fix(tests): update tests and test helpers to current email/DNS APIs, use non-privileged ports, and improve robustness and resilience

test/suite/smtpclient_security/test.csec-06.certificate-validation.ts

@@ -19,7 +19,7 @@ tap.test('CSEC-06: Valid certificate acceptance', async () => {
   const smtpClient = createTestSmtpClient({
     host: testServer.hostname,
     port: testServer.port,
-    secure: true,
+    secure: false,  // Use STARTTLS instead of direct TLS
     tls: {
       rejectUnauthorized: false  // Accept self-signed for test
     }
@@ -45,7 +45,7 @@ tap.test('CSEC-06: Self-signed certificate handling', async () => {
   const strictClient = createTestSmtpClient({
     host: testServer.hostname,
     port: testServer.port,
-    secure: true,
+    secure: false,  // Use STARTTLS
     tls: {
       rejectUnauthorized: true  // Reject self-signed
     }
@@ -72,7 +72,7 @@ tap.test('CSEC-06: Self-signed certificate handling', async () => {
   const relaxedClient = createTestSmtpClient({
     host: testServer.hostname,
     port: testServer.port,
-    secure: true,
+    secure: false,  // Use STARTTLS
     tls: {
       rejectUnauthorized: false  // Accept self-signed
     }
@@ -89,7 +89,7 @@ tap.test('CSEC-06: Certificate hostname verification', async () => {
   const smtpClient = createTestSmtpClient({
     host: testServer.hostname,
     port: testServer.port,
-    secure: true,
+    secure: false,  // Use STARTTLS
     tls: {
       rejectUnauthorized: false,  // For self-signed
       servername: testServer.hostname  // Verify hostname
@@ -114,7 +114,7 @@ tap.test('CSEC-06: Certificate validation with custom CA', async () => {
   const smtpClient = createTestSmtpClient({
     host: testServer.hostname,
     port: testServer.port,
-    secure: true,
+    secure: false,  // Use STARTTLS
     tls: {
       rejectUnauthorized: false,
       // In production, would specify CA certificates