1870 Section 4: `send_lmtp_bdat` must reject messages exceeding SIZE limit.
#[tokio::test]
async fn send_lmtp_bdat_rejects_message_exceeding_size_limit() {
    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Chunking, SmtpExtension::Size(Some(50))],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Lmtp);

    let big_message = vec![b'X'; 100];
    let result = conn
        .send_lmtp_bdat(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            &big_message,
            None,
            Duration::from_secs(1),
        )
        .await;

    assert!(
        result.is_err(),
        "send_lmtp_bdat must reject messages exceeding server SIZE limit"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("SIZE") || msg.contains("size") || msg.contains("exceeds"),
                "error should mention SIZE limit: {msg}"
            );
        }
        other => panic!("expected Protocol error for SIZE limit, got: {other:?}"),
    }
}

// ===== Pre-refactor coverage: auth and validation gaps =====

/// RFC 4954 Section 3: if the server does not advertise AUTH at all,
/// `auth_xoauth2` must reject the attempt — same as
/// `auth_plain_rejects_when_no_auth_extension` but for the XOAUTH2
/// mechanism.
#[tokio::test]
async fn auth_xoauth2_rejects_when_no_auth_extension() {
    // RFC 4954 Section 3: "An SMTP client MUST NOT use an AUTH
    // mechanism unless the name of the SASL mechanism has been
    // advertised to the client."
    //
    // Unlike auth_xoauth2_rejects_unadvertised_mechanism (which tests
    // AUTH PLAIN advertised but NOT XOAUTH2), this test verifies the
    // code path where NO AUTH extension is present at all.
    let stream = mock_server(vec![]).await;
    // No AUTH extension at all — only Pipelining.
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Pipelining],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .auth_xoauth2("user", "token", Duration::from_secs(1))
        .await;

    assert!(
        result.is_err(),
        "AUTH XOAUTH2 must be rejected when server does not advertise \
         any AUTH extension (RFC 4954 Section 3)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("XOAUTH2") || msg.contains("AUTH") || msg.contains("advertis"),
                "error should mention unadvertised mechanism: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

/// RFC 4954 Section 4: SMTP AUTH may carry an initial response
/// directly on the AUTH line, even when no legacy `SASL-IR`
/// keyword is advertised.
#[tokio::test]
async fn auth_xoauth2_uses_initial_response_without_sasl_ir() {
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = [0u8; 4096];

        // Read the AUTH command.
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0, "connection closed while waiting for AUTH");
            accumulated.extend_from_slice(&buf[..n]);
            let text = String::from_utf8_lossy(&accumulated);
            if text.contains("\r\n") {
                assert!(
                    text.starts_with("AUTH XOAUTH2 ") && !text.starts_with("AUTH XOAUTH2\r\n"),
                    "RFC 4954 Section 4: AUTH XOAUTH2 should include an \
                     initial response even without SASL-IR. Got: {text:?}"
                );
                break;
            }
        }

        // Respond with success.
        socket
            .write_all(b"235 2.7.0 Authentication successful\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Auth(vec![
            crate::types::AuthMechanism::XOAuth2,
        ])],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .auth_xoauth2("user@example.com", "ya29.token", Duration::from_secs(5))
        .await;

    assert!(result.is_ok(), "auth_xoauth2 should succeed: {result:?}");
    server.await.unwrap();
}

/// RFC 4954 Section 4 already allows AUTH XOAUTH2 to carry an
/// initial response on the AUTH line. This remains true when a
/// legacy `SASL-IR` keyword is present.
#[tokio::test]
async fn auth_xoauth2_uses_initial_response_with_sasl_ir() {
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = [0u8; 4096];

        // Read the AUTH command.
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0, "connection closed while waiting for AUTH");
            accumulated.extend_from_slice(&buf[..n]);
            let text = String::from_utf8_lossy(&accumulated);
            if text.contains("\r\n") {
                assert!(
                    text.starts_with("AUTH XOAUTH2 ") && !text.starts_with("AUTH XOAUTH2\r\n"),
                    "AUTH XOAUTH2 must include the initial response \
                     on the command line (RFC 4954 Section 4). Got: {text:?}"
                );
                break;
            }
        }

        // Respond with success.
        socket
            .write_all(b"235 2.7.0 Authentication successful\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    // Server advertises the legacy SASL-IR keyword.
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::Auth(vec![crate::types::AuthMechanism::XOAuth2]),
            SmtpExtension::SaslIr,
        ],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .auth_xoauth2("user@example.com", "ya29.token", Duration::from_secs(5))
        .await;

    assert!(result.is_ok(), "auth_xoauth2 should succeed: {result:?}");
    server.await.unwrap();
}

/// RFC 4954 Section 12: when the base64-encoded XOAUTH2 SASL string
/// exceeds 12288 octets, the two-step exchange must cancel with "*\r\n"
/// and return a Protocol error.
#[tokio::test]
async fn auth_xoauth2_two_step_rejects_overlong_token() {
    // RFC 4954 Section 12: "auth-response = *(VCHAR / '=') CRLF
    // ; maximum 12288 octets excluding CRLF"
    // When the base64-encoded XOAUTH2 SASL string exceeds 12288 octets,
    // the two-step AUTH exchange must cancel and reject it.
    // The server sends 334 (challenge), then the client cancels
    // with "*\r\n", and the server responds with 501.
    let stream = mock_server(vec!["334\r\n", "501 Authentication cancelled\r\n"]).await;

    // Generate a token long enough that the base64-encoded SASL string
    // exceeds 12288 octets.
    // SASL string = "user=<user>\x01auth=Bearer <token>\x01\x01"
    // With user = "u@x.com" (7 bytes) and prefix overhead (~22 bytes),
    // we need the token to push base64 past 12288 octets.
    // base64 expands by ~4/3, so raw > 12288*3/4 = 9216 bytes.
    // A 9200-byte token gives a SASL string of ~9230 bytes,
    // base64 of which is ~12308 octets (> 12288).
    let long_token = "t".repeat(9200);
    let user = "u@x.com";

    // Verify test setup: base64 of SASL string must exceed 12288.
    let sasl_string = format!("user={user}\x01auth=Bearer {long_token}\x01\x01");
    let encoded_len = base64::engine::general_purpose::STANDARD
        .encode(sasl_string.as_bytes())
        .len();
    assert!(
        encoded_len > 12288,
        "test setup: base64 XOAUTH2 SASL string must exceed 12288 octets, got {encoded_len}"
    );

    // The auth-response itself exceeds RFC 4954's 12288-octet limit,
    // so the test exercises the two-step error path.
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Auth(vec![
            crate::types::AuthMechanism::XOAuth2,
        ])],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .auth_xoauth2(user, &long_token, Duration::from_secs(5))
        .await;

    assert!(
        result.is_err(),
        "auth-response exceeding 12288 octets must be rejected \
         (RFC 4954 Section 12)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("12288") || msg.contains("auth-response"),
                "error should mention 12288-octet limit: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

// ── Pre-refactor lock-down: direct validation function tests ──────

// Address validation tests (formerly validate_ascii_address and
// validate_no_control_chars) are covered by the ReversePath and
// ForwardPath type constructors in the types/validated module.
// The constructors enforce RFC 5321 Section 4.1.2 mailbox syntax,
// control character rejection, angle bracket checks, and path
// length limits at construction time.

// ── RFC 3030 §3 — BDAT without BINARYMIME must enforce SMTP content rules ──

#[test]
fn bdat_rejects_bare_cr_without_binarymime() {
    // RFC 3030 Section 3: "The CHUNKING service extension does not
    // modify in any way the requirements for the content of the message."
    // RFC 5321 Section 2.3.8: bare CR (not followed by LF) is prohibited.
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Chunking, SmtpExtension::EightBitMime],
    };
    let message = b"Subject: Test\r\n\r\nHello\rWorld\r\n";
    let result = SmtpConnection::validate_bdat_prerequisites(&caps, message, None, false);
    assert!(
        result.is_err(),
        "BDAT without BINARYMIME must reject bare CR \
         (RFC 3030 Section 3 / RFC 5321 Section 2.3.8)"
    );
    let msg = format!("{}", result.unwrap_err());
    assert!(
        msg.contains("bare CR"),
        "error should mention bare CR: {msg}"
    );
}

#[test]
fn bdat_rejects_bare_lf_without_binarymime() {
    // RFC 3030 Section 3 / RFC 5321 Section 2.3.8: bare LF prohibited.
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Chunking, SmtpExtension::EightBitMime],
    };
    let message = b"Subject: Test\r\n\r\nHello\nWorld\r\n";
    let result = SmtpConnection::validate_bdat_prerequisites(&caps, message, None, false);
    assert!(
        result.is_err(),
        "BDAT without BINARYMIME must reject bare LF \
         (RFC 3030 Section 3 / RFC 5321 Section 2.3.8)"
    );
    let msg = format!("{}", result.unwrap_err());
    assert!(
        msg.contains("bare LF"),
        "error should mention bare LF: {msg}"
    );
}

#[test]
fn bdat_allows_binary_octets_with_binarymime_non_text_content() {
    // RFC 3030 Section 2: BINARYMIME preserves arbitrary octets for
    // non-text MIME content. Canonical CRLF line endings still matter
    // for text/*, so use application/octet-stream here.
    use crate::types::{BodyType, MailFromParams};
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::Chunking,
            SmtpExtension::BinaryMime,
            SmtpExtension::EightBitMime,
        ],
    };
    let message =
        b"MIME-Version: 1.0\r\nContent-Type: application/octet-stream\r\n\r\nbinary\rcontent\nwith\x00nul\r\n";
    let params = MailFromParams {
        body: Some(BodyType::BinaryMime),
        ..Default::default()
    };
    let result = SmtpConnection::validate_bdat_prerequisites(&caps, message, Some(&params), false);
    assert!(
        result.is_ok(),
        "BDAT with BINARYMIME must allow binary octets for non-text MIME \
         content (RFC 3030 Section 2): {result:?}"
    );
}

#[test]
fn bdat_binarymime_rejects_non_canonical_text_lines() {
    // RFC 3030 Section 2: even with BINARYMIME, text/* must remain
    // canonically encoded with CRLF-terminated lines.
    use crate::types::{BodyType, MailFromParams};
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::Chunking,
            SmtpExtension::BinaryMime,
            SmtpExtension::EightBitMime,
        ],
    };
    let message =
        b"MIME-Version: 1.0\r\nContent-Type: text/plain; charset=utf-8\r\n\r\nhello\nworld\r\n";
    let params = MailFromParams {
        body: Some(BodyType::BinaryMime),
        ..Default::default()
    };
    let result = SmtpConnection::validate_bdat_prerequisites(&caps, message, Some(&params), false);
    assert!(
        result.is_err(),
        "BINARYMIME must still reject bare LF in text/* content \
         (RFC 3030 Section 2)"
    );
}

#[test]
fn bdat_binarymime_rejects_non_canonical_multipart_lines() {
    // RFC 3030 Section 2 requires the MIME message itself to remain
    // properly formed. Multipart boundary lines are textual structure
    // and therefore must stay canonical CRLF, even with BINARYMIME.
    use crate::types::{BodyType, MailFromParams};
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::Chunking,
            SmtpExtension::BinaryMime,
            SmtpExtension::EightBitMime,
        ],
    };
    let message = b"MIME-Version: 1.0\r\n\
Content-Type: multipart/mixed; boundary=\"b\"\r\n\
\r\n\
--b\n\
Content-Type: text/plain\r\n\
\r\n\
hello\r\n\
--b--\r\n";
    let params = MailFromParams {
        body: Some(BodyType::BinaryMime),
        ..Default::default()
    };
    let result = SmtpConnection::validate_bdat_prerequisites(&caps, message, Some(&params), false);
    assert!(
        result.is_err(),
        "BINARYMIME must still reject non-canonical multipart lines \
         (RFC 3030 Section 2)"
    );
}

#[test]
fn bdat_binarymime_rejects_non_canonical_message_rfc822_lines() {
    // RFC 3030 Section 2 requires the MIME message itself to remain
    // properly formed. A message/rfc822 body contains nested message
    // headers and line-oriented structure that must remain canonical CRLF.
    use crate::types::{BodyType, MailFromParams};
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::Chunking,
            SmtpExtension::BinaryMime,
            SmtpExtension::EightBitMime,
        ],
    };
    let message = b"MIME-Version: 1.0\r\n\
Content-Type: message/rfc822\r\n\
\r\n\
Subject: nested\n\
\r\n\
body\r\n";
    let params = MailFromParams {
        body: Some(BodyType::BinaryMime),
        ..Default::default()
    };
    let result = SmtpConnection::validate_bdat_prerequisites(&caps, message, Some(&params), false);
    assert!(
        result.is_err(),
        "BINARYMIME must still reject non-canonical message/rfc822 lines \
         (RFC 3030 Section 2)"
    );
}

#[test]
fn bdat_rejects_long_line_without_binarymime() {
    // RFC 3030 Section 3 / RFC 5321 Section 4.5.3.1.6: text line
    // length limit (1000 octets including CRLF) applies even for BDAT
    // without BINARYMIME.
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Chunking, SmtpExtension::EightBitMime],
    };
    // 999 bytes of content + CRLF = 1001 octets, exceeds 1000 limit.
    let mut message = Vec::new();
    message.extend_from_slice(b"Subject: Test\r\n\r\n");
    message.extend(std::iter::repeat(b'X').take(999));
    message.extend_from_slice(b"\r\n");
    let result = SmtpConnection::validate_bdat_prerequisites(&caps, &message, None, false);
    assert!(
        result.is_err(),
        "BDAT without BINARYMIME must reject lines exceeding 1000 octets \
         (RFC 3030 Section 3 / RFC 5321 Section 4.5.3.1.6)"
    );
    let msg = format!("{}", result.unwrap_err());
    assert!(
        msg.contains("1000") || msg.contains("line"),
        "error should mention line length limit: {msg}"
    );
}

#[test]
fn bdat_allows_long_line_with_binarymime_non_text_content() {
    // RFC 3030 Section 2: non-text MIME content can use arbitrary octets
    // and is not constrained by canonical text line endings.
    use crate::types::{BodyType, MailFromParams};
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::Chunking,
            SmtpExtension::BinaryMime,
            SmtpExtension::EightBitMime,
        ],
    };
    let mut message = Vec::new();
    message
        .extend_from_slice(b"MIME-Version: 1.0\r\nContent-Type: application/octet-stream\r\n\r\n");
    message.extend(std::iter::repeat(b'X').take(2000));
    let params = MailFromParams {
        body: Some(BodyType::BinaryMime),
        ..Default::default()
    };
    let result = SmtpConnection::validate_bdat_prerequisites(&caps, &message, Some(&params), false);
    assert!(
        result.is_ok(),
        "BDAT with BINARYMIME must allow long non-text octet runs \
         (RFC 3030 Section 2): {result:?}"
    );
}

#[test]
fn bdat_valid_crlf_content_passes_without_binarymime() {
    // Well-formed content with proper CRLF must pass BDAT validation.
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Chunking, SmtpExtension::EightBitMime],
    };
    let message = b"Subject: Test\r\n\r\nHello World\r\n";
    let result = SmtpConnection::validate_bdat_prerequisites(&caps, message, None, false);
    assert!(
        result.is_ok(),
        "well-formed BDAT content must pass validation: {result:?}"
    );
}

// ── RFC 6531 §3.4 — SMTPUTF8 requires 8BITMIME support ─────────────

#[tokio::test]
async fn validate_params_rejects_smtputf8_without_8bitmime() {
    // RFC 6531 Section 3.4: "The SMTPUTF8 option MUST NOT be used if
    // the server is unable to handle the mail body, as may be the case
    // when the '8BITMIME' service extension is not offered."
    //
    // A buggy server might advertise SMTPUTF8 without 8BITMIME (violating
    // RFC 6531 Section 3.2). The client must guard against this.
    use crate::types::MailFromParams;

    let stream = mock_server(vec![]).await;
    // Server advertises SMTPUTF8 but NOT 8BITMIME.
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::SmtpUtf8],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        smtputf8: true,
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;

    assert!(
        result.is_err(),
        "RFC 6531 Section 3.4: SMTPUTF8 must be rejected when the server \
         does not advertise 8BITMIME"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("8BITMIME"),
                "error must mention 8BITMIME requirement: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

#[tokio::test]
async fn validate_params_accepts_smtputf8_with_8bitmime() {
    // RFC 6531 Section 3.2: a compliant SMTPUTF8 server MUST support
    // 8BITMIME. When both are advertised, SMTPUTF8 must be accepted.
    use crate::types::MailFromParams;

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::SmtpUtf8, SmtpExtension::EightBitMime],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        smtputf8: true,
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;

    assert!(
        result.is_ok(),
        "RFC 6531 Section 3.2: SMTPUTF8 with 8BITMIME must be accepted. \
         Got error: {:?}",
        result.unwrap_err()
    );
}

#[tokio::test]
async fn validate_params_rejects_smtputf8_with_binarymime_without_8bitmime() {
    // RFC 6531 Section 3.2 requires SMTPUTF8-capable servers to
    // advertise 8BITMIME. BINARYMIME alone is not a substitute.
    use crate::types::MailFromParams;

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::SmtpUtf8,
            SmtpExtension::BinaryMime,
            SmtpExtension::Chunking,
        ],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        smtputf8: true,
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;

    assert!(
        result.is_err(),
        "SMTPUTF8 must be rejected when the server omits 8BITMIME, even if it advertises BINARYMIME"
    );
}

// ── RFC 6531 §3.4 — SMTPUTF8 requires BODY=8BITMIME ─────────────────

#[tokio::test]
async fn validate_params_rejects_smtputf8_with_body_7bit() {
    // RFC 6531 Section 3.6: SMTPUTF8 MAY be used with BODY=8BITMIME
    // or BODY=BINARYMIME, but NOT with BODY=7BIT.
    //
    // BODY=7BIT is incompatible with SMTPUTF8 — the client must not
    // declare 7-bit content when using internationalized addresses,
    // because SMTPUTF8 implies non-ASCII headers.
    use crate::types::{BodyType, MailFromParams};

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::SmtpUtf8, SmtpExtension::EightBitMime],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        smtputf8: true,
        body: Some(BodyType::SevenBit),
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;

    assert!(
        result.is_err(),
        "RFC 6531 Section 3.4: SMTPUTF8 + BODY=7BIT must be rejected; \
         SMTPUTF8 requires BODY=8BITMIME"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("SMTPUTF8") && msg.contains("7BIT"),
                "error must mention SMTPUTF8 and 7BIT: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

/// RFC 6531 Section 3.6: SMTPUTF8 + BODY=8BITMIME is the baseline
/// valid combination. Both BODY=8BITMIME and BODY=BINARYMIME are
/// acceptable (see `validate_params_accepts_smtputf8_with_body_binarymime`).
#[tokio::test]
async fn validate_params_accepts_smtputf8_with_body_8bitmime() {
    use crate::types::{BodyType, MailFromParams};

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::SmtpUtf8, SmtpExtension::EightBitMime],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        smtputf8: true,
        body: Some(BodyType::EightBitMime),
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;

    assert!(
        result.is_ok(),
        "RFC 6531 Section 3.6: SMTPUTF8 + BODY=8BITMIME is valid; \
         got error: {result:?}"
    );
}

/// RFC 6531 Section 3.6: SMTPUTF8 MAY be used with BODY=BINARYMIME
/// when the server advertises BINARYMIME (RFC 3030).
///
/// Regression: `validate_smtputf8_body()` incorrectly rejected
/// BODY=BINARYMIME with SMTPUTF8, citing a misreading of RFC 6531
/// §3.4. The actual text (§3.6) explicitly lists both 8BITMIME and
/// BINARYMIME as valid BODY parameters when SMTPUTF8 is used.
#[tokio::test]
async fn validate_params_accepts_smtputf8_with_body_binarymime() {
    use crate::types::{BodyType, MailFromParams};

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::SmtpUtf8,
            SmtpExtension::BinaryMime,
            SmtpExtension::Chunking,
            SmtpExtension::EightBitMime,
        ],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        smtputf8: true,
        body: Some(BodyType::BinaryMime),
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;

    assert!(
        result.is_ok(),
        "RFC 6531 Section 3.6: SMTPUTF8 + BODY=BINARYMIME is valid \
         when the server advertises BINARYMIME; got error: {result:?}"
    );
}

// ── RFC 5321 §2.2.1 — ESMTP params require server capability ───────

#[tokio::test]
async fn validate_params_rejects_requiretls_without_capability() {
    // RFC 8689 Section 3: REQUIRETLS parameter requires server
    // REQUIRETLS support (RFC 5321 Section 2.2.1).
    use crate::types::MailFromParams;

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::EightBitMime],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        requiretls: true,
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;
    assert!(
        result.is_err(),
        "REQUIRETLS without server support must be rejected (RFC 8689 / RFC 5321 Section 2.2.1)"
    );
}

#[tokio::test]
async fn validate_params_rejects_requiretls_on_plain_connection() {
    // RFC 8689 Section 3: "the SMTP session used to send a given
    // message MUST itself be TLS-protected."  Even when the server
    // advertises REQUIRETLS, using it over a plain-text connection
    // must be rejected.
    use crate::types::MailFromParams;

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::RequireTls],
    };
    // from_plain creates an unencrypted connection.
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        requiretls: true,
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;
    assert!(
        result.is_err(),
        "REQUIRETLS on a plain (non-TLS) connection must be rejected (RFC 8689 Section 3)"
    );
}

#[tokio::test]
async fn validate_params_rejects_dsn_ret_without_capability() {
    // RFC 3461 Section 4.3: RET parameter requires DSN extension.
    use crate::types::{DsnRet, MailFromParams};

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::EightBitMime],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        ret: Some(DsnRet::Full),
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;
    assert!(
        result.is_err(),
        "DSN RET without server DSN support must be rejected (RFC 3461 / RFC 5321 Section 2.2.1)"
    );
}

#[tokio::test]
async fn validate_params_rejects_envid_without_capability() {
    // RFC 3461 Section 4.4: ENVID parameter requires DSN extension.
    use crate::types::MailFromParams;

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::EightBitMime],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        envid: Some(crate::types::EnvidValue::new("test-id").unwrap()),
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;
    assert!(
        result.is_err(),
        "DSN ENVID without server DSN support must be rejected (RFC 3461 / RFC 5321 Section 2.2.1)"
    );
}

#[tokio::test]
async fn validate_params_rejects_auth_without_capability() {
    // RFC 4954 Section 5 / RFC 5321 Section 2.2.1: the AUTH MAIL FROM
    // parameter is an SMTP service extension and must not be used unless
    // the server advertises AUTH.
    use crate::types::{MailFromParams, Mailbox, SmtpAuthParam};

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::EightBitMime],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        auth: Some(SmtpAuthParam::Mailbox(
            Mailbox::new("submitter@example.com").unwrap(),
        )),
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;
    assert!(
        result.is_err(),
        "MAIL FROM AUTH=... must be rejected unless the server advertises AUTH (RFC 4954 Section 5)"
    );
}

#[tokio::test]
async fn validate_params_rejects_empty_auth_mailbox() {
    // RFC 4954 Section 8: the decoded AUTH xtext must be either a mailbox
    // or the literal "<>". The Mailbox newtype now prevents empty strings,
    // so this test verifies the Mailbox constructor rejects empty.
    assert!(
        crate::types::Mailbox::new("").is_err(),
        "MAIL FROM AUTH= with an empty mailbox must be rejected (RFC 4954 Section 8)"
    );
}

#[tokio::test]
async fn validate_params_rejects_holdfor_without_capability() {
    // RFC 4865 Section 5: HOLDFOR requires FUTURERELEASE extension.
    use crate::types::MailFromParams;

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::EightBitMime],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        hold_for: Some(3600),
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;
    assert!(
        result.is_err(),
        "HOLDFOR without server FUTURERELEASE support must be rejected (RFC 4865 / RFC 5321 Section 2.2.1)"
    );
}

#[tokio::test]
async fn validate_params_rejects_holduntil_without_capability() {
    // RFC 4865 Section 5: HOLDUNTIL requires FUTURERELEASE extension.
    use crate::types::MailFromParams;

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::EightBitMime],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        hold_until: Some("2026-01-01T00:00:00Z".into()),
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;
    assert!(
        result.is_err(),
        "HOLDUNTIL without server FUTURERELEASE support must be rejected (RFC 4865 / RFC 5321 Section 2.2.1)"
    );
}

#[tokio::test]
async fn validate_params_rejects_holdfor_and_holduntil_both_set() {
    // RFC 4865 Section 5: HOLDFOR and HOLDUNTIL are mutually exclusive.
    // A client MUST NOT set both on the same MAIL FROM command.
    use crate::types::MailFromParams;

    let stream = mock_server(vec![]).await;
    // Server advertises FUTURERELEASE so the individual params would
    // be valid — but both together must still be rejected.
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::EightBitMime,
            SmtpExtension::FutureRelease {
                max_interval: None,
                max_datetime: None,
            },
        ],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        hold_for: Some(3600),
        hold_until: Some("2026-01-01T00:00:00Z".into()),
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;
    assert!(
        result.is_err(),
        "HOLDFOR and HOLDUNTIL together must be rejected (RFC 4865 Section 5)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("HOLDFOR") && msg.contains("HOLDUNTIL"),
                "error must mention both HOLDFOR and HOLDUNTIL: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

#[tokio::test]
async fn validate_params_rejects_deliverby_without_capability() {
    // RFC 2852 Section 3: DELIVERBY parameter requires DELIVERBY extension.
    use crate::types::{DeliverBy, DeliverByMode, MailFromParams};

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::EightBitMime],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        deliver_by: Some(DeliverBy {
            seconds: 3600,
            mode: DeliverByMode::Return,
            trace: false,
        }),
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;
    assert!(
        result.is_err(),
        "DELIVERBY without server DELIVERBY support must be rejected (RFC 2852 / RFC 5321 Section 2.2.1)"
    );
}

#[tokio::test]
async fn validate_params_rejects_mt_priority_without_capability() {
    // RFC 6758 Section 4: MT-PRIORITY requires MT-PRIORITY extension.
    use crate::types::MailFromParams;

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::EightBitMime],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        mt_priority: Some(3),
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;
    assert!(
        result.is_err(),
        "MT-PRIORITY without server support must be rejected (RFC 6758 / RFC 5321 Section 2.2.1)"
    );
}

#[tokio::test]
async fn validate_params_rejects_mt_priority_out_of_range() {
    // RFC 6758 Section 4: priority values range from -9 to 9 (the full
    // STANAG 4406 range). Values outside this range must be rejected.
    use crate::types::MailFromParams;

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::MtPriority],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    // -10 is below the valid range (-9..=9)
    let params = MailFromParams {
        mt_priority: Some(-10),
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;
    assert!(
        result.is_err(),
        "MT-PRIORITY value -10 is below the valid range and must be rejected (RFC 6758 Section 4)"
    );

    // +10 is above the valid range (-9..=9)
    let stream2 = mock_server(vec![]).await;
    let caps2 = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::MtPriority],
    };
    let conn2 = SmtpConnection::from_plain(stream2, caps2, Protocol::Smtp);

    let params2 = MailFromParams {
        mt_priority: Some(10),
        ..Default::default()
    };
    let result2 = conn2.validate_params_public(Some(&params2)).await;
    assert!(
        result2.is_err(),
        "MT-PRIORITY value 10 is above the valid range and must be rejected (RFC 6758 Section 4)"
    );

    // Boundary values -9 and +9 must be accepted.
    let stream3 = mock_server(vec![]).await;
    let caps3 = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::MtPriority],
    };
    let conn3 = SmtpConnection::from_plain(stream3, caps3, Protocol::Smtp);

    let params3 = MailFromParams {
        mt_priority: Some(-9),
        ..Default::default()
    };
    assert!(
        conn3.validate_params_public(Some(&params3)).await.is_ok(),
        "MT-PRIORITY value -9 is the lower bound and must be accepted (RFC 6758 Section 4)"
    );

    let stream4 = mock_server(vec![]).await;
    let caps4 = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::MtPriority],
    };
    let conn4 = SmtpConnection::from_plain(stream4, caps4, Protocol::Smtp);

    let params4 = MailFromParams {
        mt_priority: Some(9),
        ..Default::default()
    };
    assert!(
        conn4.validate_params_public(Some(&params4)).await.is_ok(),
        "MT-PRIORITY value 9 is the upper bound and must be accepted (RFC 6758 Section 4)"
    );
}

#[tokio::test]
async fn validate_params_accepts_full_mt_priority_range() {
    // RFC 6758 Section 4: the MT-PRIORITY parameter value is defined as
    // an integer from -9 to 9 (the full STANAG 4406 range). The connection
    // validator must accept all values in this range.
    use crate::types::MailFromParams;

    for value in [-9, -6, 0, 5, 9] {
        let stream = mock_server(vec![]).await;
        let caps = ServerCapabilities {
            greeting_name: "test".into(),
            extensions: vec![SmtpExtension::MtPriority],
        };
        let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

        let params = MailFromParams {
            mt_priority: Some(value),
            ..Default::default()
        };
        assert!(
            conn.validate_params_public(Some(&params)).await.is_ok(),
            "MT-PRIORITY value {value} is within -9..=9 and must be accepted (RFC 6758 Section 4)"
        );
    }
}

#[tokio::test]
async fn validate_params_rejects_mt_priority_outside_full_range() {
    // RFC 6758 Section 4: values outside -9..=9 must be rejected.
    use crate::types::MailFromParams;

    for value in [-10, 10] {
        let stream = mock_server(vec![]).await;
        let caps = ServerCapabilities {
            greeting_name: "test".into(),
            extensions: vec![SmtpExtension::MtPriority],
        };
        let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

        let params = MailFromParams {
            mt_priority: Some(value),
            ..Default::default()
        };
        let result = conn.validate_params_public(Some(&params)).await;
        assert!(
            result.is_err(),
            "MT-PRIORITY value {value} is outside -9..=9 and must be rejected (RFC 6758 Section 4)"
        );
    }
}

#[tokio::test]
async fn smtputf8_auto_adds_body_8bitmime_for_7bit_message() {
    // RFC 6531 Section 3.4: "If the SMTPUTF8 MAIL FROM parameter is
    // used, the BODY parameter (RFC 6152) MUST also be used, with a
    // value of '8BITMIME'."
    //
    // When the caller sets smtputf8=true but does not set a BODY
    // parameter, BODY=8BITMIME must be auto-added — even when the
    // message content itself is 7-bit ASCII (internationalized
    // addresses/headers still require 8-bit transport).
    use crate::types::MailFromParams;
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = vec![0u8; 4096];

        // Wait for MAIL FROM and verify BODY=8BITMIME is present.
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0);
            accumulated.extend_from_slice(&buf[..n]);
            let text = String::from_utf8_lossy(&accumulated);
            if text.contains("MAIL FROM:") {
                assert!(
                    text.contains("BODY=8BITMIME"),
                    "RFC 6531 Section 3.4: MAIL FROM with SMTPUTF8 must \
                     include BODY=8BITMIME even for 7-bit message. Got: {text}"
                );
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // RCPT TO.
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("RCPT TO:") {
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // DATA.
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("DATA") {
                break;
            }
        }
        socket.write_all(b"354 Start\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // Terminator.
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("\r\n.\r\n") {
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::SmtpUtf8, SmtpExtension::EightBitMime],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    // Pure 7-bit ASCII message with SMTPUTF8 but no explicit BODY param.
    let params = MailFromParams {
        smtputf8: true,
        ..Default::default()
    };
    let result = conn
        .send_with_params(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello\r\n",
            Some(&params),
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_ok(), "send failed: {result:?}");
    server.await.unwrap();
}

// ── RFC 4954 §3 — re-authentication must be rejected ────────────

#[tokio::test]
async fn auth_rejects_second_auth_after_success() {
    // RFC 4954 Section 3: "After an AUTH command has been successfully
    // completed, no more AUTH commands may be issued in the same
    // session."  The client MUST reject a second AUTH attempt
    // client-side without sending it to the server.
    let stream = mock_interactive_server(vec![
        // First AUTH: server accepts (235 success).
        ("AUTH", "235 2.7.0 Authentication successful\r\n"),
    ])
    .await;

    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::Auth(vec![crate::types::AuthMechanism::Plain]),
            SmtpExtension::SaslIr,
        ],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    // First auth should succeed.
    let result = conn
        .auth_plain("user", "pass", Duration::from_secs(5))
        .await;
    assert!(result.is_ok(), "first auth should succeed: {result:?}");

    // Second auth MUST be rejected client-side (RFC 4954 Section 3).
    let result = conn
        .auth_plain("user2", "pass2", Duration::from_secs(5))
        .await;
    assert!(
        result.is_err(),
        "second auth must be rejected (RFC 4954 Section 3)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(msg.contains("RFC 4954"), "error must cite RFC 4954: {msg}");
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

#[tokio::test]
async fn auth_xoauth2_rejects_second_auth_after_success() {
    // RFC 4954 Section 3: same prohibition applies to XOAUTH2.
    let stream =
        mock_interactive_server(vec![("AUTH", "235 2.7.0 Authentication successful\r\n")]).await;

    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::Auth(vec![
                crate::types::AuthMechanism::Plain,
                crate::types::AuthMechanism::XOAuth2,
            ]),
            SmtpExtension::SaslIr,
        ],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    // First auth (PLAIN) succeeds.
    let result = conn
        .auth_plain("user", "pass", Duration::from_secs(5))
        .await;
    assert!(result.is_ok(), "first auth should succeed: {result:?}");

    // Second auth (XOAUTH2) must be rejected — same session.
    let result = conn
        .auth_xoauth2("user", "token", Duration::from_secs(5))
        .await;
    assert!(
        result.is_err(),
        "second auth (different mechanism) must also be rejected \
         (RFC 4954 Section 3)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(msg.contains("RFC 4954"), "error must cite RFC 4954: {msg}");
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

/// RFC 4954 Section 6: a non-235 2xx response to AUTH is a server
/// protocol violation and must return `Error::Protocol`, not `Error::Auth`.
/// The `authenticated` flag must NOT be set.
#[tokio::test]
async fn handle_auth_response_non_235_success_returns_protocol_error() {
    let stream = mock_server(vec!["250 2.0.0 OK\r\n"]).await;

    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let mut inner = conn.inner.lock().await;
    let result = SmtpConnection::handle_auth_response(&mut inner, b"*\r\n").await;
    assert!(
        result.is_err(),
        "non-235 success must be an error: {result:?}"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(msg.contains("RFC 4954"), "error must cite RFC 4954: {msg}");
            assert!(
                msg.contains("250"),
                "error must include the offending code: {msg}"
            );
        }
        other => panic!("expected Protocol error for non-235 2xx, got: {other:?}"),
    }

    let authenticated = inner.authenticated;
    drop(inner);
    assert!(
        !authenticated,
        "authenticated must remain false for non-235 success \
         (RFC 4954 Section 6)"
    );
}

// ── RFC 4954 §3 — handle_auth_response sets authenticated flag ──────

#[tokio::test]
async fn handle_auth_response_sets_authenticated_on_235() {
    // Regression test: `handle_auth_response` must centrally set
    // `inner.authenticated = true` when the server responds with 235.
    // This prevents RFC 4954 Section 3 violations ("After an AUTH command
    // has been successfully completed, no more AUTH commands may be issued
    // in the same session.") if a new auth method forgets the manual flag.
    let stream = mock_server(vec!["235 2.7.0 Authentication successful\r\n"]).await;

    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let mut inner = conn.inner.lock().await;
    assert!(
        !inner.authenticated,
        "test setup: authenticated must start false"
    );

    let result = SmtpConnection::handle_auth_response(&mut inner, b"*\r\n").await;
    assert!(
        result.is_ok(),
        "handle_auth_response should succeed on 235: {result:?}"
    );

    // The critical assertion: `handle_auth_response` must have set the
    // authenticated flag so the RFC 4954 Section 3 guard fires for any
    // subsequent AUTH attempt, regardless of which auth method was used.
    let authenticated = inner.authenticated;
    drop(inner);
    assert!(
        authenticated,
        "handle_auth_response must set authenticated = true on 235 \
         (RFC 4954 Section 3: centralize the flag to prevent omission \
         in new auth methods)"
    );
}

// ── RFC 6152 §3 — do not auto-declare BODY=8BITMIME without 8BITMIME ─

#[test]
fn auto_body_8bitmime_with_binarymime_only_no_params() {
    // RFC 6152 Section 3: "When a client SMTP transmits a message body
    // consisting of 8bit data to a server SMTP, it must also transmit a
    // BODY=8BITMIME parameter on the MAIL FROM command."
    //
    // When the server advertises only BINARYMIME (not explicit 8BITMIME),
    // the client must NOT auto-declare BODY=8BITMIME for DATA.
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::BinaryMime, SmtpExtension::Chunking],
    };
    // Message containing 8-bit content (UTF-8 "Café")
    let message = b"Subject: Test\r\n\r\nCaf\xc3\xa9\r\n";
    let is_8bit = SmtpConnection::message_contains_8bit(message);
    assert!(is_8bit, "test setup: message must contain 8-bit content");

    let rp_val = ReversePath::new("sender@example.com").unwrap();
    let mut buf = BytesMut::new();
    SmtpConnection::encode_mail_from_cmd(&caps, &mut buf, &rp_val, message.len(), None, is_8bit)
        .unwrap();

    let cmd = String::from_utf8_lossy(&buf);
    assert!(
        !cmd.contains("BODY=8BITMIME"),
        "RFC 6152 Section 3: MAIL FROM must not auto-add BODY=8BITMIME \
         when the server omits the 8BITMIME keyword. Got: {cmd}"
    );
}

#[test]
fn auto_body_8bitmime_with_binarymime_only_with_params() {
    // Same as above but with explicit MailFromParams (body=None).
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::BinaryMime, SmtpExtension::Chunking],
    };
    let message = b"Subject: Test\r\n\r\nCaf\xc3\xa9\r\n";
    let is_8bit = SmtpConnection::message_contains_8bit(message);

    let params = crate::types::MailFromParams {
        body: None,
        smtputf8: false,
        size: None,
        ..Default::default()
    };

    let rp_val = ReversePath::new("sender@example.com").unwrap();
    let mut buf = BytesMut::new();
    SmtpConnection::encode_mail_from_cmd(
        &caps,
        &mut buf,
        &rp_val,
        message.len(),
        Some(&params),
        is_8bit,
    )
    .unwrap();

    let cmd = String::from_utf8_lossy(&buf);
    assert!(
        !cmd.contains("BODY=8BITMIME"),
        "RFC 6152 Section 3: MAIL FROM must not auto-add BODY=8BITMIME \
         when the server omits the 8BITMIME keyword, even with explicit params. \
         Got: {cmd}"
    );
}

// ── RFC 1870 §4 / RFC 6152 §7 / RFC 6531 §3.4 — MAIL FROM line limit

#[test]
fn mail_from_line_limit_accounts_for_all_esmtp_extensions() {
    // RFC 5321 Section 4.5.3.1.4: base command line limit is 512.
    // ESMTP extensions increase the MAIL FROM limit:
    //   RFC 1870 Section 4: +26 for SIZE keyword and value
    //   RFC 6152 Section 7: +17 for BODY= parameter
    //   RFC 6531 Section 3.4: +10 for SMTPUTF8 keyword
    //   RFC 8689 Section 3: +11 for REQUIRETLS keyword
    //   RFC 3461 Section 4.3/4.4: +109 for RET= and ENVID= params
    //   RFC 4865 Section 5: +34 for HOLDFOR= or HOLDUNTIL= params
    //   RFC 2852 Section 4: +17 for BY= parameter
    //   RFC 6758 Section 4: +16 for MT-PRIORITY= parameter
    //   RFC 4954 Section 3: +500 for AUTH= submitter identity
    // Compile-time guarantees: MAIL FROM limit must account for all
    // ESMTP extensions and exceed the base 512-octet command limit.
    const {
        assert!(SmtpConnection::SMTP_MAX_MAIL_FROM_LINE >= 1252);
        assert!(SmtpConnection::SMTP_MAX_MAIL_FROM_LINE > SmtpConnection::SMTP_MAX_COMMAND_LINE,);
    }
}

#[test]
fn mail_from_line_limit_matches_registered_extension_budget() {
    // RFC 4954 Section 3 adds 500 octets for AUTH=.
    // RFC 4865 Section 5 adds 34 octets for HOLDFOR/HOLDUNTIL.
    // With the currently supported MAIL FROM extensions, the exact
    // client-side limit is therefore 1252 octets.
    assert!(
        SmtpConnection::validate_mail_from_line_length(1252).is_ok(),
        "MAIL FROM at the RFC-extended 1252-octet limit must pass"
    );
    assert!(
        SmtpConnection::validate_mail_from_line_length(1253).is_err(),
        "MAIL FROM above the RFC-extended 1252-octet limit must fail"
    );
}

#[test]
fn mail_from_line_length_validation_uses_extended_limit() {
    // A 600-byte MAIL FROM command line is within the ESMTP-extended
    // limit since multiple extensions (SIZE, BODY, SMTPUTF8, REQUIRETLS,
    // DSN, FUTURERELEASE, DELIVERBY, MT-PRIORITY) can all be present.
    assert!(
        SmtpConnection::validate_mail_from_line_length(600).is_ok(),
        "600-byte MAIL FROM must be within the extended limit"
    );
    let limit = SmtpConnection::SMTP_MAX_MAIL_FROM_LINE;
    assert!(
        SmtpConnection::validate_mail_from_line_length(limit).is_ok(),
        "line at exactly the limit must pass"
    );
    assert!(
        SmtpConnection::validate_mail_from_line_length(limit + 1).is_err(),
        "line exceeding the limit must fail"
    );
    // Contrast: a 520-byte RCPT TO should still fail the base 512 limit.
    assert!(
        SmtpConnection::validate_command_line_length(520, "RCPT TO").is_err(),
        "520-byte RCPT TO must exceed base 512 limit"
    );
}

// ── RFC 3461 §5 — RCPT TO DSN line length limit ────────────────────

#[test]
fn rcpt_to_dsn_line_length_uses_extended_limit() {
    // RFC 3461 Section 5: when DSN parameters (NOTIFY, ORCPT) are
    // present, the RCPT TO line limit increases by 500 octets (to 1012).
    // A 600-byte RCPT TO line with DSN params must be accepted.
    assert!(
        SmtpConnection::validate_rcpt_to_line_length(600, true).is_ok(),
        "600-byte RCPT TO with DSN params must be within the extended 1012 limit \
         (RFC 3461 Section 5)"
    );
    // At exactly the DSN limit (1012) — must pass.
    assert!(
        SmtpConnection::validate_rcpt_to_line_length(1012, true).is_ok(),
        "1012-byte RCPT TO with DSN params must be at the limit"
    );
    // One byte over the DSN limit — must fail.
    assert!(
        SmtpConnection::validate_rcpt_to_line_length(1013, true).is_err(),
        "1013-byte RCPT TO with DSN params must exceed the limit"
    );
    // Without DSN params, the base 512 limit still applies.
    assert!(
        SmtpConnection::validate_rcpt_to_line_length(512, false).is_ok(),
        "512-byte RCPT TO without DSN params must be at the base limit"
    );
    assert!(
        SmtpConnection::validate_rcpt_to_line_length(513, false).is_err(),
        "513-byte RCPT TO without DSN params must exceed the base limit"
    );
}

// ── RFC 1870 §5 — SIZE must use raw message size ───────────────────

#[test]
fn data_message_size_uses_raw_size_not_dot_stuffed() {
    // RFC 1870 Section 5: "The message size is defined as the number
    // of octets, including CR-LF pairs, but not the SMTP DATA
    // command's terminating dot or doubled quoting dots."
    // data_message_size must return the raw message size, not the
    // dot-stuffed wire size.
    let message = b".line1\r\n.line2\r\n";
    let size = SmtpConnection::data_message_size(message);
    let raw_len = message.len();
    assert_eq!(
        size, raw_len,
        "RFC 1870 Section 5: SIZE must be the raw message size \
         ({raw_len}), not the dot-stuffed size. Got: {size}",
    );
}

// ── RFC 1870 §5 — SIZE must NOT include dot-stuffing overhead ─────

#[test]
fn data_message_size_excludes_dot_stuffing() {
    // RFC 1870 Section 5: "The message size is defined as the number
    // of octets, including CR-LF pairs, but not the SMTP DATA
    // command's terminating dot or doubled quoting dots."
    // The SIZE parameter must use the raw message size, NOT the
    // dot-stuffed wire size. Dot-stuffing is SMTP transfer encoding
    // and is explicitly excluded by the RFC.
    let message = b"Subject: Test\r\n\r\n.line1\r\n.line2\r\n";
    let raw_len = message.len(); // 38 bytes
    let dot_stuffed_len = crate::codec::encode::dot_stuff(message).len(); // 40 bytes
    assert!(
        dot_stuffed_len > raw_len,
        "test setup: stuffed size ({dot_stuffed_len}) must exceed \
         raw size ({raw_len})"
    );

    let size = SmtpConnection::data_message_size(message);
    // Message ends with CRLF, so no implicit CRLF added.
    assert_eq!(
        size, raw_len,
        "RFC 1870 Section 5: SIZE must be the raw message size \
         ({raw_len}), not the dot-stuffed size ({dot_stuffed_len}). \
         Got: {size}"
    );
}

// ── RFC 4954 §4 — zero-length SASL initial response must use "=" ──

#[tokio::test]
async fn auth_sasl_ir_zero_length_initial_response_sends_equals() {
    // RFC 4954 Section 4: "If the client is transmitting an initial
    // response of zero length, it MUST instead transmit the response
    // as a single equals sign ('=').  This indicates that the response
    // is present, but is a zero-length string."
    //
    // When auth_send_with_initial_response is called with empty encoded
    // credentials, the command must be "AUTH <mechanism> =\r\n", not
    // "AUTH <mechanism> \r\n".
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = [0u8; 4096];

        // Read the AUTH command from the client.
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0, "connection closed before reading AUTH command");
            accumulated.extend_from_slice(&buf[..n]);
            if accumulated.windows(2).any(|w| w == b"\r\n") {
                break;
            }
        }

        let auth_line = String::from_utf8_lossy(&accumulated);

        // RFC 4954 Section 4: zero-length initial response MUST be "=".
        // The command must be "AUTH PLAIN =\r\n", NOT "AUTH PLAIN \r\n".
        assert!(
            auth_line.starts_with("AUTH PLAIN =\r\n"),
            "RFC 4954 Section 4: zero-length initial response must be '='; \
             expected 'AUTH PLAIN =\\r\\n', got: {auth_line:?}",
        );

        // Send 235 success.
        socket
            .write_all(b"235 2.7.0 Authentication successful\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::Auth(vec![crate::types::AuthMechanism::Plain]),
            SmtpExtension::SaslIr,
        ],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    // Call auth_send_with_initial_response with empty credentials via the
    // internal test pathway. We use from_plain with a legacy SASL-IR and
    // PLAIN advertised, then call the method directly through
    // the public auth_plain interface — but auth_plain validates
    // non-empty user/pass, so we test the internal method instead.
    //
    // Since auth_send_with_initial_response is private, we test through
    // a minimal wrapper that sends AUTH with empty credentials.
    let result = {
        let mut inner = conn.inner.lock().await;
        SmtpConnection::auth_send_with_initial_response(
            &mut inner, "PLAIN", "", // zero-length initial response
            b"*\r\n",
        )
        .await
    };

    assert!(
        result.is_ok(),
        "auth with empty credentials should succeed: {result:?}"
    );
    server.await.unwrap();
}

#[tokio::test]
async fn auth_two_step_zero_length_response_sends_equals() {
    // RFC 4954 Section 4: "Note that the [BASE64] encoding of a
    // zero-length client answer is '='." When sending credentials
    // in the two-step exchange (after 334 challenge), an empty
    // response must be sent as "=\r\n", not "\r\n".
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = [0u8; 4096];

        // Read the AUTH command (two-step: no initial response).
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0);
            accumulated.extend_from_slice(&buf[..n]);
            if accumulated.windows(2).any(|w| w == b"\r\n") {
                break;
            }
        }

        let auth_line = String::from_utf8_lossy(&accumulated);
        assert!(
            auth_line.starts_with("AUTH PLAIN\r\n"),
            "expected two-step AUTH command, got: {auth_line:?}",
        );

        // Send 334 server challenge.
        socket.write_all(b"334\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // Read the credentials line from the client.
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0, "connection closed before reading credentials");
            accumulated.extend_from_slice(&buf[..n]);
            if accumulated.windows(2).any(|w| w == b"\r\n") {
                break;
            }
        }

        let cred_line = String::from_utf8_lossy(&accumulated);

        // RFC 4954 Section 4: zero-length response must be "=\r\n".
        assert_eq!(
            cred_line.as_ref(),
            "=\r\n",
            "RFC 4954 Section 4: zero-length response in two-step \
             exchange must be '=\\r\\n', got: {cred_line:?}",
        );

        // Send 235 success.
        socket
            .write_all(b"235 2.7.0 Authentication successful\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    // Minimal AUTH capabilities are sufficient because the test calls
    // the shared two-step helper directly.
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Auth(vec![
            crate::types::AuthMechanism::Plain,
        ])],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = {
        let mut inner = conn.inner.lock().await;
        SmtpConnection::auth_two_step(&mut inner, "PLAIN", "", b"*\r\n").await
    };

    assert!(
        result.is_ok(),
        "auth two-step with empty credentials should succeed: {result:?}"
    );
    server.await.unwrap();
}

// -------------------------------------------------------------------
// send_with_all_params — RFC 3461 per-recipient DSN parameters
// -------------------------------------------------------------------

#[tokio::test]
async fn send_with_all_params_rcpt_params_length_mismatch_returns_error() {
    // RFC 3461 Sections 4.1–4.2: rcpt_params must match recipients.
    use crate::types::RcptToParams;

    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let rcpt_params = vec![RcptToParams::default()]; // 1 params, 2 recipients
    let result = conn
        .send_with_all_params(
            &ReversePath::new("sender@example.com").unwrap(),
            &[
                ForwardPath::new("a@example.com").unwrap(),
                ForwardPath::new("b@example.com").unwrap(),
            ],
            b"Subject: Test\r\n\r\nHello\r\n",
            None,
            &rcpt_params,
            Duration::from_secs(1),
        )
        .await;

    assert!(result.is_err(), "expected error for length mismatch");
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("rcpt_params length") && msg.contains("recipients length"),
                "error must describe the mismatch: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

#[tokio::test]
async fn send_with_all_params_on_lmtp_returns_protocol_error() {
    // RFC 2033 Section 4.2: LMTP requires per-recipient responses.
    use crate::types::RcptToParams;

    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Lmtp);

    let rcpt_params = vec![RcptToParams::default()];
    let result = conn
        .send_with_all_params(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("a@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello\r\n",
            None,
            &rcpt_params,
            Duration::from_secs(1),
        )
        .await;

    assert!(result.is_err(), "expected error for LMTP");
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(msg.contains("LMTP"), "error must mention LMTP: {msg}");
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

#[tokio::test]
async fn send_with_all_params_sequential_includes_dsn_params() {
    // RFC 3461 Sections 4.1–4.2: RCPT TO should include NOTIFY and ORCPT
    // when per-recipient params are provided.
    use crate::types::{DsnNotify, RcptToParams};
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = vec![0u8; 4096];
        let mut accumulated = Vec::new();

        // Wait for MAIL FROM
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0);
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("MAIL FROM:") {
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // Wait for RCPT TO with NOTIFY param
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0);
            accumulated.extend_from_slice(&buf[..n]);
            let text = String::from_utf8_lossy(&accumulated);
            if text.contains("RCPT TO:") {
                assert!(
                    text.contains("NOTIFY=SUCCESS,FAILURE"),
                    "RCPT TO must include NOTIFY=SUCCESS,FAILURE (RFC 3461 Section 4.1). Got: {text}"
                );
                assert!(
                    text.contains("ORCPT=rfc822;original@example.com"),
                    "RCPT TO must include ORCPT (RFC 3461 Section 4.2). Got: {text}"
                );
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // DATA
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0);
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("DATA") {
                break;
            }
        }
        socket.write_all(b"354 Start\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // Message body
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0);
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("\r\n.\r\n") {
                break;
            }
        }
        socket.write_all(b"250 Message accepted\r\n").await.unwrap();
        socket.flush().await.unwrap();

        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    // Server must advertise DSN for RCPT TO DSN params (RFC 3461).
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Dsn],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let rcpt_params = vec![RcptToParams {
        notify: Some(vec![DsnNotify::Success, DsnNotify::Failure]),
        orcpt: Some("original@example.com".into()),
    }];

    let result = conn
        .send_with_all_params(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello\r\n",
            None,
            &rcpt_params,
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_ok(), "expected success, got: {result:?}");
    server.await.unwrap();
}

#[tokio::test]
async fn validate_rcpt_params_rejects_dsn_without_capability() {
    // RFC 3461 / RFC 5321 Section 2.2.1: DSN RCPT TO parameters
    // (NOTIFY, ORCPT) require the server to advertise DSN support.
    use crate::types::{DsnNotify, RcptToParams};

    let stream = mock_server(vec![]).await;
    // Server does NOT advertise DSN
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::EightBitMime],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let rcpt_params = vec![RcptToParams {
        notify: Some(vec![DsnNotify::Success]),
        orcpt: None,
    }];
    let result = conn
        .send_with_all_params(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello\r\n",
            None,
            &rcpt_params,
            Duration::from_secs(1),
        )
        .await;
    assert!(
        result.is_err(),
        "DSN RCPT TO params without server DSN support must be rejected \
         (RFC 3461 / RFC 5321 Section 2.2.1)"
    );
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("DSN") && msg.contains("NOTIFY"),
                "error must mention DSN/NOTIFY: {msg}"
            );
        }
        other => panic!("expected Protocol error about DSN, got: {other:?}"),
    }
}

#[tokio::test]
async fn send_with_all_params_empty_notify_vector_omits_notify_without_dsn() {
    // RFC 3461 Section 4.1: NOTIFY requires at least one value, so an
    // empty vector must be treated as "no DSN parameter" rather than
    // forcing DSN capability checks or emitting `NOTIFY=`.
    use crate::types::RcptToParams;
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = vec![0u8; 4096];
        let mut accumulated = Vec::new();

        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0);
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("MAIL FROM:") {
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();

        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0);
            accumulated.extend_from_slice(&buf[..n]);
            let text = String::from_utf8_lossy(&accumulated);
            if text.contains("RCPT TO:") {
                assert!(
                    !text.contains("NOTIFY="),
                    "empty NOTIFY vector must be omitted, not sent as a DSN parameter \
                     (RFC 3461 Section 4.1). Got: {text}"
                );
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();

        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0);
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("DATA") {
                break;
            }
        }
        socket.write_all(b"354 Start\r\n").await.unwrap();
        socket.flush().await.unwrap();

        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0);
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("\r\n.\r\n") {
                break;
            }
        }
        socket.write_all(b"250 Message accepted\r\n").await.unwrap();
        socket.flush().await.unwrap();

        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let rcpt_params = vec![RcptToParams {
        notify: Some(vec![]),
        ..Default::default()
    }];

    let result = conn
        .send_with_all_params(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello\r\n",
            None,
            &rcpt_params,
            Duration::from_secs(5),
        )
        .await;

    assert!(
        result.is_ok(),
        "empty NOTIFY vector must behave like no DSN parameters and succeed without DSN capability: {result:?}"
    );
    server.await.unwrap();
}

#[tokio::test]
async fn send_with_all_params_pipelined_includes_dsn_params() {
    // RFC 3461 + RFC 1854: verify DSN params are included in
    // pipelined RCPT TO commands.
    use crate::types::{DsnNotify, RcptToParams};
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = vec![0u8; 8192];
        let mut accumulated = Vec::new();

        // Read the pipelined commands: MAIL FROM + RCPT TO + DATA
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0);
            accumulated.extend_from_slice(&buf[..n]);
            let text = String::from_utf8_lossy(&accumulated);
            if text.contains("DATA") {
                // Verify the RCPT TO includes NOTIFY param
                assert!(
                    text.contains("NOTIFY=NEVER"),
                    "pipelined RCPT TO must include NOTIFY=NEVER. Got: {text}"
                );
                break;
            }
        }
        // Respond: MAIL FROM OK, RCPT TO OK, DATA 354
        socket
            .write_all(b"250 OK\r\n250 OK\r\n354 Start\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // Read message body
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0);
            accumulated.extend_from_slice(&buf[..n]);
            if String::from_utf8_lossy(&accumulated).contains("\r\n.\r\n") {
                break;
            }
        }
        socket.write_all(b"250 Message accepted\r\n").await.unwrap();
        socket.flush().await.unwrap();

        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    // Server must advertise DSN for RCPT TO DSN params (RFC 3461).
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Pipelining, SmtpExtension::Dsn],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let rcpt_params = vec![RcptToParams {
        notify: Some(vec![DsnNotify::Never]),
        orcpt: None,
    }];

    let result = conn
        .send_with_all_params(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello\r\n",
            None,
            &rcpt_params,
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_ok(), "expected success, got: {result:?}");
    server.await.unwrap();
}

// -------------------------------------------------------------------
// send_bdat_with_all_params — RFC 3030 + RFC 3461
// -------------------------------------------------------------------

#[tokio::test]
async fn send_bdat_with_all_params_rcpt_params_length_mismatch_returns_error() {
    // RFC 3461: rcpt_params must match recipients.
    use crate::types::RcptToParams;

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Chunking],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let rcpt_params = vec![RcptToParams::default(), RcptToParams::default()]; // 2 params, 1 recipient
    let result = conn
        .send_bdat_with_all_params(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("a@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello\r\n",
            None,
            &rcpt_params,
            Duration::from_secs(1),
        )
        .await;

    assert!(result.is_err(), "expected error for length mismatch");
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("rcpt_params length"),
                "error must describe the mismatch: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

#[tokio::test]
async fn send_bdat_with_all_params_on_lmtp_returns_protocol_error() {
    // RFC 2033: LMTP connections should use send_lmtp_bdat_with_all_params.
    use crate::types::RcptToParams;

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Chunking],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Lmtp);

    let rcpt_params = vec![RcptToParams::default()];
    let result = conn
        .send_bdat_with_all_params(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("a@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello\r\n",
            None,
            &rcpt_params,
            Duration::from_secs(1),
        )
        .await;

    assert!(result.is_err(), "expected error for LMTP");
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(msg.contains("LMTP"), "error must mention LMTP: {msg}");
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

#[tokio::test]
async fn send_bdat_with_all_params_success() {
    // RFC 3030 Section 3 + RFC 3461: BDAT with per-recipient DSN params.
    use crate::types::{DsnNotify, RcptToParams};

    let stream = mock_interactive_server(vec![
        // MAIL FROM
        ("MAIL FROM:", "250 OK\r\n"),
        // RCPT TO with NOTIFY
        ("NOTIFY=SUCCESS", "250 OK\r\n"),
        // BDAT
        ("BDAT", "250 OK\r\n"),
    ])
    .await;

    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Chunking, SmtpExtension::Dsn],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let rcpt_params = vec![RcptToParams {
        notify: Some(vec![DsnNotify::Success]),
        orcpt: None,
    }];

    let result = conn
        .send_bdat_with_all_params(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello\r\n",
            None,
            &rcpt_params,
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_ok(), "expected success, got: {result:?}");
}

// -------------------------------------------------------------------
// send_lmtp_with_all_params — RFC 2033 + RFC 3461
// -------------------------------------------------------------------

#[tokio::test]
async fn send_lmtp_with_all_params_rcpt_params_length_mismatch_returns_error() {
    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Lmtp);

    let rcpt_params: Vec<crate::types::RcptToParams> = vec![]; // 0 params, 1 recipient
    let result = conn
        .send_lmtp_with_all_params(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("a@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello\r\n",
            None,
            &rcpt_params,
            Duration::from_secs(1),
        )
        .await;

    assert!(result.is_err(), "expected error for length mismatch");
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("rcpt_params length"),
                "error must describe the mismatch: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

#[tokio::test]
async fn send_lmtp_with_all_params_on_smtp_returns_protocol_error() {
    use crate::types::RcptToParams;

    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let rcpt_params = vec![RcptToParams::default()];
    let result = conn
        .send_lmtp_with_all_params(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("a@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello\r\n",
            None,
            &rcpt_params,
            Duration::from_secs(1),
        )
        .await;

    assert!(result.is_err(), "expected error for non-LMTP");
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(msg.contains("LMTP"), "error must mention LMTP: {msg}");
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

#[tokio::test]
async fn send_lmtp_with_all_params_success() {
    // RFC 2033 Section 4.2 + RFC 3461: LMTP DATA with per-recipient DSN params.
    use crate::types::{DsnNotify, RcptToParams};

    let stream = mock_interactive_server(vec![
        // MAIL FROM
        ("MAIL FROM:", "250 OK\r\n"),
        // RCPT TO with NOTIFY param
        ("NOTIFY=FAILURE", "250 OK\r\n"),
        // DATA
        ("DATA", "354 Start\r\n"),
        // LMTP: per-recipient response
        ("\r\n.\r\n", "250 Delivered\r\n"),
    ])
    .await;

    // Server must advertise DSN for RCPT TO DSN params (RFC 3461).
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Dsn],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Lmtp);

    let rcpt_params = vec![RcptToParams {
        notify: Some(vec![DsnNotify::Failure]),
        orcpt: None,
    }];

    let result = conn
        .send_lmtp_with_all_params(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello\r\n",
            None,
            &rcpt_params,
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_ok(), "expected success, got: {result:?}");
    let results = result.unwrap();
    assert_eq!(results.results.len(), 1);
    assert_eq!(results.results[0].recipient.as_str(), "rcpt@example.com");
    assert!(results.results[0].response.is_success());
}

// -------------------------------------------------------------------
// send_lmtp_bdat_with_all_params — RFC 2033 + RFC 3030 + RFC 3461
// -------------------------------------------------------------------

#[tokio::test]
async fn send_lmtp_bdat_with_all_params_rcpt_params_length_mismatch_returns_error() {
    use crate::types::RcptToParams;

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Chunking],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Lmtp);

    let rcpt_params = vec![RcptToParams::default(), RcptToParams::default()]; // 2 params, 1 recipient
    let result = conn
        .send_lmtp_bdat_with_all_params(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("a@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello\r\n",
            None,
            &rcpt_params,
            Duration::from_secs(1),
        )
        .await;

    assert!(result.is_err(), "expected error for length mismatch");
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(
                msg.contains("rcpt_params length"),
                "error must describe the mismatch: {msg}"
            );
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

#[tokio::test]
async fn send_lmtp_bdat_with_all_params_on_smtp_returns_protocol_error() {
    use crate::types::RcptToParams;

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Chunking],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let rcpt_params = vec![RcptToParams::default()];
    let result = conn
        .send_lmtp_bdat_with_all_params(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("a@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello\r\n",
            None,
            &rcpt_params,
            Duration::from_secs(1),
        )
        .await;

    assert!(result.is_err(), "expected error for non-LMTP");
    match result.unwrap_err() {
        Error::Protocol(msg) => {
            assert!(msg.contains("LMTP"), "error must mention LMTP: {msg}");
        }
        other => panic!("expected Protocol error, got: {other:?}"),
    }
}

#[tokio::test]
async fn send_lmtp_bdat_with_all_params_success() {
    // RFC 2033 + RFC 3030 + RFC 3461: LMTP BDAT with per-recipient DSN params.
    use crate::types::{DsnNotify, RcptToParams};

    let stream = mock_interactive_server(vec![
        // MAIL FROM
        ("MAIL FROM:", "250 OK\r\n"),
        // RCPT TO with NOTIFY
        ("NOTIFY=DELAY", "250 OK\r\n"),
        // BDAT — LMTP: per-recipient response
        ("BDAT", "250 Delivered\r\n"),
    ])
    .await;

    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Chunking, SmtpExtension::Dsn],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Lmtp);

    let rcpt_params = vec![RcptToParams {
        notify: Some(vec![DsnNotify::Delay]),
        orcpt: None,
    }];

    let result = conn
        .send_lmtp_bdat_with_all_params(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello\r\n",
            None,
            &rcpt_params,
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_ok(), "expected success, got: {result:?}");
    let results = result.unwrap();
    assert_eq!(results.results.len(), 1);
    assert_eq!(results.results[0].recipient.as_str(), "rcpt@example.com");
    assert!(results.results[0].response.is_success());
}

/// RFC 5321 Section 4.2: `try_parse_response` must reject invalid separator
/// bytes (neither '-' nor SP) rather than silently treating them as final.
#[test]
fn try_parse_response_rejects_invalid_separator_byte() {
    // Line with invalid separator byte (0x09 = TAB) at position 3
    let buf = b"250\t OK\r\n";
    let result = SmtpConnection::try_parse_response(buf);
    assert!(
        result.is_err(),
        "try_parse_response must reject invalid separator byte \
         (RFC 5321 Section 4.2)"
    );
}

/// RFC 5321 Section 4.2: `try_parse_response` returns the correct byte
/// count for multi-line responses, ensuring the caller can advance the
/// buffer without a separate length calculation.
#[test]
fn try_parse_response_byte_count_multiline() {
    let buf = b"250-First\r\n250 Second\r\n";
    let (_resp, consumed) = SmtpConnection::try_parse_response(buf).unwrap().unwrap();
    assert_eq!(consumed, buf.len());
}

/// RFC 5321 Section 4.2: when the buffer contains back-to-back responses,
/// `try_parse_response` must consume exactly the first response's bytes
/// so the second response can be parsed from the remainder.
#[test]
fn try_parse_response_byte_count_back_to_back_responses() {
    // Two concatenated responses in one buffer.
    let first = b"250-mail.example.com\r\n250-PIPELINING\r\n250 SIZE 10240000\r\n";
    let second = b"354 Start mail input\r\n";
    let mut buf = Vec::new();
    buf.extend_from_slice(first);
    buf.extend_from_slice(second);

    // Parse the first response.
    let (resp1, consumed1) = SmtpConnection::try_parse_response(&buf).unwrap().unwrap();
    assert_eq!(resp1.code, 250);
    assert_eq!(consumed1, first.len());

    // Parse the second response from the remainder.
    let (resp2, consumed2) = SmtpConnection::try_parse_response(&buf[consumed1..])
        .unwrap()
        .unwrap();
    assert_eq!(resp2.code, 354);
    assert_eq!(consumed2, second.len());
    assert_eq!(consumed1 + consumed2, buf.len());
}

/// RFC 5321 Section 4.2: byte count for a single-line response must be
/// exactly the line length including the trailing CRLF.
#[test]
fn try_parse_response_byte_count_single_line() {
    let buf = b"220 mail.example.com ESMTP\r\n";
    let (resp, consumed) = SmtpConnection::try_parse_response(buf).unwrap().unwrap();
    assert_eq!(resp.code, 220);
    assert_eq!(consumed, buf.len());
}

/// RFC 5321 Section 4.2: byte count for a bare 3-digit code (no separator,
/// no text) must be 5 bytes (3 digits + CRLF).
#[test]
fn try_parse_response_byte_count_bare_code() {
    let buf = b"250\r\nmore data here";
    let (resp, consumed) = SmtpConnection::try_parse_response(buf).unwrap().unwrap();
    assert_eq!(resp.code, 250);
    assert_eq!(consumed, 5); // "250\r\n"
}

/// RFC 4954 Section 6: the only valid AUTH success reply is 235.
/// A 2xx code other than 235 (e.g. 250) after AUTH is a protocol
/// violation and must NOT mark the session as authenticated.
#[tokio::test]
async fn auth_success_requires_exactly_235() {
    // Server returns 250 instead of 235 — a protocol violation.
    let stream = mock_server(vec!["250 2.0.0 OK\r\n"]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::Auth(vec![crate::types::AuthMechanism::Plain]),
            SmtpExtension::SaslIr,
        ],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .auth_plain("user", "pass", Duration::from_secs(5))
        .await;

    // A non-235 2xx response must be treated as an error, not success.
    assert!(
        result.is_err(),
        "auth must reject non-235 success code (RFC 4954 Section 6); got Ok(())"
    );
}

#[tokio::test]
async fn validate_params_rejects_holdfor_exceeding_server_max_interval() {
    // RFC 4865 Section 4: "the HOLDFOR value MUST be less than or equal
    // to the server-advertised maximum hold interval."
    use crate::types::MailFromParams;

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::FutureRelease {
            max_interval: Some(86400), // 1 day
            max_datetime: None,
        }],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        hold_for: Some(172_800), // 2 days — exceeds limit
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;
    assert!(
        result.is_err(),
        "HOLDFOR exceeding server max_interval must be rejected (RFC 4865 Section 4)"
    );
}

#[tokio::test]
async fn validate_params_accepts_holdfor_within_server_max_interval() {
    // RFC 4865 Section 4: value within limit must be accepted.
    use crate::types::MailFromParams;

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::FutureRelease {
            max_interval: Some(86400),
            max_datetime: None,
        }],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        hold_for: Some(3600), // 1 hour — within limit
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;
    assert!(
        result.is_ok(),
        "HOLDFOR within server max_interval must be accepted"
    );
}

#[tokio::test]
async fn validate_params_rejects_zero_holdfor() {
    // RFC 4865 Section 5: hold-for-seconds is a positive decimal integer.
    use crate::types::MailFromParams;

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::FutureRelease {
            max_interval: None,
            max_datetime: None,
        }],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        hold_for: Some(0),
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;
    assert!(
        result.is_err(),
        "HOLDFOR=0 must be rejected because RFC 4865 Section 5 requires a positive interval"
    );
}

#[tokio::test]
async fn validate_params_rejects_ten_digit_holdfor() {
    // RFC 4865 Section 5: hold-for-seconds is limited to 1*9DIGIT.
    use crate::types::MailFromParams;

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::FutureRelease {
            max_interval: None,
            max_datetime: None,
        }],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        hold_for: Some(1_000_000_000),
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;
    assert!(
        result.is_err(),
        "HOLDFOR with more than 9 digits must be rejected (RFC 4865 Section 5)"
    );
}

#[tokio::test]
async fn validate_params_rejects_holduntil_exceeding_server_max_datetime() {
    // RFC 4865 Section 4: "the client MUST NOT set a hold-until time
    // that is later than the [server-advertised] max-datetime."
    use crate::types::MailFromParams;

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::FutureRelease {
            max_interval: None,
            max_datetime: Some("2026-01-01T00:00:00Z".into()),
        }],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        hold_until: Some("2027-06-15T12:00:00Z".into()),
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;
    assert!(
        result.is_err(),
        "HOLDUNTIL exceeding server max_datetime must be rejected (RFC 4865 Section 4)"
    );
}

#[tokio::test]
async fn validate_params_accepts_holduntil_within_server_max_datetime() {
    // RFC 4865 Section 4: value within limit must be accepted.
    use crate::types::MailFromParams;

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::FutureRelease {
            max_interval: None,
            max_datetime: Some("2026-12-31T23:59:59Z".into()),
        }],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        hold_until: Some("2026-06-15T12:00:00Z".into()),
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;
    assert!(
        result.is_ok(),
        "HOLDUNTIL within server max_datetime must be accepted"
    );
}

#[tokio::test]
async fn validate_params_rejects_malformed_holduntil_without_server_max() {
    // RFC 4865 Section 5 / RFC 3339 Section 5.6: HOLDUNTIL uses an RFC 3339 date-time
    // even when the server does not advertise max-datetime.
    use crate::types::MailFromParams;

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::FutureRelease {
            max_interval: None,
            max_datetime: None,
        }],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        hold_until: Some("2026-01-01 00:00:00Z".into()),
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;
    assert!(
        result.is_err(),
        "malformed HOLDUNTIL must be rejected even without a server max-datetime"
    );
}

#[tokio::test]
async fn validate_params_rejects_deliver_by_below_server_min() {
    // RFC 2852 Section 2: the deliver-by time must not be below the
    // server-advertised minimum when by-mode is Return.
    use crate::types::{DeliverBy, DeliverByMode, MailFromParams};

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::DeliverBy(Some(86400))],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        deliver_by: Some(DeliverBy {
            seconds: 3600, // below minimum 86400
            mode: DeliverByMode::Return,
            trace: false,
        }),
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;
    assert!(
        result.is_err(),
        "DELIVERBY below server minimum must be rejected (RFC 2852 Section 2)"
    );
}

#[tokio::test]
async fn validate_params_accepts_deliver_by_above_server_min() {
    // RFC 2852 Section 2: value at or above minimum must be accepted
    // for by-mode Return.
    use crate::types::{DeliverBy, DeliverByMode, MailFromParams};

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::DeliverBy(Some(86400))],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        deliver_by: Some(DeliverBy {
            seconds: 172_800, // above minimum 86400
            mode: DeliverByMode::Return,
            trace: false,
        }),
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;
    assert!(
        result.is_ok(),
        "DELIVERBY above server minimum must be accepted (RFC 2852 Section 2)"
    );
}

// ── Bug fix: reply line 512-octet limit too strict (Postel's law) ──

#[test]
fn parse_response_accepts_overlong_reply_line_postel() {
    // Real-world servers (Exchange, Postfix) sometimes exceed the
    // RFC 5321 Section 4.5.3.1.5 512-octet reply line limit.
    // Per Postel's law ("be liberal in what you accept"), the client
    // must tolerate longer lines from non-conformant servers.
    let mut line = Vec::new();
    line.extend_from_slice(b"250 ");
    // 1000 bytes of text + 4 (code + space) + 2 (CRLF) = 1006 octets,
    // well above the 512-octet RFC limit.
    line.extend(std::iter::repeat(b'X').take(1000));
    line.extend_from_slice(b"\r\n");
    assert!(line.len() > 512, "test setup: line must exceed 512 octets");
    let result = SmtpConnection::try_parse_response(&line);
    assert!(
        result.is_ok(),
        "overlong reply line should be accepted per Postel's law: {result:?}"
    );
    let (resp, _consumed) = result.unwrap().unwrap();
    assert_eq!(resp.code, 250);
}

// ── Bug fix: auth_two_step uses hardcoded b"*\r\n" instead of cancel_payload ──

#[tokio::test]
async fn auth_two_step_cancel_uses_cancel_payload_not_hardcoded() {
    // RFC 7628 Section 3.2.3: when SASL credentials exceed the max
    // length limit, the mechanism-specific cancel_payload should be
    // sent, not a hardcoded "*\r\n".
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = [0u8; 16384];

        // Read the AUTH command.
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            assert!(n > 0);
            accumulated.extend_from_slice(&buf[..n]);
            if accumulated.windows(2).any(|w| w == b"\r\n") {
                break;
            }
        }

        // Send 334 server challenge to move to step 2.
        socket.write_all(b"334\r\n").await.unwrap();
        socket.flush().await.unwrap();

        // Read whatever the client sends next — this should be the
        // cancel_payload, NOT b"*\r\n".
        accumulated.clear();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            if n == 0 {
                break;
            }
            accumulated.extend_from_slice(&buf[..n]);
            if accumulated.windows(2).any(|w| w == b"\r\n") {
                break;
            }
        }

        let cancel_line = String::from_utf8_lossy(&accumulated);
        // RFC 7628 Section 3.2.3: OAUTHBEARER cancel is "AQ==\r\n"
        assert_eq!(
            cancel_line.as_ref(),
            "AQ==\r\n",
            "Expected cancel_payload 'AQ==\\r\\n' (RFC 7628 Section 3.2.3), \
             got: {cancel_line:?} — auth_two_step must use cancel_payload, \
             not hardcoded '*\\r\\n'"
        );

        // Send 535 failure to complete the exchange.
        socket
            .write_all(b"535 5.7.8 Authentication failed\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Auth(vec![
            crate::types::AuthMechanism::Plain,
        ])],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    // Create credentials that exceed SMTP_MAX_AUTH_RESPONSE (12288)
    // to trigger the cancel path.
    let oversized_creds = "X".repeat(13000);

    let result = {
        let mut inner = conn.inner.lock().await;
        SmtpConnection::auth_two_step(&mut inner, "OAUTHBEARER", &oversized_creds, b"AQ==\r\n")
            .await
    };

    // The result should be an error (credentials too long), but the
    // cancel_payload should have been sent to the server.
    assert!(
        result.is_err(),
        "oversized credentials must produce an error"
    );
    server.await.unwrap();
}

// ── Partial RCPT TO rejection — SendResult (RFC 5321 §3.3) ────────

/// RFC 5321 Section 3.3: when some RCPT TOs are rejected and some
/// accepted, `send()` must succeed and report the rejections in
/// `SendResult::rejected_recipients` — sequential (no pipelining) path.
#[tokio::test]
async fn sequential_send_partial_rcpt_rejection_returns_rejected_recipients() {
    let stream = mock_interactive_server(vec![
        // MAIL FROM
        ("MAIL FROM:", "250 OK\r\n"),
        // First RCPT TO — accepted
        ("good@example.com", "250 OK\r\n"),
        // Second RCPT TO — rejected
        ("bad@example.com", "550 User unknown\r\n"),
        // DATA
        ("DATA", "354 Start\r\n"),
        // Message body terminator
        ("\r\n.\r\n", "250 Message accepted\r\n"),
    ])
    .await;

    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[
                ForwardPath::new("good@example.com").unwrap(),
                ForwardPath::new("bad@example.com").unwrap(),
            ],
            b"Subject: Test\r\n\r\nHello",
            Duration::from_secs(5),
        )
        .await;

    // Must succeed — at least one recipient was accepted.
    let send_result = result.expect("send should succeed with partial rejection");
    // Must report the rejection per RFC 5321 Section 3.3.
    assert!(
        send_result.has_rejections(),
        "SendResult must report partial RCPT TO rejections"
    );
    assert_eq!(
        send_result.rejected_recipients.len(),
        1,
        "exactly one recipient should be rejected"
    );
    assert_eq!(
        send_result.rejected_recipients[0].recipient.as_str(),
        "bad@example.com",
        "rejected recipient address must match"
    );
    assert_eq!(
        send_result.rejected_recipients[0].response.code, 550,
        "rejection response code must be preserved"
    );
}

/// RFC 5321 Section 3.3: when some RCPT TOs are rejected and some
/// accepted, `send()` must succeed and report the rejections in
/// `SendResult::rejected_recipients` — pipelined (RFC 1854) path.
#[tokio::test]
async fn pipelined_send_partial_rcpt_rejection_returns_rejected_recipients() {
    let stream = mock_server(vec![
        // MAIL FROM OK
        "250 OK\r\n",
        // First RCPT TO — accepted
        "250 OK\r\n",
        // Second RCPT TO — rejected
        "550 User unknown\r\n",
        // DATA intermediate
        "354 Start\r\n",
        // Response after message body
        "250 Message accepted\r\n",
    ])
    .await;

    let conn = SmtpConnection::from_plain(stream, smtp_caps_with_pipelining(), Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[
                ForwardPath::new("good@example.com").unwrap(),
                ForwardPath::new("bad@example.com").unwrap(),
            ],
            b"Subject: Test\r\n\r\nHello",
            Duration::from_secs(5),
        )
        .await;

    // Must succeed — at least one recipient was accepted.
    let send_result = result.expect("send should succeed with partial rejection");
    // Must report the rejection per RFC 5321 Section 3.3.
    assert!(
        send_result.has_rejections(),
        "SendResult must report partial RCPT TO rejections"
    );
    assert_eq!(
        send_result.rejected_recipients.len(),
        1,
        "exactly one recipient should be rejected"
    );
    assert_eq!(
        send_result.rejected_recipients[0].recipient.as_str(),
        "bad@example.com",
        "rejected recipient address must match"
    );
    assert_eq!(
        send_result.rejected_recipients[0].response.code, 550,
        "rejection response code must be preserved"
    );
}

/// RFC 5321 Section 3.3: when all recipients are accepted, `SendResult`
/// should report no rejections — the `all_accepted()` helper returns true.
#[tokio::test]
async fn send_all_accepted_returns_empty_rejections() {
    let stream = mock_interactive_server(vec![
        ("MAIL FROM:", "250 OK\r\n"),
        ("RCPT TO:", "250 OK\r\n"),
        ("DATA", "354 Start\r\n"),
        ("\r\n.\r\n", "250 OK\r\n"),
    ])
    .await;

    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("good@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello",
            Duration::from_secs(5),
        )
        .await;

    let send_result = result.expect("send should succeed");
    assert!(
        send_result.all_accepted(),
        "all_accepted() must return true when no recipients were rejected"
    );
    assert!(
        send_result.rejected_recipients.is_empty(),
        "rejected_recipients must be empty when all accepted"
    );
}

/// RFC 5321 Section 3.3 / RFC 3030 Section 3: partial RCPT TO rejection
/// through the BDAT path must also surface rejected recipients.
#[tokio::test]
async fn bdat_send_partial_rcpt_rejection_returns_rejected_recipients() {
    let stream = mock_interactive_server(vec![
        // MAIL FROM
        ("MAIL FROM:", "250 OK\r\n"),
        // First RCPT TO — accepted
        ("good@example.com", "250 OK\r\n"),
        // Second RCPT TO — rejected
        ("bad@example.com", "550 User unknown\r\n"),
        // BDAT LAST response
        ("BDAT", "250 OK\r\n"),
    ])
    .await;

    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Chunking],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .send_bdat(
            &ReversePath::new("sender@example.com").unwrap(),
            &[
                ForwardPath::new("good@example.com").unwrap(),
                ForwardPath::new("bad@example.com").unwrap(),
            ],
            b"Subject: Test\r\n\r\nHello",
            None,
            Duration::from_secs(5),
        )
        .await;

    let send_result = result.expect("send_bdat should succeed with partial rejection");
    assert!(
        send_result.has_rejections(),
        "SendResult must report partial RCPT TO rejections via BDAT path"
    );
    assert_eq!(
        send_result.rejected_recipients.len(),
        1,
        "exactly one recipient should be rejected"
    );
    assert_eq!(
        send_result.rejected_recipients[0].recipient.as_str(),
        "bad@example.com",
        "rejected recipient address must match"
    );
    assert_eq!(
        send_result.rejected_recipients[0].response.code, 550,
        "rejection response code must be preserved"
    );
}

/// RFC 5321 Section 3.3: partial rejection with multiple rejections
/// must report all rejected recipients, preserving order and response codes.
#[tokio::test]
async fn sequential_send_multiple_rejections_reports_all() {
    let stream = mock_interactive_server(vec![
        ("MAIL FROM:", "250 OK\r\n"),
        ("good@example.com", "250 OK\r\n"),
        ("bad1@example.com", "550 User unknown\r\n"),
        ("bad2@example.com", "452 Mailbox full\r\n"),
        ("DATA", "354 Start\r\n"),
        ("\r\n.\r\n", "250 OK\r\n"),
    ])
    .await;

    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[
                ForwardPath::new("good@example.com").unwrap(),
                ForwardPath::new("bad1@example.com").unwrap(),
                ForwardPath::new("bad2@example.com").unwrap(),
            ],
            b"Subject: Test\r\n\r\nHello",
            Duration::from_secs(5),
        )
        .await;

    let send_result = result.expect("send should succeed with partial rejection");
    assert_eq!(
        send_result.rejected_recipients.len(),
        2,
        "both rejected recipients must be reported"
    );
    assert_eq!(
        send_result.rejected_recipients[0].recipient.as_str(),
        "bad1@example.com"
    );
    assert_eq!(send_result.rejected_recipients[0].response.code, 550);
    assert_eq!(
        send_result.rejected_recipients[1].recipient.as_str(),
        "bad2@example.com"
    );
    assert_eq!(send_result.rejected_recipients[1].response.code, 452);
}

// -------------------------------------------------------------------
// LMTP send_lmtp — rejected recipients must be reported (RFC 2033 §4.2)
// -------------------------------------------------------------------

/// RFC 2033 Section 4.2: when some RCPT TO commands are rejected during
/// an LMTP transaction, the `LmtpSendResult` must include both
/// per-recipient delivery results (for accepted recipients) and the
/// rejected recipients — callers need full visibility.
#[tokio::test]
async fn lmtp_send_partial_rcpt_rejection_returns_rejected_recipients() {
    let stream = mock_interactive_server(vec![
        // MAIL FROM
        ("MAIL FROM:", "250 OK\r\n"),
        // First RCPT TO — accepted
        ("good@example.com", "250 OK\r\n"),
        // Second RCPT TO — rejected
        ("bad@example.com", "550 User unknown\r\n"),
        // DATA
        ("DATA", "354 Start\r\n"),
        // LMTP: per-recipient response for the one accepted recipient
        ("\r\n.\r\n", "250 Delivered to good@example.com\r\n"),
    ])
    .await;

    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Lmtp);

    let result = conn
        .send_lmtp(
            &ReversePath::new("sender@example.com").unwrap(),
            &[
                ForwardPath::new("good@example.com").unwrap(),
                ForwardPath::new("bad@example.com").unwrap(),
            ],
            b"Subject: Test\r\n\r\nHello\r\n",
            None,
            Duration::from_secs(5),
        )
        .await;

    let lmtp_result = result.expect("send_lmtp should succeed with partial rejection");

    // Per-recipient delivery results for accepted recipients.
    assert_eq!(
        lmtp_result.results.len(),
        1,
        "one accepted recipient should have a delivery result"
    );
    assert_eq!(
        lmtp_result.results[0].recipient.as_str(),
        "good@example.com"
    );
    assert!(lmtp_result.results[0].response.is_success());

    // Rejected recipients from RCPT TO phase.
    assert_eq!(
        lmtp_result.rejected_recipients.len(),
        1,
        "one recipient should be rejected at RCPT TO time"
    );
    assert_eq!(
        lmtp_result.rejected_recipients[0].recipient.as_str(),
        "bad@example.com",
        "rejected recipient address must match"
    );
    assert_eq!(
        lmtp_result.rejected_recipients[0].response.code, 550,
        "rejection response code must be preserved"
    );
}

#[tokio::test]
async fn validate_params_deliverby_minimum_not_maximum() {
    // Regression test: RFC 2852 Section 2 — the EHLO DELIVERBY parameter
    // is a *minimum* deliver-by time (the shortest interval the server
    // will accept), NOT a maximum.  The old code inverted this, rejecting
    // values *above* the limit instead of values *below* it.
    use crate::types::{DeliverBy, DeliverByMode, MailFromParams};

    let stream = mock_server(vec![]).await;
    // Server advertises DELIVERBY 240 → minimum 240 seconds.
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::DeliverBy(Some(240))],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    // BY=100;R — below minimum 240 → must be REJECTED.
    let below = MailFromParams {
        deliver_by: Some(DeliverBy {
            seconds: 100,
            mode: DeliverByMode::Return,
            trace: false,
        }),
        ..Default::default()
    };
    let result_below = conn.validate_params_public(Some(&below)).await;
    assert!(
        result_below.is_err(),
        "DELIVERBY 100s is below server minimum 240s and must be rejected (RFC 2852 Section 2)"
    );

    // BY=300;R — above minimum 240 → must be ACCEPTED.
    let stream2 = mock_server(vec![]).await;
    let caps2 = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::DeliverBy(Some(240))],
    };
    let conn2 = SmtpConnection::from_plain(stream2, caps2, Protocol::Smtp);

    let above = MailFromParams {
        deliver_by: Some(DeliverBy {
            seconds: 300,
            mode: DeliverByMode::Return,
            trace: false,
        }),
        ..Default::default()
    };
    let result_above = conn2.validate_params_public(Some(&above)).await;
    assert!(
        result_above.is_ok(),
        "DELIVERBY 300s is above server minimum 240s and must be accepted (RFC 2852 Section 2)"
    );
}

// ── Bug fix: DELIVERBY minimum check incorrectly applied to negative by-time ──

#[tokio::test]
async fn validate_params_deliverby_minimum_applies_only_to_return_mode() {
    // RFC 2852 Section 2: the server-advertised DELIVERBY minimum
    // applies only when by-mode is Return.
    use crate::types::{DeliverBy, DeliverByMode, MailFromParams};

    // Server advertises DELIVERBY 240 → minimum 240 seconds.
    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::DeliverBy(Some(240))],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    // BY=-100;N — negative by-time (expired deadline).
    // Must NOT be rejected by the minimum-window check.
    let negative = MailFromParams {
        deliver_by: Some(DeliverBy {
            seconds: -100,
            mode: DeliverByMode::Notify,
            trace: false,
        }),
        ..Default::default()
    };
    let result_neg = conn.validate_params_public(Some(&negative)).await;
    assert!(
        result_neg.is_ok(),
        "DELIVERBY -100s (negative, expired deadline) must not be rejected \
         by the minimum-window check (RFC 2852 Section 4)"
    );

    // BY=100;N — positive, below minimum 240, but Notify mode means
    // the Section 2 minimum does not apply.
    let stream2 = mock_server(vec![]).await;
    let caps2 = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::DeliverBy(Some(240))],
    };
    let conn2 = SmtpConnection::from_plain(stream2, caps2, Protocol::Smtp);

    let below_min = MailFromParams {
        deliver_by: Some(DeliverBy {
            seconds: 100,
            mode: DeliverByMode::Notify,
            trace: false,
        }),
        ..Default::default()
    };
    let result_below = conn2.validate_params_public(Some(&below_min)).await;
    assert!(
        result_below.is_ok(),
        "DELIVERBY 100s with Notify mode must ignore the server minimum \
         (RFC 2852 Section 2)"
    );

    // BY=100;R — positive, below minimum 240 → MUST be rejected.
    let stream3 = mock_server(vec![]).await;
    let caps3 = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::DeliverBy(Some(240))],
    };
    let conn3 = SmtpConnection::from_plain(stream3, caps3, Protocol::Smtp);

    let below_min_return = MailFromParams {
        deliver_by: Some(DeliverBy {
            seconds: 100,
            mode: DeliverByMode::Return,
            trace: false,
        }),
        ..Default::default()
    };
    let result_above = conn3.validate_params_public(Some(&below_min_return)).await;
    assert!(
        result_above.is_err(),
        "DELIVERBY 100s with Return mode must honor the server minimum \
         (RFC 2852 Section 2)"
    );
}

#[tokio::test]
async fn validate_params_rejects_negative_deliverby_return_mode() {
    // RFC 2852 Section 4: zero or negative by-time is not allowed
    // when by-mode is Return.
    use crate::types::{DeliverBy, DeliverByMode, MailFromParams};

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::DeliverBy(None)],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        deliver_by: Some(DeliverBy {
            seconds: -60,
            mode: DeliverByMode::Return,
            trace: false,
        }),
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;
    assert!(
        result.is_err(),
        "BY=-60;R must be rejected because RFC 2852 Section 4 forbids non-positive by-time with Return mode"
    );
}

#[tokio::test]
async fn validate_params_rejects_ten_digit_deliverby() {
    // RFC 2852 Section 4: by-time = [\"-\" / \"+\"]1*9DIGIT.
    use crate::types::{DeliverBy, DeliverByMode, MailFromParams};

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::DeliverBy(None)],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        deliver_by: Some(DeliverBy {
            seconds: 1_000_000_000,
            mode: DeliverByMode::Notify,
            trace: false,
        }),
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;
    assert!(
        result.is_err(),
        "DELIVERBY with more than 9 digits must be rejected (RFC 2852 Section 4)"
    );
}

// ── Bug fix: HOLDUNTIL lexicographic comparison fails across timezones ──

#[tokio::test]
async fn validate_params_holduntil_cross_timezone_accepts_earlier_utc() {
    // RFC 4865 Section 4: HOLDUNTIL comparison must be chronological,
    // not lexicographic.  "2026-03-27T00:00:00+00:00" (midnight UTC)
    // is chronologically *before* "2026-03-26T20:00:00-05:00"
    // (which equals 2026-03-27T01:00:00 UTC).  Lexicographic comparison
    // incorrectly rejects this because "2026-03-27" > "2026-03-26".
    use crate::types::MailFromParams;

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::FutureRelease {
            max_interval: None,
            max_datetime: Some("2026-03-26T20:00:00-05:00".into()),
        }],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        hold_until: Some("2026-03-27T00:00:00+00:00".into()),
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;
    assert!(
        result.is_ok(),
        "HOLDUNTIL 2026-03-27T00:00:00+00:00 (= midnight UTC) is before \
         max 2026-03-26T20:00:00-05:00 (= 01:00 UTC next day) and must be \
         accepted (RFC 4865 Section 4)"
    );
}

#[tokio::test]
async fn validate_params_holduntil_cross_timezone_rejects_later_utc() {
    // RFC 4865 Section 4: "2026-03-26T23:00:00-05:00" equals
    // 2026-03-27T04:00:00 UTC, which is *after* max_datetime
    // "2026-03-27T01:00:00+00:00" (01:00 UTC).  Lexicographic comparison
    // incorrectly accepts this because "2026-03-26" < "2026-03-27".
    use crate::types::MailFromParams;

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::FutureRelease {
            max_interval: None,
            max_datetime: Some("2026-03-27T01:00:00+00:00".into()),
        }],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        hold_until: Some("2026-03-26T23:00:00-05:00".into()),
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;
    assert!(
        result.is_err(),
        "HOLDUNTIL 2026-03-26T23:00:00-05:00 (= 04:00 UTC) exceeds \
         max 2026-03-27T01:00:00+00:00 (= 01:00 UTC) and must be \
         rejected (RFC 4865 Section 4)"
    );
}

#[tokio::test]
async fn validate_params_holduntil_fractional_seconds_rejects_later_timestamp() {
    // RFC 4865 Section 4 + RFC 3339 Section 5.6: HOLDUNTIL uses an
    // RFC 3339 date-time, which permits fractional seconds. A value with
    // fractional seconds that is chronologically later than the server's
    // max-datetime must be rejected even though simple lexicographic
    // comparison would treat ".1Z" as smaller than "Z".
    use crate::types::MailFromParams;

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::FutureRelease {
            max_interval: None,
            max_datetime: Some("2026-03-27T00:00:00Z".into()),
        }],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        hold_until: Some("2026-03-27T00:00:00.1Z".into()),
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;
    assert!(
        result.is_err(),
        "HOLDUNTIL with fractional seconds that exceeds the server maximum \
         must be rejected (RFC 4865 Section 4 / RFC 3339 Section 5.6)"
    );
}

#[tokio::test]
async fn validate_params_holduntil_lowercase_t_rejects_later_timestamp() {
    // RFC 3339 Section 5.6 note: applications MAY use a lower-case "t"
    // instead of "T". The parser must still compare chronologically rather
    // than falling back to lexicographic string ordering.
    use crate::types::MailFromParams;

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::FutureRelease {
            max_interval: None,
            max_datetime: Some("2026-03-27t00:00:00Z".into()),
        }],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        hold_until: Some("2026-03-27T00:00:01Z".into()),
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;
    assert!(
        result.is_err(),
        "HOLDUNTIL later than a lower-case 't' max-datetime must be rejected \
         (RFC 4865 Section 4 / RFC 3339 Section 5.6)"
    );
}

#[tokio::test]
async fn validate_params_rejects_holdfor_beyond_deliverby_window() {
    // RFC 4865 Section 5.2.1: the future release time MAY NOT be farther
    // in the future than the deliver-by time.
    use crate::types::{DeliverBy, DeliverByMode, MailFromParams};

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::FutureRelease {
                max_interval: None,
                max_datetime: None,
            },
            SmtpExtension::DeliverBy(None),
        ],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        hold_for: Some(7200),
        deliver_by: Some(DeliverBy {
            seconds: 3600,
            mode: DeliverByMode::Return,
            trace: false,
        }),
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;
    assert!(
        result.is_err(),
        "HOLDFOR must be rejected when it extends past the DELIVERBY deadline (RFC 4865 Section 5.2.1)"
    );
}

#[tokio::test]
async fn validate_params_rejects_holduntil_beyond_deliverby_window() {
    // RFC 4865 Section 5.2.1: the future release time MAY NOT be farther
    // in the future than the deliver-by time.
    use crate::types::{DeliverBy, DeliverByMode, MailFromParams};

    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![
            SmtpExtension::FutureRelease {
                max_interval: None,
                max_datetime: None,
            },
            SmtpExtension::DeliverBy(None),
        ],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let params = MailFromParams {
        hold_until: Some("2099-01-01T00:00:00Z".into()),
        deliver_by: Some(DeliverBy {
            seconds: 3600,
            mode: DeliverByMode::Return,
            trace: false,
        }),
        ..Default::default()
    };
    let result = conn.validate_params_public(Some(&params)).await;
    assert!(
        result.is_err(),
        "HOLDUNTIL must be rejected when it is later than the DELIVERBY deadline (RFC 4865 Section 5.2.1)"
    );
}

// ── RFC 5321 §3.8 — 421 marks connection as shutting down ────────

#[tokio::test]
async fn connection_marks_shutting_down_on_421() {
    // RFC 5321 Section 3.8: "If the SMTP code is 421, the server MUST
    // close the transmission channel after sending the response."
    // The client must mark the connection as shutting down so that
    // subsequent send attempts fail immediately.
    let stream = mock_interactive_server(vec![
        // MAIL FROM → 421 shutdown response.
        ("MAIL FROM:", "421 4.7.0 Service shutting down\r\n"),
    ])
    .await;

    let caps = smtp_caps_no_pipelining();
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    // First send attempt should fail with a transient 421 error.
    let result = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello",
            Duration::from_secs(5),
        )
        .await;
    assert!(result.is_err(), "send should fail on 421 response");

    // The connection should now know the server is shutting down.
    assert!(
        conn.is_shutting_down().await,
        "connection must be marked as shutting down after 421 \
         (RFC 5321 Section 3.8)"
    );

    // A subsequent send attempt should fail immediately with a
    // protocol error, not attempt to write to the doomed connection.
    let result2 = conn
        .send(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test2\r\n\r\nHello",
            Duration::from_secs(5),
        )
        .await;
    assert!(result2.is_err(), "second send should fail immediately");
    let err_msg = format!("{}", result2.unwrap_err());
    assert!(
        err_msg.contains("shutting down"),
        "error message should mention shutting down, got: {err_msg}"
    );
}

#[tokio::test]
async fn noop_rejects_when_connection_is_shutting_down() {
    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);
    conn.inner.lock().await.server_shutting_down = true;

    let err = conn
        .noop(Duration::from_millis(10))
        .await
        .expect_err("NOOP must fail immediately after a 421 shutdown");

    assert!(
        matches!(err, Error::Protocol(ref message) if message.contains("shutting down")),
        "expected shutting-down protocol error, got {err:?}"
    );
}

#[tokio::test]
async fn auth_plain_rejects_when_connection_is_shutting_down() {
    let stream = mock_server(vec![]).await;
    let caps = ServerCapabilities {
        extensions: vec![SmtpExtension::Auth(vec![
            crate::types::AuthMechanism::Plain,
        ])],
        ..ServerCapabilities::default()
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);
    conn.inner.lock().await.server_shutting_down = true;

    let err = conn
        .auth_plain("user", "pass", Duration::from_millis(10))
        .await
        .expect_err("AUTH PLAIN must fail immediately after a 421 shutdown");

    assert!(
        matches!(err, Error::Protocol(ref message) if message.contains("shutting down")),
        "expected shutting-down protocol error, got {err:?}"
    );
}

#[tokio::test]
async fn rehlo_rejects_when_connection_is_shutting_down() {
    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);
    conn.inner.lock().await.server_shutting_down = true;

    let err = conn
        .rehlo(Duration::from_millis(10))
        .await
        .expect_err("rehlo must fail immediately after a 421 shutdown");

    assert!(
        matches!(err, Error::Protocol(ref message) if message.contains("shutting down")),
        "expected shutting-down protocol error, got {err:?}"
    );
}

// ── Postel's law: tolerate bare LF line endings (RFC 5321 Section 2.3.8) ──

/// RFC 5321 Section 2.3.8 mandates CRLF line endings, but some
/// non-conformant servers (e.g., misconfigured Postfix, custom
/// SMTP implementations) send bare LF. Per Postel's law (RFC 1122
/// Section 1.2.2: "be liberal in what you accept"), the parser
/// must tolerate bare LF as a line terminator.
#[test]
fn try_parse_response_tolerates_bare_lf() {
    // Single-line response with bare LF instead of CRLF.
    let input = b"250 OK\n";
    let result = SmtpConnection::try_parse_response(input);
    assert!(
        result.is_ok(),
        "bare LF should be tolerated per Postel's law: {result:?}"
    );
    let parsed = result.unwrap();
    assert!(
        parsed.is_some(),
        "response with bare LF should parse as complete, not incomplete"
    );
    let (resp, consumed) = parsed.unwrap();
    assert_eq!(resp.code, 250);
    assert_eq!(resp.lines, vec!["OK"]);
    assert_eq!(consumed, input.len());
}

/// Multi-line response with bare LF endings.
#[test]
fn try_parse_response_tolerates_bare_lf_multiline() {
    let input = b"250-First line\n250 Second line\n";
    let result = SmtpConnection::try_parse_response(input);
    assert!(
        result.is_ok(),
        "multi-line bare LF should be tolerated: {result:?}"
    );
    let parsed = result.unwrap();
    assert!(parsed.is_some(), "should parse as complete");
    let (resp, consumed) = parsed.unwrap();
    assert_eq!(resp.code, 250);
    assert_eq!(resp.lines, vec!["First line", "Second line"]);
    assert_eq!(consumed, input.len());
}

/// Mixed CRLF and bare LF in a multi-line response.
#[test]
fn try_parse_response_tolerates_mixed_crlf_and_bare_lf() {
    let input = b"250-CRLF line\r\n250 bare LF line\n";
    let result = SmtpConnection::try_parse_response(input);
    assert!(
        result.is_ok(),
        "mixed CRLF/LF should be tolerated: {result:?}"
    );
    let parsed = result.unwrap();
    assert!(parsed.is_some(), "should parse as complete");
    let (resp, _consumed) = parsed.unwrap();
    assert_eq!(resp.code, 250);
    assert_eq!(resp.lines.len(), 2);
}

/// Postel's law: when bare LF appears before CRLF in the buffer,
/// the parser must use the earlier bare LF as the line terminator
/// rather than skipping it in favor of the later CRLF.
/// This is a regression test for a bug where `try_parse_response`
/// searched the entire remaining buffer for CRLF first, causing it
/// to skip an earlier bare LF and merge two logical response lines.
#[test]
fn try_parse_response_bare_lf_before_crlf() {
    // First line uses bare LF, second line uses CRLF.
    // The parser must treat the bare LF at offset 9 as the terminator
    // for the first line, NOT skip it and jump to the CRLF at offset 16.
    let buf = b"250-Hello\n250 OK\r\n";
    let result = SmtpConnection::try_parse_response(buf).unwrap().unwrap();
    let (resp, consumed) = result;
    assert_eq!(resp.code, 250, "reply code should be 250");
    assert_eq!(consumed, buf.len(), "should consume the entire buffer");
    assert_eq!(
        resp.lines.len(),
        2,
        "should parse two lines, not merge them into one; got: {:?}",
        resp.lines
    );
    assert_eq!(resp.lines[0], "Hello");
    assert_eq!(resp.lines[1], "OK");
}

// ===================================================================
// BDAT pipelining (RFC 3030 Section 3 + RFC 1854)
// ===================================================================

/// Helper: create capabilities with both PIPELINING and CHUNKING.
fn smtp_caps_with_pipelining_and_chunking() -> ServerCapabilities {
    ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Pipelining, SmtpExtension::Chunking],
    }
}

// -------------------------------------------------------------------
// Pipelined BDAT — all recipients accepted (RFC 3030 §3 + RFC 1854 §3)
// -------------------------------------------------------------------

/// RFC 3030 Section 3 / RFC 1854 Section 3: when the server supports
/// both PIPELINING and CHUNKING, BDAT batches MAIL FROM + RCPT TO(s) +
/// BDAT LAST + message data into a single write, then reads responses.
#[tokio::test]
async fn pipelined_bdat_all_recipients_ok() {
    // mock_server sends all responses without waiting for reads — this
    // works for pipelining where the client sends everything first.
    let stream = mock_server(vec![
        // MAIL FROM response
        "250 OK\r\n",
        // RCPT TO responses
        "250 OK\r\n",
        "250 OK\r\n",
        // BDAT LAST response
        "250 Message accepted\r\n",
    ])
    .await;

    let conn = SmtpConnection::from_plain(
        stream,
        smtp_caps_with_pipelining_and_chunking(),
        Protocol::Smtp,
    );

    let result = conn
        .send_bdat(
            &ReversePath::new("sender@example.com").unwrap(),
            &[
                ForwardPath::new("rcpt1@example.com").unwrap(),
                ForwardPath::new("rcpt2@example.com").unwrap(),
            ],
            b"Subject: Test\r\n\r\nHello",
            None,
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_ok(), "expected success, got: {result:?}");
    let send_result = result.unwrap();
    assert!(
        send_result.all_accepted(),
        "all recipients should be accepted"
    );
}

// -------------------------------------------------------------------
// Pipelined BDAT — verifies all commands sent in one write (RFC 1854 §3)
// -------------------------------------------------------------------

/// RFC 1854 Section 3: verify that pipelined BDAT sends MAIL FROM,
/// RCPT TO, and BDAT LAST + message data in a single write. The mock
/// server reads once and asserts that all commands arrived together.
#[tokio::test]
async fn pipelined_bdat_sends_all_commands_in_single_write() {
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = vec![0u8; 8192];

        // Read the first batch — should contain all pipelined commands.
        let n = socket.read(&mut buf).await.unwrap();
        assert!(n > 0, "expected data from client");
        let text = String::from_utf8_lossy(&buf[..n]);

        // All commands must appear in the single read.
        assert!(
            text.contains("MAIL FROM:"),
            "pipelined write must contain MAIL FROM; got: {text}"
        );
        assert!(
            text.contains("RCPT TO:"),
            "pipelined write must contain RCPT TO; got: {text}"
        );
        assert!(
            text.contains("BDAT "),
            "pipelined write must contain BDAT; got: {text}"
        );
        assert!(
            text.contains("LAST"),
            "pipelined write must contain LAST; got: {text}"
        );
        // The message body should also be in the same write.
        assert!(
            text.contains("Hello"),
            "pipelined write must contain message body; got: {text}"
        );

        // Send all responses.
        socket
            .write_all(b"250 OK\r\n250 OK\r\n250 Message accepted\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    let conn = SmtpConnection::from_plain(
        stream,
        smtp_caps_with_pipelining_and_chunking(),
        Protocol::Smtp,
    );

    let result = conn
        .send_bdat(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello",
            None,
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_ok(), "pipelined BDAT should succeed: {result:?}");
    server.await.unwrap();
}

// -------------------------------------------------------------------
// Pipelined BDAT — MAIL FROM rejected (RFC 1854 §3 + RFC 3030 §3)
// -------------------------------------------------------------------

/// RFC 1854 Section 3 / RFC 3030 Section 3: when MAIL FROM is rejected
/// in pipelined BDAT mode, the client must drain remaining responses
/// (RCPT TOs + BDAT) and issue RSET.
#[tokio::test]
async fn pipelined_bdat_mail_from_failure() {
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = [0u8; 8192];

        // Read pipelined commands.
        let n = socket.read(&mut buf).await.unwrap();
        assert!(n > 0);

        // MAIL FROM rejected, RCPT TO + BDAT still get responses.
        socket
            .write_all(b"550 Bad sender\r\n250 OK\r\n250 OK\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // Expect RSET after drain (RFC 3030 Section 3).
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            let text = String::from_utf8_lossy(&accumulated);
            if text.contains("RSET") {
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    let conn = SmtpConnection::from_plain(
        stream,
        smtp_caps_with_pipelining_and_chunking(),
        Protocol::Smtp,
    );

    let result = conn
        .send_bdat(
            &ReversePath::new("bad@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello",
            None,
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_err());
    match result.unwrap_err() {
        Error::Permanent { code, .. } => assert_eq!(code, 550),
        other => panic!("expected Permanent error, got: {other:?}"),
    }
    server.await.unwrap();
}

// -------------------------------------------------------------------
// Pipelined BDAT — all RCPT TOs rejected (RFC 1854 §3 + RFC 3030 §3)
// -------------------------------------------------------------------

/// RFC 5321 Section 3.3 / RFC 3030 Section 3: when all RCPT TO commands
/// are rejected in pipelined BDAT mode, the client must return
/// `AllRecipientsFailed` and issue RSET (indeterminate state after BDAT).
#[tokio::test]
async fn pipelined_bdat_all_rcpt_tos_fail() {
    let stream = mock_server(vec![
        // MAIL FROM OK
        "250 OK\r\n",
        // RCPT TO — rejected
        "550 User unknown\r\n",
        "550 User unknown\r\n",
        // BDAT response
        "250 OK\r\n",
        // RSET response
        "250 OK\r\n",
    ])
    .await;

    let conn = SmtpConnection::from_plain(
        stream,
        smtp_caps_with_pipelining_and_chunking(),
        Protocol::Smtp,
    );

    let result = conn
        .send_bdat(
            &ReversePath::new("sender@example.com").unwrap(),
            &[
                ForwardPath::new("bad1@example.com").unwrap(),
                ForwardPath::new("bad2@example.com").unwrap(),
            ],
            b"Subject: Test\r\n\r\nHello",
            None,
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_err());
    match result.unwrap_err() {
        Error::AllRecipientsFailed { count, responses } => {
            assert_eq!(count, 2, "should report 2 recipients");
            assert_eq!(responses.len(), 2, "should have 2 rejection responses");
        }
        other => panic!("expected AllRecipientsFailed, got: {other:?}"),
    }
}

// -------------------------------------------------------------------
// Pipelined BDAT — partial RCPT TO rejection (RFC 5321 §3.3)
// -------------------------------------------------------------------

/// RFC 5321 Section 3.3 / RFC 3030 Section 3: partial RCPT TO rejection
/// in pipelined BDAT mode should deliver to accepted recipients and
/// report rejected ones in the `SendResult`.
#[tokio::test]
async fn pipelined_bdat_partial_rcpt_rejection() {
    let stream = mock_server(vec![
        // MAIL FROM OK
        "250 OK\r\n",
        // First RCPT TO — accepted
        "250 OK\r\n",
        // Second RCPT TO — rejected
        "550 User unknown\r\n",
        // BDAT LAST response
        "250 Message accepted\r\n",
    ])
    .await;

    let conn = SmtpConnection::from_plain(
        stream,
        smtp_caps_with_pipelining_and_chunking(),
        Protocol::Smtp,
    );

    let result = conn
        .send_bdat(
            &ReversePath::new("sender@example.com").unwrap(),
            &[
                ForwardPath::new("good@example.com").unwrap(),
                ForwardPath::new("bad@example.com").unwrap(),
            ],
            b"Subject: Test\r\n\r\nHello",
            None,
            Duration::from_secs(5),
        )
        .await;

    let send_result = result.expect("send_bdat should succeed with partial rejection");
    assert!(
        send_result.has_rejections(),
        "SendResult must report partial RCPT TO rejections"
    );
    assert_eq!(
        send_result.rejected_recipients.len(),
        1,
        "exactly one recipient should be rejected"
    );
    assert_eq!(
        send_result.rejected_recipients[0].recipient.as_str(),
        "bad@example.com",
    );
    assert_eq!(send_result.rejected_recipients[0].response.code, 550);
}

// -------------------------------------------------------------------
// Pipelined BDAT — BDAT LAST failure triggers RSET (RFC 3030 §3)
// -------------------------------------------------------------------

/// RFC 3030 Section 3: "The resulting state from a failed BDAT command
/// is indeterminate. A RSET command MUST be issued." When BDAT LAST is
/// rejected in pipelined mode, the client must issue RSET.
#[tokio::test]
async fn pipelined_bdat_last_failure_sends_rset() {
    use tokio::io::AsyncReadExt;

    let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
    let addr = listener.local_addr().unwrap();

    let server = tokio::spawn(async move {
        let (mut socket, _) = listener.accept().await.unwrap();
        let mut buf = [0u8; 8192];

        // Read pipelined commands.
        let n = socket.read(&mut buf).await.unwrap();
        assert!(n > 0);

        // MAIL FROM OK, RCPT TO OK, BDAT LAST fails.
        socket
            .write_all(b"250 OK\r\n250 OK\r\n452 Insufficient storage\r\n")
            .await
            .unwrap();
        socket.flush().await.unwrap();

        // Expect RSET (RFC 3030 Section 3).
        let mut accumulated = Vec::new();
        loop {
            let n = socket.read(&mut buf).await.unwrap();
            accumulated.extend_from_slice(&buf[..n]);
            let text = String::from_utf8_lossy(&accumulated);
            if text.contains("RSET") {
                break;
            }
        }
        socket.write_all(b"250 OK\r\n").await.unwrap();
        socket.flush().await.unwrap();
        tokio::time::sleep(Duration::from_millis(200)).await;
    });

    let stream = TcpStream::connect(addr).await.unwrap();
    let conn = SmtpConnection::from_plain(
        stream,
        smtp_caps_with_pipelining_and_chunking(),
        Protocol::Smtp,
    );

    let result = conn
        .send_bdat(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello",
            None,
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_err());
    match result.unwrap_err() {
        Error::Transient { code, .. } => assert_eq!(code, 452),
        other => panic!("expected Transient error (452), got: {other:?}"),
    }
    server.await.unwrap();
}

// -------------------------------------------------------------------
// BDAT without PIPELINING still uses sequential path (RFC 3030 §3)
// -------------------------------------------------------------------

/// When the server supports CHUNKING but NOT PIPELINING, BDAT should
/// fall back to the sequential command/response pattern — each command
/// waits for its response before sending the next.
#[tokio::test]
async fn bdat_without_pipelining_uses_sequential_path() {
    // mock_interactive_server waits for each command before responding,
    // which only works with sequential sending.
    let stream = mock_interactive_server(vec![
        ("MAIL FROM:", "250 OK\r\n"),
        ("RCPT TO:", "250 OK\r\n"),
        ("BDAT ", "250 OK\r\n"),
    ])
    .await;

    let caps = ServerCapabilities {
        greeting_name: "test".into(),
        extensions: vec![SmtpExtension::Chunking],
    };
    let conn = SmtpConnection::from_plain(stream, caps, Protocol::Smtp);

    let result = conn
        .send_bdat(
            &ReversePath::new("sender@example.com").unwrap(),
            &[ForwardPath::new("rcpt@example.com").unwrap()],
            b"Subject: Test\r\n\r\nHello",
            None,
            Duration::from_secs(5),
        )
        .await;

    assert!(result.is_ok(), "sequential BDAT should succeed: {result:?}");
}

#[tokio::test]
async fn is_authenticated_returns_false_initially() {
    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    assert!(
        !conn.is_authenticated().await,
        "new connection must not be authenticated (RFC 4954 Section 3)"
    );
}

#[tokio::test]
async fn is_authenticated_returns_true_after_auth() {
    let stream = mock_server(vec![]).await;
    let conn = SmtpConnection::from_plain(stream, smtp_caps_no_pipelining(), Protocol::Smtp);

    // Simulate successful authentication by setting the flag directly.
    conn.inner.lock().await.authenticated = true;

    assert!(
        conn.is_authenticated().await,
        "connection must report authenticated after AUTH success (RFC 4954 Section 3)"
    );
}