chore(release): prepare for 2.47.0

If we learn about this message being available on IMAP later,
we will add another available_post_msgs row.
If we don't delete the row, we will keep failing each time
until IMAP entry becomes available and it may not happen.

.github/workflows/ci.yml

@@ -174,7 +174,7 @@ jobs:
         run: cargo build -p deltachat_ffi
 
       - name: Upload C library
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: ${{ matrix.os }}-libdeltachat.a
           path: target/debug/libdeltachat.a
@@ -200,7 +200,7 @@ jobs:
         run: cargo build -p deltachat-rpc-server
 
       - name: Upload deltachat-rpc-server
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: ${{ matrix.os }}-deltachat-rpc-server
           path: ${{ matrix.os == 'windows-latest' && 'target/debug/deltachat-rpc-server.exe' || 'target/debug/deltachat-rpc-server' }}

.github/workflows/deltachat-rpc-server.yml

@@ -40,7 +40,7 @@ jobs:
         run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-linux
 
       - name: Upload binary
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: deltachat-rpc-server-${{ matrix.arch }}-linux
           path: result/bin/deltachat-rpc-server
@@ -64,7 +64,7 @@ jobs:
         run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-linux-wheel
 
       - name: Upload wheel
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: deltachat-rpc-server-${{ matrix.arch }}-linux-wheel
           path: result/*.whl
@@ -88,7 +88,7 @@ jobs:
         run: nix build .#deltachat-rpc-server-${{ matrix.arch }}
 
       - name: Upload binary
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: deltachat-rpc-server-${{ matrix.arch }}
           path: result/bin/deltachat-rpc-server.exe
@@ -112,7 +112,7 @@ jobs:
         run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-wheel
 
       - name: Upload wheel
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: deltachat-rpc-server-${{ matrix.arch }}-wheel
           path: result/*.whl
@@ -139,7 +139,7 @@ jobs:
         run: cargo build --release --package deltachat-rpc-server --target ${{ matrix.arch }}-apple-darwin --features vendored
 
       - name: Upload binary
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: deltachat-rpc-server-${{ matrix.arch }}-macos
           path: target/${{ matrix.arch }}-apple-darwin/release/deltachat-rpc-server
@@ -163,7 +163,7 @@ jobs:
         run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-android
 
       - name: Upload binary
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: deltachat-rpc-server-${{ matrix.arch }}-android
           path: result/bin/deltachat-rpc-server
@@ -187,7 +187,7 @@ jobs:
         run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-android-wheel
 
       - name: Upload wheel
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: deltachat-rpc-server-${{ matrix.arch }}-android-wheel
           path: result/*.whl
@@ -496,7 +496,7 @@ jobs:
           ls -lah
 
       - name: Upload to artifacts
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: deltachat-rpc-server-npm-package
           path: deltachat-rpc-server/npm-package/*.tgz

.github/workflows/publish-deltachat-rpc-client-pypi.yml

@@ -23,7 +23,7 @@ jobs:
         working-directory: deltachat-rpc-client
         run: python3 -m build
       - name: Store the distribution packages
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: python-package-distributions
           path: deltachat-rpc-client/dist/

.github/workflows/repl.yml

@@ -22,7 +22,7 @@ jobs:
       - name: Build
         run: nix build .#deltachat-repl-win64
       - name: Upload binary
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: repl.exe
           path: "result/bin/deltachat-repl.exe"

.github/workflows/zizmor-scan.yml

@@ -23,4 +23,4 @@ jobs:
           persist-credentials: false
 
       - name: Run zizmor
-        uses: zizmorcore/zizmor-action@0dce2577a4760a2749d8cfb7a84b7d5585ebcb7d # v0.5.0
+        uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2

CHANGELOG.md

@@ -1,5 +1,80 @@
 # Changelog
 
+## [2.47.0] - 2026-03-24
+
+### Fixes
+
+- Don't fall into infinite loop if the folder is missing ([#8021](https://github.com/chatmail/core/pull/8021)).
+- Delete `available_post_msgs` row if the message is already downloaded.
+- Delete `available_post_msgs` row if there is no corresponding IMAP entry.
+- Make newlines work in chat descriptions ([#8012](https://github.com/chatmail/core/pull/8012)).
+
+### Features / Changes
+
+- use SEIPDv2 if all recipients support it.
+
+### Documentation
+
+- Add shadowsocks spec to standards.md.
+- Document Header Confidentiality Policy.
+- `deltachat_rpc_client`: make sphinx documentation display method parameters.
+- Remove `draft/aeap-mvp.md` which is superseded by key-contacts and multi-relay.
+
+### Refactor
+
+- Remove code to send messages without intended recipient fingerprint.
+
+### Tests
+
+- Make `add_or_lookup_contact_id_no_key` public.
+
+### Miscellaneous Tasks
+
+- cargo: bump sdp from 0.10.0 to 0.17.1.
+- Add RUSTSEC-2026-0049 exception to deny.toml.
+
+## [2.46.0] - 2026-03-19
+
+### API-Changes
+
+- [**breaking**] remove functions for sending and receiving Autocrypt Setup Message.
+- Add `list_transports_ex()` and `set_transport_unpublished()` functions.
+
+### Features / Changes
+
+- add `IncomingCallAccepted.from_this_device`.
+- mark messages as "fresh".
+- decode `dcaccount://` URLs and error out on empty URLs early.
+- enable anonymous OpenPGP key IDs.
+- tls: do not verify TLS certificates for hostnames starting with `_`.
+
+### Fixes
+
+- Mark call message as seen when accepting/declining a call ([#7842](https://github.com/chatmail/core/pull/7842)).
+- do not send MDNs for hidden messages.
+- call sync_all() instead of sync_data() when writing accounts.toml.
+- fsync() the rename() of accounts.toml.
+- count recipients by Intended Recipient Fingerprints.
+
+### Miscellaneous Tasks
+
+- deps: bump zizmorcore/zizmor-action from 0.5.0 to 0.5.2.
+- cargo: bump astral-tokio-tar from 0.5.6 to 0.6.0.
+- deps: bump actions/upload-artifact from 6 to 7.
+- cargo: bump blake3 from 1.8.2 to 1.8.3.
+- add constant_time_eq 0.3.1 to deny.toml.
+
+### Refactor
+
+- use re-exported rustls::pki_types.
+- import tokio_rustls::rustls.
+- Move transport_tests to their own file.
+
+### Tests
+
+- Shift time even more in flaky test_sync_broadcast_and_send_message.
+- test markfresh_chat()
+
 ## [2.45.0] - 2026-03-14
 
 ### API-Changes
@@ -7907,3 +7982,5 @@ https://github.com/chatmail/core/pulls?q=is%3Apr+is%3Aclosed
 [2.43.0]: https://github.com/chatmail/core/compare/v2.42.0..v2.43.0
 [2.44.0]: https://github.com/chatmail/core/compare/v2.43.0..v2.44.0
 [2.45.0]: https://github.com/chatmail/core/compare/v2.44.0..v2.45.0
+[2.46.0]: https://github.com/chatmail/core/compare/v2.45.0..v2.46.0
+[2.47.0]: https://github.com/chatmail/core/compare/v2.46.0..v2.47.0

Cargo.lock

@@ -194,9 +194,9 @@ dependencies = [
 
 [[package]]
 name = "astral-tokio-tar"
-version = "0.5.6"
+version = "0.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ec179a06c1769b1e42e1e2cbe74c7dcdb3d6383c838454d063eaac5bbb7ebbe5"
+checksum = "3c23f3af104b40a3430ccb90ed5f7bd877a8dc5c26fc92fde51a22b40890dcf9"
 dependencies = [
  "filetime",
  "futures-core",
@@ -497,15 +497,16 @@ dependencies = [
 
 [[package]]
 name = "blake3"
-version = "1.8.2"
+version = "1.8.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3888aaa89e4b2a40fca9848e400f6a658a5a3978de7be858e209cafa8be9a4a0"
+checksum = "2468ef7d57b3fb7e16b576e8377cdbde2320c60e1491e961d11da40fc4f02a2d"
 dependencies = [
  "arrayref",
  "arrayvec",
  "cc",
  "cfg-if",
- "constant_time_eq",
+ "constant_time_eq 0.4.2",
+ "cpufeatures",
 ]
 
 [[package]]
@@ -963,6 +964,12 @@ version = "0.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7c74b8349d32d297c9134b8c88677813a227df8f779daa29bfc29c183fe3dca6"
 
+[[package]]
+name = "constant_time_eq"
+version = "0.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3d52eff69cd5e647efe296129160853a42795992097e8af39800e1060caeea9b"
+
 [[package]]
 name = "convert_case"
 version = "0.5.0"
@@ -1300,7 +1307,7 @@ dependencies = [
 
 [[package]]
 name = "deltachat"
-version = "2.46.0-dev"
+version = "2.47.0"
 dependencies = [
  "anyhow",
  "astral-tokio-tar",
@@ -1358,7 +1365,6 @@ dependencies = [
  "ratelimit",
  "regex",
  "rusqlite",
- "rustls-pki-types",
  "sanitize-filename",
  "sdp",
  "serde",
@@ -1410,7 +1416,7 @@ dependencies = [
 
 [[package]]
 name = "deltachat-jsonrpc"
-version = "2.46.0-dev"
+version = "2.47.0"
 dependencies = [
  "anyhow",
  "async-channel 2.5.0",
@@ -1431,7 +1437,7 @@ dependencies = [
 
 [[package]]
 name = "deltachat-repl"
-version = "2.46.0-dev"
+version = "2.47.0"
 dependencies = [
  "anyhow",
  "deltachat",
@@ -1447,7 +1453,7 @@ dependencies = [
 
 [[package]]
 name = "deltachat-rpc-server"
-version = "2.46.0-dev"
+version = "2.47.0"
 dependencies = [
  "anyhow",
  "deltachat",
@@ -1476,7 +1482,7 @@ dependencies = [
 
 [[package]]
 name = "deltachat_ffi"
-version = "2.46.0-dev"
+version = "2.47.0"
 dependencies = [
  "anyhow",
  "deltachat",
@@ -3026,7 +3032,7 @@ dependencies = [
  "arrayvec",
  "cc",
  "cfg-if",
- "constant_time_eq",
+ "constant_time_eq 0.3.1",
 ]
 
 [[package]]
@@ -5301,9 +5307,9 @@ checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
 
 [[package]]
 name = "sdp"
-version = "0.10.0"
+version = "0.17.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "32c374dceda16965d541c8800ce9cc4e1c14acfd661ddf7952feeedc3411e5c6"
+checksum = "22c3b0257608d7de4de4c4ea650ccc2e6e3e45e3cd80039fcdee768bcb449253"
 dependencies = [
  "rand 0.9.2",
  "substring",

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "deltachat"
-version = "2.46.0-dev"
+version = "2.47.0"
 edition = "2024"
 license = "MPL-2.0"
 rust-version = "1.88"
@@ -86,9 +86,8 @@ rand-old = { package = "rand", version = "0.8" }
 rand = { workspace = true }
 regex = { workspace = true }
 rusqlite = { workspace = true, features = ["sqlcipher"] }
-rustls-pki-types = "1.12.0"
 sanitize-filename = { workspace = true }
-sdp = "0.10.0"
+sdp = "0.17.1"
 serde_json = { workspace = true }
 serde_urlencoded = "0.7.1"
 serde = { workspace = true, features = ["derive"] }
@@ -104,7 +103,7 @@ thiserror = { workspace = true }
 tokio-io-timeout = "1.2.1"
 tokio-rustls = { version = "0.26.2", default-features = false }
 tokio-stream = { version = "0.1.17", features = ["fs"] }
-astral-tokio-tar = { version = "0.5.6", default-features = false }
+astral-tokio-tar = { version = "0.6", default-features = false }
 tokio-util = { workspace = true }
 tokio = { workspace = true, features = ["fs", "rt-multi-thread", "macros"] }
 toml = "0.9"

deltachat-ffi/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "deltachat_ffi"
-version = "2.46.0-dev"
+version = "2.47.0"
 description = "Deltachat FFI"
 edition = "2018"
 readme = "README.md"

deltachat-ffi/deltachat.h

@@ -1569,7 +1569,7 @@ dc_array_t*     dc_wait_next_msgs            (dc_context_t* context);
  * (read receipts aren't sent for noticed messages).
  *
  * Calling this function usually results in the event #DC_EVENT_MSGS_NOTICED.
- * See also dc_markseen_msgs().
+ * See also dc_markseen_msgs() and dc_markfresh_chat().
  *
  * @memberof dc_context_t
  * @param context The context object as returned from dc_context_new().
@@ -1578,6 +1578,29 @@ dc_array_t*     dc_wait_next_msgs            (dc_context_t* context);
 void            dc_marknoticed_chat          (dc_context_t* context, uint32_t chat_id);
 
 
+/**
+ * Mark the last incoming message in chat as _fresh_.
+ *
+ * UI can use this to offer a "mark unread" option,
+ * so that already noticed chats (see dc_marknoticed_chat()) get a badge counter again.
+ *
+ * dc_get_fresh_msg_cnt() and dc_get_fresh_msgs() usually is increased by one afterwards.
+ *
+ * #DC_EVENT_MSGS_CHANGED is fired as usual,
+ * however, #DC_EVENT_INCOMING_MSG is _not_ fired again.
+ * This is to not add complexity to incoming messages code,
+ * e.g. UI usually does not add notifications for manually unread chats.
+ * If the UI wants to update system badge counters,
+ * they should do so directly after calling dc_markfresh_chat().
+ *
+ * @memberof dc_context_t
+ * @param context The context object as returned from dc_context_new().
+ * @param chat_id The chat ID of which the last incoming message should be marked as fresh.
+ *     If the chat does not have incoming messages, nothing happens.
+ */
+void            dc_markfresh_chat            (dc_context_t* context, uint32_t chat_id);
+
+
 /**
  * Returns all message IDs of the given types in a given chat or any chat.
  * Typically used to show a gallery.
@@ -2471,76 +2494,6 @@ void            dc_imex                      (dc_context_t* context, int what, c
 char*           dc_imex_has_backup           (dc_context_t* context, const char* dir);
 
 
-/**
- * Initiate Autocrypt Setup Transfer.
- * Before starting the setup transfer with this function, the user should be asked:
- *
- * ~~~
- * "An 'Autocrypt Setup Message' securely shares your end-to-end setup with other Autocrypt-compliant apps.
- * The setup will be encrypted by a setup code which is displayed here and must be typed on the other device.
- * ~~~
- *
- * After that, this function should be called to send the Autocrypt Setup Message.
- * The function creates the setup message and adds it to outgoing message queue.
- * The message is sent asynchronously.
- *
- * The required setup code is returned in the following format:
- *
- * ~~~
- * 1234-1234-1234-1234-1234-1234-1234-1234-1234
- * ~~~
- *
- * The setup code should be shown to the user then:
- *
- * ~~~
- * "Your key has been sent to yourself. Switch to the other device and
- * open the setup message. You should be prompted for a setup code. Type
- * the following digits into the prompt:
- *
- * 1234 - 1234 - 1234 -
- * 1234 - 1234 - 1234 -
- * 1234 - 1234 - 1234
- *
- * Once you're done, your other device will be ready to use Autocrypt."
- * ~~~
- *
- * On the _other device_ you will call dc_continue_key_transfer() then
- * for setup messages identified by dc_msg_is_setupmessage().
- *
- * For more details about the Autocrypt setup process, please refer to
- * https://autocrypt.org/en/latest/level1.html#autocrypt-setup-message
- *
- * @memberof dc_context_t
- * @param context The context object.
- * @return The setup code. Must be released using dc_str_unref() after usage.
- *     On errors, e.g. if the message could not be sent, NULL is returned.
- */
-char*           dc_initiate_key_transfer     (dc_context_t* context);
-
-
-/**
- * Continue the Autocrypt Key Transfer on another device.
- *
- * If you have started the key transfer on another device using dc_initiate_key_transfer()
- * and you've detected a setup message with dc_msg_is_setupmessage(), you should prompt the
- * user for the setup code and call this function then.
- *
- * You can use dc_msg_get_setupcodebegin() to give the user a hint about the code (useful if the user
- * has created several messages and should not enter the wrong code).
- *
- * @memberof dc_context_t
- * @param context The context object.
- * @param msg_id The ID of the setup message to decrypt.
- * @param setup_code The setup code entered by the user. This is the same setup code as returned from
- *     dc_initiate_key_transfer() on the other device.
- *     There is no need to format the string correctly, the function will remove all spaces and other characters and
- *     insert the `-` characters at the correct places.
- * @return 1=key successfully decrypted and imported; both devices will use the same key now;
- *     0=key transfer failed e.g. due to a bad setup code.
- */
-int             dc_continue_key_transfer     (dc_context_t* context, uint32_t msg_id, const char* setup_code);
-
-
 /**
  * Signal an ongoing process to stop.
  *
@@ -4659,7 +4612,10 @@ uint32_t        dc_msg_get_info_contact_id    (const dc_msg_t* msg);
 #define         DC_INFO_GROUP_IMAGE_CHANGED        3
 #define         DC_INFO_MEMBER_ADDED_TO_GROUP      4
 #define         DC_INFO_MEMBER_REMOVED_FROM_GROUP  5
+
+// Deprecated as of 2026-03-16, not used for new messages.
 #define         DC_INFO_AUTOCRYPT_SETUP_MESSAGE    6
+
 #define         DC_INFO_SECURE_JOIN_MESSAGE        7
 #define         DC_INFO_LOCATIONSTREAMING_ENABLED  8
 #define         DC_INFO_LOCATION_ONLY              9
@@ -4689,40 +4645,6 @@ uint32_t        dc_msg_get_info_contact_id    (const dc_msg_t* msg);
 char*           dc_msg_get_webxdc_href        (const dc_msg_t* msg);
 
 
-/**
- * Check if the message is an Autocrypt Setup Message.
- *
- * Setup messages should be shown in an unique way e.g. using a different text color.
- * On a click or another action, the user should be prompted for the setup code
- * which is forwarded to dc_continue_key_transfer() then.
- *
- * Setup message are typically generated by dc_initiate_key_transfer() on another device.
- *
- * @memberof dc_msg_t
- * @param msg The message object.
- * @return 1=message is a setup message, 0=no setup message.
- *     For setup messages, dc_msg_get_viewtype() returns #DC_MSG_FILE.
- */
-int             dc_msg_is_setupmessage        (const dc_msg_t* msg);
-
-
-/**
- * Get the first characters of the setup code.
- *
- * Typically, this is used to pre-fill the first entry field of the setup code.
- * If the user has several setup messages, he can be sure typing in the correct digits.
- *
- * To check, if a message is a setup message, use dc_msg_is_setupmessage().
- * To decrypt a secret key from a setup message, use dc_continue_key_transfer().
- *
- * @memberof dc_msg_t
- * @param msg The message object.
- * @return Typically the first two digits of the setup code or an empty string if unknown.
- *     NULL is never returned. Must be released using dc_str_unref() when done.
- */
-char*           dc_msg_get_setupcodebegin     (const dc_msg_t* msg);
-
-
 /**
  * Gets the error status of the message.
  * If there is no error associated with the message, NULL is returned.
@@ -6316,7 +6238,7 @@ void dc_event_unref(dc_event_t* event);
  * should not be disturbed by a dialog or so. Instead, use a bubble or so.
  *
  * However, for ongoing processes (e.g. dc_configure())
- * or for functions that are expected to fail (e.g. dc_continue_key_transfer())
+ * or for functions that are expected to fail
  * it might be better to delay showing these events until the function has really
  * failed (returned false). It should be sufficient to report only the _last_ error
  * in a message box then.
@@ -6784,8 +6706,8 @@ void dc_event_unref(dc_event_t* event);
  * UI should update the list.
  *
  * The event is emitted when the transports are modified on another device
- * using the JSON-RPC calls `add_or_update_transport`, `add_transport_from_qr`, `delete_transport`
- * or `set_config(configured_addr)`.
+ * using the JSON-RPC calls `add_or_update_transport`, `add_transport_from_qr`, `delete_transport`,
+ * `set_transport_unpublished` or `set_config(configured_addr)`.
  */
 #define DC_EVENT_TRANSPORTS_MODIFIED           2600
 

deltachat-ffi/src/lib.rs

@@ -1523,6 +1523,23 @@ pub unsafe extern "C" fn dc_marknoticed_chat(context: *mut dc_context_t, chat_id
     })
 }
 
+#[no_mangle]
+pub unsafe extern "C" fn dc_markfresh_chat(context: *mut dc_context_t, chat_id: u32) {
+    if context.is_null() {
+        eprintln!("ignoring careless call to dc_markfresh_chat()");
+        return;
+    }
+    let ctx = &*context;
+
+    block_on(async move {
+        chat::markfresh_chat(ctx, ChatId::new(chat_id))
+            .await
+            .context("Failed markfresh chat")
+            .log_err(ctx)
+            .unwrap_or(())
+    })
+}
+
 fn from_prim<S, T>(s: S) -> Option<T>
 where
     T: FromPrimitive,
@@ -2429,45 +2446,6 @@ pub unsafe extern "C" fn dc_imex_has_backup(
     }
 }
 
-#[no_mangle]
-pub unsafe extern "C" fn dc_initiate_key_transfer(context: *mut dc_context_t) -> *mut libc::c_char {
-    if context.is_null() {
-        eprintln!("ignoring careless call to dc_initiate_key_transfer()");
-        return ptr::null_mut(); // NULL explicitly defined as "error"
-    }
-    let ctx = &*context;
-
-    match block_on(imex::initiate_key_transfer(ctx))
-        .context("dc_initiate_key_transfer()")
-        .log_err(ctx)
-    {
-        Ok(res) => res.strdup(),
-        Err(_) => ptr::null_mut(),
-    }
-}
-
-#[no_mangle]
-pub unsafe extern "C" fn dc_continue_key_transfer(
-    context: *mut dc_context_t,
-    msg_id: u32,
-    setup_code: *const libc::c_char,
-) -> libc::c_int {
-    if context.is_null() || msg_id <= constants::DC_MSG_ID_LAST_SPECIAL || setup_code.is_null() {
-        eprintln!("ignoring careless call to dc_continue_key_transfer()");
-        return 0;
-    }
-    let ctx = &*context;
-
-    block_on(imex::continue_key_transfer(
-        ctx,
-        MsgId::new(msg_id),
-        &to_string_lossy(setup_code),
-    ))
-    .context("dc_continue_key_transfer")
-    .log_err(ctx)
-    .is_ok() as libc::c_int
-}
-
 #[no_mangle]
 pub unsafe extern "C" fn dc_stop_ongoing_process(context: *mut dc_context_t) {
     if context.is_null() {
@@ -3790,16 +3768,6 @@ pub unsafe extern "C" fn dc_msg_get_webxdc_href(msg: *mut dc_msg_t) -> *mut libc
     ffi_msg.message.get_webxdc_href().strdup()
 }
 
-#[no_mangle]
-pub unsafe extern "C" fn dc_msg_is_setupmessage(msg: *mut dc_msg_t) -> libc::c_int {
-    if msg.is_null() {
-        eprintln!("ignoring careless call to dc_msg_is_setupmessage()");
-        return 0;
-    }
-    let ffi_msg = &*msg;
-    ffi_msg.message.is_setupmessage().into()
-}
-
 #[no_mangle]
 pub unsafe extern "C" fn dc_msg_has_html(msg: *mut dc_msg_t) -> libc::c_int {
     if msg.is_null() {
@@ -3810,20 +3778,6 @@ pub unsafe extern "C" fn dc_msg_has_html(msg: *mut dc_msg_t) -> libc::c_int {
     ffi_msg.message.has_html().into()
 }
 
-#[no_mangle]
-pub unsafe extern "C" fn dc_msg_get_setupcodebegin(msg: *mut dc_msg_t) -> *mut libc::c_char {
-    if msg.is_null() {
-        eprintln!("ignoring careless call to dc_msg_get_setupcodebegin()");
-        return "".strdup();
-    }
-    let ffi_msg = &*msg;
-    let ctx = &*ffi_msg.context;
-
-    block_on(ffi_msg.message.get_setupcodebegin(ctx))
-        .unwrap_or_default()
-        .strdup()
-}
-
 #[no_mangle]
 pub unsafe extern "C" fn dc_msg_set_text(msg: *mut dc_msg_t, text: *const libc::c_char) {
     if msg.is_null() {

deltachat-jsonrpc/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-jsonrpc"
-version = "2.46.0-dev"
+version = "2.47.0"
 description = "DeltaChat JSON-RPC API"
 edition = "2021"
 license = "MPL-2.0"

deltachat-jsonrpc/src/api.rs

@@ -68,6 +68,7 @@ use self::types::{
     },
 };
 use crate::api::types::chat_list::{get_chat_list_item_by_id, ChatListItemFetchResult};
+use crate::api::types::login_param::TransportListEntry;
 use crate::api::types::qr::{QrObject, SecurejoinSource, SecurejoinUiPath};
 
 #[derive(Debug)]
@@ -528,6 +529,7 @@ impl CommandApi {
     ///   from a server encoded in a QR code.
     /// - [Self::list_transports()] to get a list of all configured transports.
     /// - [Self::delete_transport()] to remove a transport.
+    /// - [Self::set_transport_unpublished()] to set whether contacts see this transport.
     async fn add_or_update_transport(
         &self,
         account_id: u32,
@@ -553,7 +555,23 @@ impl CommandApi {
     /// Returns the list of all email accounts that are used as a transport in the current profile.
     /// Use [Self::add_or_update_transport()] to add or change a transport
     /// and [Self::delete_transport()] to delete a transport.
+    /// Use [Self::list_transports_ex()] to additionally query
+    /// whether the transports are marked as 'unpublished'.
     async fn list_transports(&self, account_id: u32) -> Result<Vec<EnteredLoginParam>> {
+        let ctx = self.get_context(account_id).await?;
+        let res = ctx
+            .list_transports()
+            .await?
+            .into_iter()
+            .map(|t| t.param.into())
+            .collect();
+        Ok(res)
+    }
+
+    /// Returns the list of all email accounts that are used as a transport in the current profile.
+    /// Use [Self::add_or_update_transport()] to add or change a transport
+    /// and [Self::delete_transport()] to delete a transport.
+    async fn list_transports_ex(&self, account_id: u32) -> Result<Vec<TransportListEntry>> {
         let ctx = self.get_context(account_id).await?;
         let res = ctx
             .list_transports()
@@ -571,6 +589,26 @@ impl CommandApi {
         ctx.delete_transport(&addr).await
     }
 
+    /// Change whether the transport is unpublished.
+    ///
+    /// Unpublished transports are not advertised to contacts,
+    /// and self-sent messages are not sent there,
+    /// so that we don't cause extra messages to the corresponding inbox,
+    /// but can still receive messages from contacts who don't know our new transport addresses yet.
+    ///
+    /// The default is false, but when the user updates from a version that didn't have this flag,
+    /// existing secondary transports are set to unpublished,
+    /// so that an existing transport address doesn't suddenly get spammed with a lot of messages.
+    async fn set_transport_unpublished(
+        &self,
+        account_id: u32,
+        addr: String,
+        unpublished: bool,
+    ) -> Result<()> {
+        let ctx = self.get_context(account_id).await?;
+        ctx.set_transport_unpublished(&addr, unpublished).await
+    }
+
     /// Signal an ongoing process to stop.
     async fn stop_ongoing_process(&self, account_id: u32) -> Result<()> {
         let ctx = self.get_context(account_id).await?;
@@ -699,25 +737,6 @@ impl CommandApi {
         message::estimate_deletion_cnt(&ctx, from_server, seconds).await
     }
 
-    // ---------------------------------------------
-    //  autocrypt
-    // ---------------------------------------------
-
-    async fn initiate_autocrypt_key_transfer(&self, account_id: u32) -> Result<String> {
-        let ctx = self.get_context(account_id).await?;
-        deltachat::imex::initiate_key_transfer(&ctx).await
-    }
-
-    async fn continue_autocrypt_key_transfer(
-        &self,
-        account_id: u32,
-        message_id: u32,
-        setup_code: String,
-    ) -> Result<()> {
-        let ctx = self.get_context(account_id).await?;
-        deltachat::imex::continue_key_transfer(&ctx, MsgId::new(message_id), &setup_code).await
-    }
-
     // ---------------------------------------------
     //   chat list
     // ---------------------------------------------

deltachat-jsonrpc/src/api/types/login_param.rs

@@ -4,6 +4,16 @@ use serde::Deserialize;
 use serde::Serialize;
 use yerpc::TypeDef;
 
+#[derive(Serialize, TypeDef, schemars::JsonSchema)]
+#[serde(rename_all = "camelCase")]
+pub struct TransportListEntry {
+    /// The login data entered by the user.
+    pub param: EnteredLoginParam,
+    /// Whether this transport is set to 'unpublished'.
+    /// See `set_transport_unpublished` / `setTransportUnpublished` for details.
+    pub is_unpublished: bool,
+}
+
 /// Login parameters entered by the user.
 ///
 /// Usually it will be enough to only set `addr` and `password`,
@@ -56,6 +66,15 @@ pub struct EnteredLoginParam {
     pub oauth2: Option<bool>,
 }
 
+impl From<dc::TransportListEntry> for TransportListEntry {
+    fn from(transport: dc::TransportListEntry) -> Self {
+        TransportListEntry {
+            param: transport.param.into(),
+            is_unpublished: transport.is_unpublished,
+        }
+    }
+}
+
 impl From<dc::EnteredLoginParam> for EnteredLoginParam {
     fn from(param: dc::EnteredLoginParam) -> Self {
         let imap_security: Socket = param.imap.security.into();

deltachat-jsonrpc/src/api/types/message.rs

@@ -68,7 +68,6 @@ pub struct MessageObject {
     /// if `show_padlock` is `false`,
     /// and nothing if it is `true`.
     show_padlock: bool,
-    is_setupmessage: bool,
     is_info: bool,
     is_forwarded: bool,
 
@@ -88,8 +87,6 @@ pub struct MessageObject {
     override_sender_name: Option<String>,
     sender: ContactObject,
 
-    setup_code_begin: Option<String>,
-
     file: Option<String>,
     file_mime: Option<String>,
 
@@ -226,7 +223,6 @@ impl MessageObject {
 
             subject: message.get_subject().to_owned(),
             show_padlock: message.get_showpadlock(),
-            is_setupmessage: message.is_setupmessage(),
             is_info: message.is_info(),
             is_forwarded: message.is_forwarded(),
             is_bot: message.is_bot(),
@@ -243,8 +239,6 @@ impl MessageObject {
             override_sender_name,
             sender,
 
-            setup_code_begin: message.get_setupcodebegin(context).await,
-
             file: match message.get_file(context) {
                 Some(path_buf) => path_buf.to_str().map(|s| s.to_owned()),
                 None => None,

deltachat-jsonrpc/typescript/package.json

@@ -54,5 +54,5 @@
   },
   "type": "module",
   "types": "dist/deltachat.d.ts",
-  "version": "2.46.0-dev"
+  "version": "2.47.0"
 }

deltachat-repl/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-repl"
-version = "2.46.0-dev"
+version = "2.47.0"
 license = "MPL-2.0"
 edition = "2021"
 repository = "https://github.com/chatmail/core"

deltachat-repl/src/cmdline.rs

@@ -302,9 +302,6 @@ pub async fn cmdline(context: Context, line: &str, chat_id: &mut ChatId) -> Resu
             // TODO: reuse commands definition in main.rs.
             "imex" => println!(
                 "====================Import/Export commands==\n\
-                 initiate-key-transfer\n\
-                 get-setupcodebegin <msg-id>\n\
-                 continue-key-transfer <msg-id> <setup-code>\n\
                  has-backup\n\
                  export-backup\n\
                  import-backup <backup-file>\n\
@@ -408,34 +405,6 @@ pub async fn cmdline(context: Context, line: &str, chat_id: &mut ChatId) -> Resu
                  ============================================="
             ),
         },
-        "initiate-key-transfer" => match initiate_key_transfer(&context).await {
-            Ok(setup_code) => {
-                println!("Setup code for the transferred setup message: {setup_code}",)
-            }
-            Err(err) => bail!("Failed to generate setup code: {err}"),
-        },
-        "get-setupcodebegin" => {
-            ensure!(!arg1.is_empty(), "Argument <msg-id> missing.");
-            let msg_id: MsgId = MsgId::new(arg1.parse()?);
-            let msg = Message::load_from_db(&context, msg_id).await?;
-            if msg.is_setupmessage() {
-                let setupcodebegin = msg.get_setupcodebegin(&context).await;
-                println!(
-                    "The setup code for setup message {} starts with: {}",
-                    msg_id,
-                    setupcodebegin.unwrap_or_default(),
-                );
-            } else {
-                bail!("{msg_id} is no setup message.",);
-            }
-        }
-        "continue-key-transfer" => {
-            ensure!(
-                !arg1.is_empty() && !arg2.is_empty(),
-                "Arguments <msg-id> <setup-code> expected"
-            );
-            continue_key_transfer(&context, MsgId::new(arg1.parse()?), arg2).await?;
-        }
         "has-backup" => {
             has_backup(&context, blobdir).await?;
         }

deltachat-repl/src/main.rs

@@ -149,10 +149,7 @@ impl Completer for DcHelper {
     }
 }
 
-const IMEX_COMMANDS: [&str; 13] = [
-    "initiate-key-transfer",
-    "get-setupcodebegin",
-    "continue-key-transfer",
+const IMEX_COMMANDS: [&str; 10] = [
     "has-backup",
     "export-backup",
     "import-backup",

deltachat-rpc-client/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "deltachat-rpc-client"
-version = "2.46.0-dev"
+version = "2.47.0"
 license = "MPL-2.0"
 description = "Python client for Delta Chat core JSON-RPC interface"
 classifiers = [

deltachat-rpc-client/src/deltachat_rpc_client/_utils.py

@@ -187,13 +187,9 @@ class futuremethod:  # noqa: N801
     """Decorator for async methods."""
 
     def __init__(self, func):
-        functools.update_wrapper(self, func)
         self._func = func
 
     def __get__(self, instance, owner=None):
-        if instance is None:
-            return self
-
         def future(*args):
             generator = self._func(instance, *args)
             res = next(generator)
@@ -206,6 +202,7 @@ class futuremethod:  # noqa: N801
 
             return f
 
+        @functools.wraps(self._func)
         def wrapper(*args):
             f = future(*args)
             return f()

deltachat-rpc-client/src/deltachat_rpc_client/account.py

@@ -483,10 +483,6 @@ class Account:
         passphrase = ""  # Importing passphrase-protected keys is currently not supported.
         self._rpc.import_self_keys(self.id, str(path), passphrase)
 
-    def initiate_autocrypt_key_transfer(self) -> None:
-        """Send Autocrypt Setup Message."""
-        return self._rpc.initiate_autocrypt_key_transfer(self.id)
-
     def ice_servers(self) -> list:
         """Return ICE servers for WebRTC configuration."""
         ice_servers_json = self._rpc.ice_servers(self.id)

deltachat-rpc-client/src/deltachat_rpc_client/message.py

@@ -72,14 +72,6 @@ class Message:
         """Return True if the message exists."""
         return bool(self._rpc.get_existing_msg_ids(self.account.id, [self.id]))
 
-    def continue_autocrypt_key_transfer(self, setup_code: str) -> None:
-        """Continue the Autocrypt Setup Message key transfer.
-
-        This function can be called on received Autocrypt Setup Message
-        to import the key encrypted with the provided setup code.
-        """
-        self._rpc.continue_autocrypt_key_transfer(self.account.id, self.id, setup_code)
-
     def send_webxdc_status_update(self, update: Union[dict, str], description: str) -> None:
         """Send a webxdc status update. This message must be a webxdc."""
         if not isinstance(update, str):

deltachat-rpc-client/tests/test_key_transfer.py

@@ -1,49 +0,0 @@
-import pytest
-
-from deltachat_rpc_client import EventType
-from deltachat_rpc_client.rpc import JsonRpcError
-
-
-def wait_for_autocrypt_setup_message(account):
-    while True:
-        event = account.wait_for_event()
-        if event.kind == EventType.MSGS_CHANGED and event.msg_id != 0:
-            msg_id = event.msg_id
-            msg = account.get_message_by_id(msg_id)
-            if msg.get_snapshot().is_setupmessage:
-                return msg
-
-
-def test_autocrypt_setup_message_key_transfer(acfactory):
-    alice1 = acfactory.get_online_account()
-
-    alice2 = acfactory.get_unconfigured_account()
-    alice2.add_or_update_transport({"addr": alice1.get_config("addr"), "password": alice1.get_config("mail_pw")})
-    alice2.bring_online()
-
-    setup_code = alice1.initiate_autocrypt_key_transfer()
-    msg = wait_for_autocrypt_setup_message(alice2)
-
-    # Test that entering wrong code returns an error.
-    with pytest.raises(JsonRpcError):
-        msg.continue_autocrypt_key_transfer("7037-0673-6287-3013-4095-7956-5617-6806-6756")
-
-    msg.continue_autocrypt_key_transfer(setup_code)
-
-
-def test_ac_setup_message_twice(acfactory):
-    alice1 = acfactory.get_online_account()
-
-    alice2 = acfactory.get_unconfigured_account()
-    alice2.add_or_update_transport({"addr": alice1.get_config("addr"), "password": alice1.get_config("mail_pw")})
-    alice2.bring_online()
-
-    # Send the first Autocrypt Setup Message and ignore it.
-    _setup_code = alice1.initiate_autocrypt_key_transfer()
-    wait_for_autocrypt_setup_message(alice2)
-
-    # Send the second Autocrypt Setup Message and import it.
-    setup_code = alice1.initiate_autocrypt_key_transfer()
-    msg = wait_for_autocrypt_setup_message(alice2)
-
-    msg.continue_autocrypt_key_transfer(setup_code)

deltachat-rpc-client/tests/test_multitransport.py

@@ -1,7 +1,7 @@
 import pytest
 
 from deltachat_rpc_client import EventType
-from deltachat_rpc_client.const import DownloadState
+from deltachat_rpc_client.const import ChatType, DownloadState
 from deltachat_rpc_client.rpc import JsonRpcError
 
 
@@ -357,7 +357,7 @@ def test_message_info_imap_urls(acfactory) -> None:
     assert f"{new_alice_addr}/INBOX" in msg_info
 
 
-def test_remove_primary_transport(acfactory) -> None:
+def test_remove_primary_transport(acfactory, log) -> None:
     """Test that after removing the primary relay, Alice can still receive messages."""
     alice, bob = acfactory.get_online_accounts(2)
     qr = acfactory.get_account_qr()
@@ -368,7 +368,7 @@ def test_remove_primary_transport(acfactory) -> None:
     bob_chat = bob.create_chat(alice)
     alice.create_chat(bob)
 
-    # Alice changes the transport.
+    log.section("Alice sets up second transport")
     [transport1, transport2] = alice.list_transports()
     alice.set_config("configured_addr", transport2["addr"])
 
@@ -376,7 +376,7 @@ def test_remove_primary_transport(acfactory) -> None:
     msg1 = alice.wait_for_incoming_msg().get_snapshot()
     assert msg1.text == "Hello!"
 
-    # Alice deletes the first transport.
+    log.section("Alice removes the primary relay")
     alice.delete_transport(transport1["addr"])
     alice.stop_io()
     alice.start_io()
@@ -384,3 +384,5 @@ def test_remove_primary_transport(acfactory) -> None:
     bob_chat.send_text("Hello again!")
     msg2 = alice.wait_for_incoming_msg().get_snapshot()
     assert msg2.text == "Hello again!"
+    assert msg2.chat.get_basic_snapshot().chat_type == ChatType.SINGLE
+    assert msg2.chat == alice.create_chat(bob)

deltachat-rpc-server/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-rpc-server"
-version = "2.46.0-dev"
+version = "2.47.0"
 description = "DeltaChat JSON-RPC server"
 edition = "2021"
 readme = "README.md"

deltachat-rpc-server/npm-package/package.json

@@ -15,5 +15,5 @@
   },
   "type": "module",
   "types": "index.d.ts",
-  "version": "2.46.0-dev"
+  "version": "2.47.0"
 }

deny.toml

@@ -17,6 +17,13 @@ ignore = [
     # It is a transitive dependency of iroh 0.35.0,
     # this should be fixed by upgrading to iroh 1.0 once it is released.
     "RUSTSEC-2025-0134",
+
+    # rustls-webpki v0.102.8
+    # We cannot upgrade to >=0.103.10 because
+    # it is a transitive dependency of iroh 0.35.0
+    # which depends on ^0.102.
+    # <https://rustsec.org/advisories/RUSTSEC-2026-0049>
+    "RUSTSEC-2026-0049",
 ]
 
 [bans]
@@ -27,6 +34,7 @@ ignore = [
 skip = [
      { name = "async-channel", version = "1.9.0" },
      { name = "bitflags", version = "1.3.2" },
+     { name = "constant_time_eq", version = "0.3.1" },
      { name = "derive_more-impl", version = "1.0.0" },
      { name = "derive_more", version = "1.0.0" },
      { name = "event-listener", version = "2.5.3" },

draft/aeap-mvp.md

@@ -1,127 +0,0 @@
-AEAP MVP
-========
-
-Changes to the UIs
-------------------
-
-- The secondary self addresses (see below) are shown in the UI, but not editable.
-
-- When the user changed the email address in the configure screen, show a dialog to the user, either directly explaining things or with a link to the FAQ (see "Other" below)
-
-Changes in the core
--------------------
-
-- [x] We have one primary self address and any number of secondary self addresses. `is_self_addr()` checks all of them.
-
-- [x] If the user does a reconfigure and changes the email address, the previous address is added as a secondary self address.
-
-  - don't forget to deduplicate secondary self addresses in case the user switches back and forth between addresses).
-
-  - The key stays the same.
-
-- [x] No changes for 1:1 chats, there simply is a new one. (This works since, contrary to group messages, messages sent to a 1:1 chat are not assigned to the group chat but always to the 1:1 chat with the sender. So it's not a problem that the new messages might be put into the old chat if they are a reply to a message there.)
-
-- [ ] When sending a message: If any of the secondary self addrs is in the chat's member list, remove it locally (because we just transitioned away from it). We add a log message for this (alternatively, a system message in the chat would be more visible).
-
-- [x] ([#3385](https://github.com/deltachat/deltachat-core-rust/pull/3385)) When receiving a message: If the key exists, but belongs to another address (we may want to benchmark this)
-  AND there is a `Chat-Version` header\
-  AND the message is signed correctly
-  AND the From address is (also) in the encrypted (and therefore signed) headers <sup>[[1]](#myfootnote1)</sup>\
-  AND the message timestamp is newer than the contact's `lastseen` (to prevent changing the address back when messages arrive out of order) (this condition is not that important since we will have eventual consistency even without it):
-
-  Replace the contact in _all_ groups, possibly deduplicate the members list, and add a system message to all of these chats.
-  
-  - Note that we can't simply compare the keys byte-by-byte, since the UID may have changed, or the sender may have rotated the key and signed the new key with the old one.
-
-<a name="myfootnote1">[1]</a>: Without this check, an attacker could replay a message from Alice to Bob. Then Bob's device would do an AEAP transition from Alice's to the attacker's address, allowing for easier phishing.
-
-<details>
-<summary>More details about this</summary>
-Suppose Alice sends a message to Evil (or to a group with both Evil and Bob). Evil then forwards the message to Bob, changing the From and To headers (and if necessary Message-Id) and replacing `addr=alice@example.org;` in the autocrypt header with `addr=evil@example.org;`.
-
-Then Bob's device sees that there is a message which is signed by Alice's key and comes from Evil's address and would do the AEAP transition, i.e. replace Alice with Evil in all groups and show a message "Alice changed their address from alice@example.org to evil@example.org". Disadvantages for Evil are that Bob's message will be shown on Alice's device, possibly creating confusion/suspicion, and that the usual "Setup changed for..." message will be shown the next time Evil sends a message (because Evil doesn't know Alice's private key).
-
-Possible mitigations:
-- if we make the AEAP device message sth. like "Automatically removed alice@example.org and added evil@example.org", then this will create more suspicion, making the phishing harder (we didn't talk about what what the wording should be at all yet).
-- Add something similar to replay protection to our Autocrypt implementation. This could be done e.g. by adding a second `From` header to the protected headers. If it's present, the receiver then requires it to be the same as the outer `From`, and if it's not present, we don't do AEAP --> **That's what we implemented**
-
-Note that usually a mail is signed by a key that has a UID matching the from address.
-
-  That's not mandatory for Autocrypt (and in fact, we just keep the old UID when changing the self address, so with AEAP the UID will actually be different than the from address sometimes)
-
-  https://autocrypt.org/level1.html#openpgp-based-key-data says:
-  > The content of the user id packet is only decorative
-
-</details>
-
-### Notes:
-  
-- We treat protected and non-protected chats the same
-- We leave the aeap transition statement away since it seems not to be needed, makes things harder on the sending side, wastes some network traffic, and is worse for privacy (since more people know what old addresses you had).
-- As soon as we encrypt read receipts, sending a read receipt will be enough to tell a lot of people that you transitioned
-- AEAP will make the problem of inconsistent group state worse, both because it doesn't work if the message is unencrypted (even if the design allowed it, it would be problematic security-wise) and because some chat partners may have gotten the transition and some not. We should do something against this at some point in the future, like asking the user whether they want to add/remove the members to restore consistent group state.
-
-#### Downsides of this design:
-- Inconsistent group state: Suppose Alice does an AEAP transition and sends a 1:1 message to Bob, so Bob rewrites Alice's contact. Alice, Bob and Charlie are together in a group. Before Alice writes to this group, Bob and Charlie will have different membership lists, and Bob will send messages to Alice's new address, while Charlie will send them to her old address.
-
-#### Upsides:
-- With this approach, it's easy to switch to a model where the info about the transition is encoded in the PGP key. Since the key is gossiped, the information about the transition will spread virally.
-- Faster transition: If you send a message to e.g. "Delta Chat Dev", all members of the "sub-group" "delta android" will know of your transition.
-
-### Alternatives and old discussions/plans:
-
-- Change the contact instead of rewriting the group member lists. This seems to call for more trouble since we will end up with multiple contacts having the same email address.
-
-- If needed, we could add a header a) indicating that the sender did an address transition or b) listing all the secondary (old) addresses.  For now, there is no big enough benefit to warrant introducing another header and its processing on the receiver side (including all the necessary checks and handling of error cases). Instead, we only check for the `Chat-Version` header to prevent accidental transitions when an MUA user sends a message from another email address with the same key.
-
-- The condition for a transition temporarily was:
-
-  > When receiving a message: If we are going to assign a message to a chat, but the sender is not a member of this chat\
-  > AND the signing key is the same as the direct (non-gossiped) key of one of the chat members\
-  > AND ...
-
-  However, this would mean that in 1:1 messages can't trigger a transition, since we don't assign private messages to the parent chat, but always to the 1:1 chat with the sender.
-  
-<details>
-<summary>Some previous state of the discussion, which temporarily lived in an issue description</summary>
-Summarizing the discussions from https://github.com/deltachat/deltachat-core-rust/pull/2896, mostly quoting @hpk42:
-
-1. (DONE) At the time of configure we push the current primary to become a secondary. 
-
-2. When a message is sent out to a chat, and the message is encrypted, and we have secondary addresses, then we 
-  a) add a protected "AEAP-Replacement" header that contains all secondary addresses 
-  b) if any of the secondary addresses is in the chat's member list, we remove it and leave a system message that we did so
-3. When an encrypted message with a replacement header is received, replace the e-mail address of all secondary contacts (if they exist) with the new primary and drop a sysmessage in all chats the secondary is member off.  This might (in edge cases) result in chats that have two or more contacts with the same e-mail address.  We might ignore this for a first release and just log a warning.  Let's maybe not get hung up on this case before everything else works. 
-
-Notes: 
-- for now we will send out aeap replacement headers forever, there is no termination condition other than lack of secondary addresses.  I think that's fine for now.  Later on we might introduce options to remove secondary addresses but i wouldn't do this for a first release/PR. 
-- the design is resilient against changing e-mail providers from A to B to C and then back to A, with partially updated chats and diverging views from recipients/contacts on this transition.  In the end, you will have a primary and some secondaries, and when you start sending out messages everybody will eventually synchronize when they receive the current state of primaries/secondaries. 
-- of course on incoming message for need to check for each stated secondary address in the replacement header that it uses the same signature as the signature we verified as valid with the incoming message  **-->  Also we have to somehow make sure that the signing key was not just gossiped from some random other person in some group.**
-- there are no extra flags/columns in the database needed (i hope) 
-
-#### Downsides of the chosen approach:
-- Inconsistent group state: Suppose Alice does an AEAP transition and sends a 1:1 message to Bob, so Bob rewrites Alice's contact. Alice, Bob and Charlie are together in a group. Before Alice writes to this group, Bob and Charlie will have different membership lists, and Bob will send messages to Alice's new address, while Charlie will send them to her old address.
-- There will be multiple contacts with the same address in the database. We will have to do something against this at some point.
-
-The most obvious alternative would be to create a new contact with the new address and replace the old contact in the groups.
-
-#### Upsides:
-- With this approach, it's easier to switch to a model where the info about the transition is encoded in the PGP key. Since the key is gossiped, the information about the transition will spread virally.
-- (Also, less important: Slightly faster transition: If you send a message to e.g. "Delta Chat Dev", all members of the "sub-group" "delta android" will know of your transition.)
-- It's easier to implement (if too many problems turn up, we can still switch to another approach and didn't waste that much development time.)
-
-[full messages](https://github.com/deltachat/deltachat-core-rust/pull/2896#discussion_r852002161)
-  
-_end of the previous state of the discussion_  
-
-</details>
-  
-Other
------
-
-- The user is responsible that messages to the old address arrive at the new address, for example by configuring the old provider to forward all emails to the new one.
-
-Notes during implementing
-========================
-
-- As far as I understand the code, unencrypted messages are unsigned. So, the transition only works if both sides have the other side's key.

python/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "deltachat"
-version = "2.46.0-dev"
+version = "2.47.0"
 license = "MPL-2.0"
 description = "Python bindings for the Delta Chat Core library using CFFI against the Rust-implemented libdeltachat"
 readme = "README.rst"

python/src/deltachat/account.py

@@ -553,17 +553,6 @@ class Account:
     def imex(self, path: str, imex_cmd: int, passphrase: Optional[str] = None) -> None:
         lib.dc_imex(self._dc_context, imex_cmd, as_dc_charpointer(path), as_dc_charpointer(passphrase))
 
-    def initiate_key_transfer(self) -> str:
-        """return setup code after a Autocrypt setup message
-        has been successfully sent to our own e-mail address ("self-sent message").
-        If sending out was unsuccessful, a RuntimeError is raised.
-        """
-        self.check_is_configured()
-        res = lib.dc_initiate_key_transfer(self._dc_context)
-        if res == ffi.NULL:
-            raise RuntimeError("could not send out autocrypt setup message")
-        return from_dc_charpointer(res)
-
     def get_setup_contact_qr(self) -> str:
         """get/create Setup-Contact QR Code as ascii-string.
 

python/src/deltachat/message.py

@@ -167,14 +167,6 @@ class Message:
         """return True if this message is a system/info message."""
         return bool(lib.dc_msg_is_info(self._dc_msg))
 
-    def is_setup_message(self):
-        """return True if this message is a setup message."""
-        return lib.dc_msg_is_setupmessage(self._dc_msg)
-
-    def get_setupcodebegin(self) -> str:
-        """return the first characters of a setup code in a setup message."""
-        return from_dc_charpointer(lib.dc_msg_get_setupcodebegin(self._dc_msg))
-
     def is_encrypted(self):
         """return True if this message was encrypted."""
         return bool(lib.dc_msg_get_showpadlock(self._dc_msg))
@@ -198,12 +190,6 @@ class Message:
         """Get a message summary as a single line of text. Typically used for notifications."""
         return from_dc_charpointer(lib.dc_msg_get_summarytext(self._dc_msg, width))
 
-    def continue_key_transfer(self, setup_code):
-        """extract key and use it as primary key for this account."""
-        res = lib.dc_continue_key_transfer(self.account._dc_context, self.id, as_dc_charpointer(setup_code))
-        if res == 0:
-            raise ValueError("Importing the key from Autocrypt Setup Message failed")
-
     @props.with_doc
     def time_sent(self):
         """UTC time when the message was sent.

release-date.in

@@ -1 +1 @@
-2026-03-14
+2026-03-24

spec.md

@@ -39,9 +39,24 @@ Messages SHOULD be encrypted by the
 [Autocrypt](https://autocrypt.org/level1.html) standard;
 `prefer-encrypt=mutual` MAY be set by default.
 
-Meta data (at least the subject and all chat-headers) SHOULD be encrypted
-by the [Protected Headers](https://tools.ietf.org/id/draft-autocrypt-lamps-protected-headers-02.html) standard.
-
+Meta data SHOULD be encrypted
+by the [Header Protection](https://www.rfc-editor.org/rfc/rfc9788.html) standard
+with the following [Header Confidentiality Policy](https://www.rfc-editor.org/rfc/rfc9788.html#name-header-confidentiality-poli):
+```
+hcp_chat(name, val_in) → val_out:
+    if lower(name) is 'from':
+        assert that val_in is an RFC 5322 mailbox
+        return the RFC 5322 addr-spec part of val_in
+    else if lower(name) is 'to':
+        return '"hidden-recipients": ;'
+    else if lower(name) is 'date':
+        return the UTC form of a random date within the last 7 days
+    else if lower(name) is 'subject':
+        return '[...]'
+    else if lower(name) is in ['message-id', 'chat-is-post-message']:
+        return val_in
+    return null
+```
 
 # Outgoing messages
 

src/accounts.rs

@@ -686,13 +686,27 @@ impl Config {
         file.write_all(toml::to_string_pretty(&self.inner)?.as_bytes())
             .await
             .context("failed to write a tmp config")?;
-        file.sync_data()
+
+        // We use `sync_all()` and not `sync_data()` here.
+        // This translates to `fsync()` instead of `fdatasync()`.
+        // `fdatasync()` may be insufficient for newely created files
+        // and may not even synchronize the file size on some operating systems,
+        // resulting in a truncated file.
+        file.sync_all()
             .await
             .context("failed to sync a tmp config")?;
         drop(file);
         fs::rename(&tmp_path, &self.file)
             .await
             .context("failed to rename config")?;
+        // Sync the rename().
+        #[cfg(not(windows))]
+        {
+            let parent = self.file.parent().context("No parent directory")?;
+            let parent_file = fs::File::open(parent).await?;
+            parent_file.sync_all().await?;
+        }
+
         Ok(())
     }
 

src/chat.rs

@@ -2844,19 +2844,12 @@ pub(crate) async fn create_send_msg_jobs(context: &Context, msg: &mut Message) -
     let lowercase_from = from.to_lowercase();
 
     recipients.retain(|x| x.to_lowercase() != lowercase_from);
-    if context.get_config_bool(Config::BccSelf).await?
-        || msg.param.get_cmd() == SystemMessage::AutocryptSetupMessage
+
+    // Default Webxdc integrations are hidden messages and must not be sent out:
+    if (msg.param.get_int(Param::WebxdcIntegration).is_some() && msg.hidden)
+        // This may happen eg. for groups with only SELF and bcc_self disabled:
+        || (!context.get_config_bool(Config::BccSelf).await? && recipients.is_empty())
     {
-        smtp::add_self_recipients(context, &mut recipients, needs_encryption).await?;
-    }
-
-    // Default Webxdc integrations are hidden messages and must not be sent out
-    if msg.param.get_int(Param::WebxdcIntegration).is_some() && msg.hidden {
-        recipients.clear();
-    }
-
-    if recipients.is_empty() {
-        // may happen eg. for groups with only SELF and bcc_self disabled
         info!(
             context,
             "Message {} has no recipient, skipping smtp-send.", msg.id
@@ -2895,6 +2888,10 @@ pub(crate) async fn create_send_msg_jobs(context: &Context, msg: &mut Message) -
         );
     }
 
+    if context.get_config_bool(Config::BccSelf).await? {
+        smtp::add_self_recipients(context, &mut recipients, rendered_msg.is_encrypted).await?;
+    }
+
     if needs_encryption && !rendered_msg.is_encrypted {
         /* unrecoverable */
         message::set_msg_failed(
@@ -3406,6 +3403,38 @@ pub(crate) async fn mark_old_messages_as_noticed(
     Ok(())
 }
 
+/// Marks last incoming message in a chat as fresh.
+pub async fn markfresh_chat(context: &Context, chat_id: ChatId) -> Result<()> {
+    let affected_rows = context
+        .sql
+        .execute(
+            "UPDATE msgs
+                SET state=?1
+              WHERE id=(SELECT id
+                          FROM msgs
+                         WHERE state IN (?1, ?2, ?3) AND hidden=0 AND chat_id=?4
+                      ORDER BY timestamp DESC, id DESC
+                         LIMIT 1)
+                AND state!=?1",
+            (
+                MessageState::InFresh,
+                MessageState::InNoticed,
+                MessageState::InSeen,
+                chat_id,
+            ),
+        )
+        .await?;
+
+    if affected_rows == 0 {
+        return Ok(());
+    }
+
+    context.emit_msgs_changed_without_msg_id(chat_id);
+    chatlist_events::emit_chatlist_item_changed(context, chat_id);
+
+    Ok(())
+}
+
 /// Returns all database message IDs of the given types.
 ///
 /// If `chat_id` is None, return messages from any chat.

src/chat/chat_tests.rs

@@ -866,7 +866,6 @@ async fn test_add_device_msg_unlabelled() {
     assert_eq!(msg1.from_id, ContactId::DEVICE);
     assert_eq!(msg1.to_id, ContactId::SELF);
     assert!(!msg1.is_info());
-    assert!(!msg1.is_setupmessage());
 
     let msg2 = message::Message::load_from_db(&t, msg2_id.unwrap()).await;
     assert!(msg2.is_ok());
@@ -899,7 +898,6 @@ async fn test_add_device_msg_labelled() -> Result<()> {
     assert_eq!(msg1.from_id, ContactId::DEVICE);
     assert_eq!(msg1.to_id, ContactId::SELF);
     assert!(!msg1.is_info());
-    assert!(!msg1.is_setupmessage());
 
     // check device chat
     let chat_id = msg1.chat_id;
@@ -1331,6 +1329,54 @@ async fn test_marknoticed_all_chats() -> Result<()> {
     Ok(())
 }
 
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_markfresh_chat() -> Result<()> {
+    let mut tcm = TestContextManager::new();
+    let alice = &tcm.alice().await;
+    let bob = &tcm.bob().await;
+
+    // alice sends a message to Bob
+    let alice_chat = alice.create_chat(bob).await;
+    let sent_msg1 = alice.send_text(alice_chat.id, "hi bob!").await;
+
+    // bob received the message, fresh count is 1
+    let bob_msg1 = bob.recv_msg(&sent_msg1).await;
+    let bob_chat_id = bob_msg1.chat_id;
+    bob_chat_id.accept(bob).await?;
+    assert_eq!(bob_msg1.state, MessageState::InFresh);
+    assert_eq!(bob_chat_id.get_fresh_msg_cnt(bob).await?, 1);
+    assert_eq!(bob.get_fresh_msgs().await?.len(), 1);
+
+    // alice sends another message to bob, fresh count is 2
+    let sent_msg2 = alice.send_text(alice_chat.id, "howdy?").await;
+    let bob_msg2 = bob.recv_msg(&sent_msg2).await;
+    let bob_msg1 = Message::load_from_db(bob, bob_msg1.id).await?;
+    assert_eq!(bob_msg1.state, MessageState::InFresh);
+    assert_eq!(bob_msg2.state, MessageState::InFresh);
+    assert_eq!(bob_chat_id.get_fresh_msg_cnt(bob).await?, 2);
+    assert_eq!(bob.get_fresh_msgs().await?.len(), 2);
+
+    // bob marks the chat as noticed, messages are no longer fresh, fresh count is 0
+    marknoticed_chat(bob, bob_chat_id).await?;
+    let bob_msg1 = Message::load_from_db(bob, bob_msg1.id).await?;
+    let bob_msg2 = Message::load_from_db(bob, bob_msg2.id).await?;
+    assert_ne!(bob_msg1.state, MessageState::InFresh);
+    assert_ne!(bob_msg2.state, MessageState::InFresh);
+    assert_eq!(bob_chat_id.get_fresh_msg_cnt(bob).await?, 0);
+    assert_eq!(bob.get_fresh_msgs().await?.len(), 0);
+
+    // bob marks the chat as fresh again, fresh count is 1 again
+    markfresh_chat(bob, bob_chat_id).await?;
+    let bob_msg1 = Message::load_from_db(bob, bob_msg1.id).await?;
+    let bob_msg2 = Message::load_from_db(bob, bob_msg2.id).await?;
+    assert_ne!(bob_msg1.state, MessageState::InFresh);
+    assert_eq!(bob_msg2.state, MessageState::InFresh);
+    assert_eq!(bob_chat_id.get_fresh_msg_cnt(bob).await?, 1);
+    assert_eq!(bob.get_fresh_msgs().await?.len(), 1);
+
+    Ok(())
+}
+
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_archive_fresh_msgs() -> Result<()> {
     let t = TestContext::new_alice().await;
@@ -3289,7 +3335,12 @@ async fn test_chat_description(
         initial_description
     );
 
-    for description in ["This is a cool chat", "", "ä ẟ 😂"] {
+    for description in [
+        &"This<>is 'a' \"cool\" chat:/\\|?*".repeat(50),
+        "multiple\nline\n\nbreaks\n\n\r\n.",
+        "",
+        "ä ẟ 😂",
+    ] {
         tcm.section(&format!(
             "Alice sets the chat description to '{description}'"
         ));

src/config.rs

@@ -837,7 +837,7 @@ impl Context {
                             // which only fetches from the primary transport.
                             transaction
                                 .execute(
-                                    "UPDATE transports SET add_timestamp=? WHERE addr=?",
+                                    "UPDATE transports SET add_timestamp=?, is_published=1 WHERE addr=?",
                                     (time(), addr),
                                 )
                                 .context(
@@ -964,7 +964,22 @@ impl Context {
     pub(crate) async fn get_all_self_addrs(&self) -> Result<Vec<String>> {
         self.sql
             .query_map_vec(
-                "SELECT addr FROM transports ORDER BY add_timestamp DESC",
+                "SELECT addr FROM transports ORDER BY add_timestamp DESC, id DESC",
+                (),
+                |row| {
+                    let addr: String = row.get(0)?;
+                    Ok(addr)
+                },
+            )
+            .await
+    }
+
+    /// Returns all published self addresses, newest first.
+    /// See `[Context::set_transport_unpublished]`
+    pub(crate) async fn get_published_self_addrs(&self) -> Result<Vec<String>> {
+        self.sql
+            .query_map_vec(
+                "SELECT addr FROM transports WHERE is_published=1 ORDER BY add_timestamp DESC, id DESC",
                 (),
                 |row| {
                     let addr: String = row.get(0)?;
@@ -982,6 +997,24 @@ impl Context {
         }).await
     }
 
+    /// Returns all published secondary self addresses.
+    /// See `[Context::set_transport_unpublished]`
+    pub(crate) async fn get_published_secondary_self_addrs(&self) -> Result<Vec<String>> {
+        self.sql
+            .query_map_vec(
+                "SELECT addr FROM transports
+                WHERE is_published
+                AND addr NOT IN (SELECT value FROM config WHERE keyname='configured_addr')
+                ORDER BY add_timestamp DESC, id DESC",
+                (),
+                |row| {
+                    let addr: String = row.get(0)?;
+                    Ok(addr)
+                },
+            )
+            .await
+    }
+
     /// Returns the primary self address.
     /// Returns an error if no self addr is configured.
     pub async fn get_primary_self_addr(&self) -> Result<String> {

src/configure.rs

@@ -28,8 +28,8 @@ use crate::constants::NON_ALPHANUMERIC_WITHOUT_DOT;
 use crate::context::Context;
 use crate::imap::Imap;
 use crate::log::warn;
-use crate::login_param::EnteredCertificateChecks;
 pub use crate::login_param::EnteredLoginParam;
+use crate::login_param::{EnteredCertificateChecks, TransportListEntry};
 use crate::message::Message;
 use crate::net::proxy::ProxyConfig;
 use crate::oauth2::get_oauth2_addr;
@@ -110,6 +110,7 @@ impl Context {
     ///   from a server encoded in a QR code.
     /// - [Self::list_transports()] to get a list of all configured transports.
     /// - [Self::delete_transport()] to remove a transport.
+    /// - [Self::set_transport_unpublished()] to set whether contacts see this transport.
     pub async fn add_or_update_transport(&self, param: &mut EnteredLoginParam) -> Result<()> {
         self.stop_io().await;
         let result = self.add_transport_inner(param).await;
@@ -188,14 +189,22 @@ impl Context {
     /// Returns the list of all email accounts that are used as a transport in the current profile.
     /// Use [Self::add_or_update_transport()] to add or change a transport
     /// and [Self::delete_transport()] to delete a transport.
-    pub async fn list_transports(&self) -> Result<Vec<EnteredLoginParam>> {
+    pub async fn list_transports(&self) -> Result<Vec<TransportListEntry>> {
         let transports = self
             .sql
-            .query_map_vec("SELECT entered_param FROM transports", (), |row| {
-                let entered_param: String = row.get(0)?;
-                let transport: EnteredLoginParam = serde_json::from_str(&entered_param)?;
-                Ok(transport)
-            })
+            .query_map_vec(
+                "SELECT entered_param, is_published FROM transports",
+                (),
+                |row| {
+                    let param: String = row.get(0)?;
+                    let param: EnteredLoginParam = serde_json::from_str(&param)?;
+                    let is_published: bool = row.get(1)?;
+                    Ok(TransportListEntry {
+                        param,
+                        is_unpublished: !is_published,
+                    })
+                },
+            )
             .await?;
 
         Ok(transports)
@@ -261,6 +270,44 @@ impl Context {
         Ok(())
     }
 
+    /// Change whether the transport is unpublished.
+    ///
+    /// Unpublished transports are not advertised to contacts,
+    /// and self-sent messages are not sent there,
+    /// so that we don't cause extra messages to the corresponding inbox,
+    /// but can still receive messages from contacts who don't know our new transport addresses yet.
+    ///
+    /// The default is false, but when the user updates from a version that didn't have this flag,
+    /// existing secondary transports are set to unpublished,
+    /// so that an existing transport address doesn't suddenly get spammed with a lot of messages.
+    pub async fn set_transport_unpublished(&self, addr: &str, unpublished: bool) -> Result<()> {
+        self.sql
+            .transaction(|trans| {
+                let primary_addr: String = trans
+                    .query_row(
+                        "SELECT value FROM config WHERE keyname='configured_addr'",
+                        (),
+                        |row| row.get(0),
+                    )
+                    .context("Select primary address")?;
+                if primary_addr == addr && unpublished {
+                    bail!("Can't set primary relay as unpublished");
+                }
+                // We need to update the timestamp so that the key's timestamp changes
+                // and is recognized as newer by our peers
+                trans
+                    .execute(
+                        "UPDATE transports SET is_published=?, add_timestamp=? WHERE addr=? AND is_published!=?1",
+                        (!unpublished, time(), addr),
+                    )
+                    .context("Update transports")?;
+                Ok(())
+            })
+            .await?;
+        send_sync_transports(self).await?;
+        Ok(())
+    }
+
     async fn inner_configure(&self, param: &EnteredLoginParam) -> Result<()> {
         info!(self, "Configure ...");
 

src/constants.rs

@@ -234,19 +234,6 @@ pub(crate) const TIMESTAMP_SENT_TOLERANCE: i64 = 60;
 // Newer Delta Chats will remove the prefix as needed.
 pub(crate) const EDITED_PREFIX: &str = "✏️";
 
-// Strings needed to render the Autocrypt Setup Message.
-// Left untranslated as not being supported/recommended workflow and as translations would require deep knowledge.
-pub(crate) const ASM_SUBJECT: &str = "Autocrypt Setup Message";
-pub(crate) const ASM_BODY: &str = "This is the Autocrypt Setup Message \
-    used to transfer your end-to-end setup between clients.
-
-    To decrypt and use your setup, \
-    open the message in an Autocrypt-compliant client \
-    and enter the setup code presented on the generating device.
-
-    If you see this message in a chatmail client (Delta Chat, Arcane Chat, Delta Touch ...), \
-    use \"Settings / Add Second Device\" instead.";
-
 /// Period between `sql::housekeeping()` runs.
 pub(crate) const HOUSEKEEPING_PERIOD: i64 = 24 * 60 * 60;
 

src/download.rs

@@ -165,6 +165,7 @@ pub(crate) async fn download_msg(
 
     let Some((server_uid, server_folder, msg_transport_id)) = row else {
         // No IMAP record found, we don't know the UID and folder.
+        delete_from_available_post_msgs(context, &rfc724_mid).await?;
         return Err(anyhow!(
             "IMAP location for {rfc724_mid:?} post-message is unknown"
         ));
@@ -326,22 +327,25 @@ pub(crate) async fn download_known_post_messages_without_pre_message(
         })
         .await?;
     for rfc724_mid in &rfc724_mids {
-        if !msg_is_downloaded_for(context, rfc724_mid).await? {
-            // Download the Post-Message unconditionally,
-            // because the Pre-Message got lost.
-            // The message may be in the wrong order,
-            // but at least we have it at all.
-            let res = download_msg(context, rfc724_mid.clone(), session).await;
-            if let Ok(Some(())) = res {
-                delete_from_available_post_msgs(context, rfc724_mid).await?;
-            }
-            if let Err(err) = res {
-                warn!(
-                    context,
-                    "download_known_post_messages_without_pre_message: Failed to download message rfc724_mid={rfc724_mid}: {:#}.",
-                    err
-                );
-            }
+        if msg_is_downloaded_for(context, rfc724_mid).await? {
+            delete_from_available_post_msgs(context, rfc724_mid).await?;
+            continue;
+        }
+
+        // Download the Post-Message unconditionally,
+        // because the Pre-Message got lost.
+        // The message may be in the wrong order,
+        // but at least we have it at all.
+        let res = download_msg(context, rfc724_mid.clone(), session).await;
+        if let Ok(Some(())) = res {
+            delete_from_available_post_msgs(context, rfc724_mid).await?;
+        }
+        if let Err(err) = res {
+            warn!(
+                context,
+                "download_known_post_messages_without_pre_message: Failed to download message rfc724_mid={rfc724_mid}: {:#}.",
+                err
+            );
         }
     }
     Ok(())

src/e2ee.rs

@@ -40,7 +40,6 @@ impl EncryptHelper {
         keyring: Vec<SignedPublicKey>,
         mail_to_encrypt: MimePart<'static>,
         compress: bool,
-        anonymous_recipients: bool,
         seipd_version: SeipdVersion,
     ) -> Result<String> {
         let sign_key = load_self_secret_key(context).await?;
@@ -49,15 +48,8 @@ impl EncryptHelper {
         let cursor = Cursor::new(&mut raw_message);
         mail_to_encrypt.clone().write_part(cursor).ok();
 
-        let ctext = pgp::pk_encrypt(
-            raw_message,
-            keyring,
-            sign_key,
-            compress,
-            anonymous_recipients,
-            seipd_version,
-        )
-        .await?;
+        let ctext =
+            pgp::pk_encrypt(raw_message, keyring, sign_key, compress, seipd_version).await?;
 
         Ok(ctext)
     }

src/events/payload.rs

@@ -57,7 +57,7 @@ pub enum EventType {
     /// should not be disturbed by a dialog or so.  Instead, use a bubble or so.
     ///
     /// However, for ongoing processes (eg. configure())
-    /// or for functions that are expected to fail (eg. dc_continue_key_transfer())
+    /// or for functions that are expected to fail
     /// it might be better to delay showing these events until the function has really
     /// failed (returned false). It should be sufficient to report only the *last* error
     /// in a message box then.

src/headerdef.rs

@@ -208,10 +208,10 @@ mod tests {
     /// Test that headers are parsed case-insensitively
     fn test_get_header_value_case() {
         let (headers, _) =
-            mailparse::parse_headers(b"fRoM: Bob\naUtoCryPt-SeTup-MessAge: v99").unwrap();
+            mailparse::parse_headers(b"fRoM: Bob\naUtoCryPt-GoSsIp: fooBaR").unwrap();
         assert_eq!(
-            headers.get_header_value(HeaderDef::AutocryptSetupMessage),
-            Some("v99".to_string())
+            headers.get_header_value(HeaderDef::AutocryptGossip),
+            Some("fooBaR".to_string())
         );
         assert_eq!(
             headers.get_header_value(HeaderDef::From_),

src/imap.rs

@@ -561,16 +561,19 @@ impl Imap {
             .select_with_uidvalidity(context, folder)
             .await
             .with_context(|| format!("Failed to select folder {folder:?}"))?;
-        if !folder_exists {
-            return Ok(false);
-        }
 
         if !session.new_mail {
             info!(context, "No new emails in folder {folder:?}.");
             return Ok(false);
         }
+        // Make sure not to return before setting new_mail to false
+        // Otherwise, we will skip IDLE and go into an infinite loop
         session.new_mail = false;
 
+        if !folder_exists {
+            return Ok(false);
+        }
+
         let mut read_cnt = 0;
         loop {
             let (n, fetch_more) = self
@@ -1237,6 +1240,7 @@ impl Session {
             // have been modified while our request was in progress.
             // We may or may not have these new flags as a part of the response,
             // so better skip next IDLE and do another round of flag synchronization.
+            info!(context, "Got unsolicited fetch, will skip idle");
             self.new_mail = true;
         }
 
@@ -1974,15 +1978,6 @@ async fn needs_move_to_mvbox(
         return Ok(false);
     }
 
-    if headers
-        .get_header_value(HeaderDef::AutocryptSetupMessage)
-        .is_some()
-    {
-        // do not move setup messages;
-        // there may be a non-delta device that wants to handle it
-        return Ok(false);
-    }
-
     if has_chat_version {
         Ok(true)
     } else if let Some(parent) = get_prefetch_parent_message(context, headers).await? {

src/imap/imap_tests.rs

@@ -105,10 +105,9 @@ async fn check_target_folder_combination(
     expected_destination: &str,
     accepted_chat: bool,
     outgoing: bool,
-    setupmessage: bool,
 ) -> Result<()> {
     println!(
-        "Testing: For folder {folder}, mvbox_move {mvbox_move}, chat_msg {chat_msg}, accepted {accepted_chat}, outgoing {outgoing}, setupmessage {setupmessage}"
+        "Testing: For folder {folder}, mvbox_move {mvbox_move}, chat_msg {chat_msg}, accepted {accepted_chat}, outgoing {outgoing}"
     );
 
     let t = TestContext::new_alice().await;
@@ -125,9 +124,7 @@ async fn check_target_folder_combination(
     }
     let temp;
 
-    let bytes = if setupmessage {
-        include_bytes!("../../test-data/message/AutocryptSetupMessage.eml")
-    } else {
+    let bytes = {
         temp = format!(
             "Received: (Postfix, from userid 1000); Mon, 4 Dec 2006 14:51:39 +0100 (CET)\n\
                     {}\
@@ -164,7 +161,7 @@ async fn check_target_folder_combination(
     assert_eq!(
         expected,
         actual.as_deref(),
-        "For folder {folder}, mvbox_move {mvbox_move}, chat_msg {chat_msg}, accepted {accepted_chat}, outgoing {outgoing}, setupmessage {setupmessage}: expected {expected:?}, got {actual:?}"
+        "For folder {folder}, mvbox_move {mvbox_move}, chat_msg {chat_msg}, accepted {accepted_chat}, outgoing {outgoing}: expected {expected:?}, got {actual:?}"
     );
     Ok(())
 }
@@ -204,7 +201,6 @@ async fn test_target_folder_incoming_accepted() -> Result<()> {
             expected_destination,
             true,
             false,
-            false,
         )
         .await?;
     }
@@ -221,7 +217,6 @@ async fn test_target_folder_incoming_request() -> Result<()> {
             expected_destination,
             false,
             false,
-            false,
         )
         .await?;
     }
@@ -239,25 +234,6 @@ async fn test_target_folder_outgoing() -> Result<()> {
             expected_destination,
             true,
             true,
-            false,
-        )
-        .await?;
-    }
-    Ok(())
-}
-
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_target_folder_setupmsg() -> Result<()> {
-    // Test setupmessages
-    for (folder, mvbox_move, chat_msg, _expected_destination) in COMBINATIONS_ACCEPTED_CHAT {
-        check_target_folder_combination(
-            folder,
-            *mvbox_move,
-            *chat_msg,
-            if folder == &"Spam" { "INBOX" } else { folder }, // Never move setup messages, except if they are in "Spam"
-            false,
-            true,
-            true,
         )
         .await?;
     }

src/imex.rs

@@ -28,11 +28,9 @@ use crate::tools::{
     write_file,
 };
 
-mod key_transfer;
 mod transfer;
 
 use ::pgp::types::KeyDetails;
-pub use key_transfer::{continue_key_transfer, initiate_key_transfer};
 pub use transfer::{BackupProvider, get_backup};
 
 // Name of the database file in the backup.

src/imex/key_transfer.rs

@@ -1,363 +0,0 @@
-//! # Key transfer via Autocrypt Setup Message.
-use std::io::BufReader;
-
-use anyhow::{Result, bail, ensure};
-
-use crate::blob::BlobObject;
-use crate::chat::{self, ChatId};
-use crate::config::Config;
-use crate::constants::{ASM_BODY, ASM_SUBJECT};
-use crate::contact::ContactId;
-use crate::context::Context;
-use crate::imex::set_self_key;
-use crate::key::{DcKey, load_self_secret_key};
-use crate::message::{Message, MsgId, Viewtype};
-use crate::mimeparser::SystemMessage;
-use crate::param::Param;
-use crate::pgp;
-use crate::tools::open_file_std;
-
-/// Initiates key transfer via Autocrypt Setup Message.
-///
-/// Returns setup code.
-pub async fn initiate_key_transfer(context: &Context) -> Result<String> {
-    let setup_code = create_setup_code(context);
-    /* this may require a keypair to be created. this may take a second ... */
-    let setup_file_content = render_setup_file(context, &setup_code).await?;
-    /* encrypting may also take a while ... */
-    let setup_file_blob = BlobObject::create_and_deduplicate_from_bytes(
-        context,
-        setup_file_content.as_bytes(),
-        "autocrypt-setup-message.html",
-    )?;
-
-    let chat_id = ChatId::create_for_contact(context, ContactId::SELF).await?;
-    let mut msg = Message::new(Viewtype::File);
-    msg.param.set(Param::File, setup_file_blob.as_name());
-    msg.param
-        .set(Param::Filename, "autocrypt-setup-message.html");
-    msg.subject = ASM_SUBJECT.to_owned();
-    msg.param
-        .set(Param::MimeType, "application/autocrypt-setup");
-    msg.param.set_cmd(SystemMessage::AutocryptSetupMessage);
-    msg.force_plaintext();
-    msg.param.set_int(Param::SkipAutocrypt, 1);
-
-    // Enable BCC-self, because transferring a key
-    // means we have a multi-device setup.
-    context.set_config_bool(Config::BccSelf, true).await?;
-
-    chat::send_msg(context, chat_id, &mut msg).await?;
-    Ok(setup_code)
-}
-
-/// Continue key transfer via Autocrypt Setup Message.
-///
-/// `msg_id` is the ID of the received Autocrypt Setup Message.
-/// `setup_code` is the code entered by the user.
-pub async fn continue_key_transfer(
-    context: &Context,
-    msg_id: MsgId,
-    setup_code: &str,
-) -> Result<()> {
-    ensure!(!msg_id.is_special(), "wrong id");
-
-    let msg = Message::load_from_db(context, msg_id).await?;
-    ensure!(
-        msg.is_setupmessage(),
-        "Message is no Autocrypt Setup Message."
-    );
-
-    if let Some(filename) = msg.get_file(context) {
-        let file = open_file_std(context, filename)?;
-        let sc = normalize_setup_code(setup_code);
-        let armored_key = decrypt_setup_file(&sc, BufReader::new(file)).await?;
-        set_self_key(context, &armored_key).await?;
-        context.set_config_bool(Config::BccSelf, true).await?;
-
-        Ok(())
-    } else {
-        bail!("Message is no Autocrypt Setup Message.");
-    }
-}
-
-/// Renders HTML body of a setup file message.
-///
-/// The `passphrase` must be at least 2 characters long.
-pub async fn render_setup_file(context: &Context, passphrase: &str) -> Result<String> {
-    let passphrase_begin = if let Some(passphrase_begin) = passphrase.get(..2) {
-        passphrase_begin
-    } else {
-        bail!("Passphrase must be at least 2 chars long.");
-    };
-    let private_key = load_self_secret_key(context).await?;
-    let ac_headers = Some(("Autocrypt-Prefer-Encrypt", "mutual"));
-    let private_key_asc = private_key.to_asc(ac_headers);
-    let encr = pgp::symm_encrypt_autocrypt_setup(passphrase, private_key_asc.into_bytes())
-        .await?
-        .replace('\n', "\r\n");
-
-    let replacement = format!(
-        concat!(
-            "-----BEGIN PGP MESSAGE-----\r\n",
-            "Passphrase-Format: numeric9x4\r\n",
-            "Passphrase-Begin: {}"
-        ),
-        passphrase_begin
-    );
-    let pgp_msg = encr.replace("-----BEGIN PGP MESSAGE-----", &replacement);
-
-    let msg_subj = ASM_SUBJECT;
-    let msg_body = ASM_BODY.to_string();
-    let msg_body_html = msg_body.replace('\r', "").replace('\n', "<br>");
-    Ok(format!(
-        concat!(
-            "<!DOCTYPE html>\r\n",
-            "<html>\r\n",
-            "  <head>\r\n",
-            "    <title>{}</title>\r\n",
-            "  </head>\r\n",
-            "  <body>\r\n",
-            "    <h1>{}</h1>\r\n",
-            "    <p>{}</p>\r\n",
-            "    <pre>\r\n{}\r\n</pre>\r\n",
-            "  </body>\r\n",
-            "</html>\r\n"
-        ),
-        msg_subj, msg_subj, msg_body_html, pgp_msg
-    ))
-}
-
-/// Creates a new setup code for Autocrypt Setup Message.
-#[expect(clippy::arithmetic_side_effects)]
-fn create_setup_code(_context: &Context) -> String {
-    let mut random_val: u16;
-    let mut ret = String::new();
-
-    for i in 0..9 {
-        loop {
-            random_val = rand::random();
-            if random_val as usize <= 60000 {
-                break;
-            }
-        }
-        random_val = (random_val as usize % 10000) as u16;
-        ret += &format!(
-            "{}{:04}",
-            if 0 != i { "-" } else { "" },
-            random_val as usize
-        );
-    }
-
-    ret
-}
-
-async fn decrypt_setup_file<T: std::fmt::Debug + std::io::BufRead + Send + 'static>(
-    passphrase: &str,
-    file: T,
-) -> Result<String> {
-    let plain_bytes = pgp::symm_decrypt(passphrase, file).await?;
-    let plain_text = std::string::String::from_utf8(plain_bytes)?;
-
-    Ok(plain_text)
-}
-
-fn normalize_setup_code(s: &str) -> String {
-    let mut out = String::new();
-    for c in s.chars() {
-        if c.is_ascii_digit() {
-            out.push(c);
-            if let 4 | 9 | 14 | 19 | 24 | 29 | 34 | 39 = out.len() {
-                out += "-"
-            }
-        }
-    }
-    out
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-
-    use crate::pgp::{HEADER_AUTOCRYPT, HEADER_SETUPCODE, split_armored_data};
-    use crate::receive_imf::receive_imf;
-    use crate::test_utils::{TestContext, TestContextManager};
-    use ::pgp::armor::BlockType;
-
-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_render_setup_file() {
-        let t = TestContext::new_alice().await;
-        let msg = render_setup_file(&t, "hello").await.unwrap();
-        println!("{}", &msg);
-        // Check some substrings, indicating things got substituted.
-        assert!(msg.contains("<title>Autocrypt Setup Message</title"));
-        assert!(msg.contains("<h1>Autocrypt Setup Message</h1>"));
-        assert!(msg.contains("<p>This is the Autocrypt Setup Message used to"));
-        assert!(msg.contains("-----BEGIN PGP MESSAGE-----\r\n"));
-        assert!(msg.contains("Passphrase-Format: numeric9x4\r\n"));
-        assert!(msg.contains("Passphrase-Begin: he\r\n"));
-        assert!(msg.contains("-----END PGP MESSAGE-----\r\n"));
-
-        for line in msg.rsplit_terminator('\n') {
-            assert!(line.ends_with('\r'));
-        }
-    }
-
-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_render_setup_file_newline_replace() {
-        let t = TestContext::new_alice().await;
-        let msg = render_setup_file(&t, "pw").await.unwrap();
-        println!("{}", &msg);
-        assert!(msg.contains("<p>This is the Autocrypt Setup Message used to transfer your end-to-end setup between clients.<br>"));
-    }
-
-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_create_setup_code() {
-        let t = TestContext::new().await;
-        let setupcode = create_setup_code(&t);
-        assert_eq!(setupcode.len(), 44);
-        assert_eq!(setupcode.chars().nth(4).unwrap(), '-');
-        assert_eq!(setupcode.chars().nth(9).unwrap(), '-');
-        assert_eq!(setupcode.chars().nth(14).unwrap(), '-');
-        assert_eq!(setupcode.chars().nth(19).unwrap(), '-');
-        assert_eq!(setupcode.chars().nth(24).unwrap(), '-');
-        assert_eq!(setupcode.chars().nth(29).unwrap(), '-');
-        assert_eq!(setupcode.chars().nth(34).unwrap(), '-');
-        assert_eq!(setupcode.chars().nth(39).unwrap(), '-');
-    }
-
-    #[test]
-    fn test_normalize_setup_code() {
-        let norm = normalize_setup_code("123422343234423452346234723482349234");
-        assert_eq!(norm, "1234-2234-3234-4234-5234-6234-7234-8234-9234");
-
-        let norm =
-            normalize_setup_code("\t1 2 3422343234- foo bar-- 423-45 2 34 6234723482349234      ");
-        assert_eq!(norm, "1234-2234-3234-4234-5234-6234-7234-8234-9234");
-    }
-
-    /* S_EM_SETUPFILE is a AES-256 symm. encrypted setup message created by Enigmail
-    with an "encrypted session key", see RFC 4880.  The code is in S_EM_SETUPCODE */
-    const S_EM_SETUPCODE: &str = "1742-0185-6197-1303-7016-8412-3581-4441-0597";
-    const S_EM_SETUPFILE: &str = include_str!("../../test-data/message/stress.txt");
-
-    // Autocrypt Setup Message payload "encrypted" with plaintext algorithm.
-    const S_PLAINTEXT_SETUPFILE: &str =
-        include_str!("../../test-data/message/plaintext-autocrypt-setup.txt");
-
-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_split_and_decrypt() {
-        let buf_1 = S_EM_SETUPFILE.as_bytes().to_vec();
-        let (typ, headers, base64) = split_armored_data(&buf_1).unwrap();
-        assert_eq!(typ, BlockType::Message);
-        assert!(S_EM_SETUPCODE.starts_with(headers.get(HEADER_SETUPCODE).unwrap()));
-        assert!(!headers.contains_key(HEADER_AUTOCRYPT));
-
-        assert!(!base64.is_empty());
-
-        let setup_file = S_EM_SETUPFILE;
-        let decrypted = decrypt_setup_file(S_EM_SETUPCODE, setup_file.as_bytes())
-            .await
-            .unwrap();
-
-        let (typ, headers, _base64) = split_armored_data(decrypted.as_bytes()).unwrap();
-
-        assert_eq!(typ, BlockType::PrivateKey);
-        assert_eq!(headers.get(HEADER_AUTOCRYPT), Some(&"mutual".to_string()));
-        assert!(!headers.contains_key(HEADER_SETUPCODE));
-    }
-
-    /// Tests that Autocrypt Setup Message encrypted with "plaintext" algorithm cannot be
-    /// decrypted.
-    ///
-    /// According to <https://datatracker.ietf.org/doc/html/rfc4880#section-13.4>
-    /// "Implementations MUST NOT use plaintext in Symmetrically Encrypted Data packets".
-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_decrypt_plaintext_autocrypt_setup_message() {
-        let setup_file = S_PLAINTEXT_SETUPFILE;
-        let incorrect_setupcode = "0000-0000-0000-0000-0000-0000-0000-0000-0000";
-        assert!(
-            decrypt_setup_file(incorrect_setupcode, setup_file.as_bytes(),)
-                .await
-                .is_err()
-        );
-    }
-
-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_key_transfer() -> Result<()> {
-        let mut tcm = TestContextManager::new();
-        let alice = &tcm.alice().await;
-
-        tcm.section("Alice sends Autocrypt setup message");
-        alice.set_config(Config::BccSelf, Some("0")).await?;
-        let setup_code = initiate_key_transfer(alice).await?;
-
-        // Test that sending Autocrypt Setup Message enables `bcc_self`.
-        assert_eq!(alice.get_config_bool(Config::BccSelf).await?, true);
-
-        // Get Autocrypt Setup Message.
-        let sent = alice.pop_sent_msg().await;
-
-        tcm.section("Alice sets up a second device");
-        let alice2 = &tcm.unconfigured().await;
-        alice2.set_name("alice2");
-        alice2.configure_addr("alice@example.org").await;
-        alice2.recv_msg(&sent).await;
-        let msg = alice2.get_last_msg().await;
-        assert!(msg.is_setupmessage());
-        assert_eq!(crate::key::load_self_secret_keyring(alice2).await?.len(), 0);
-
-        // Transfer the key.
-        tcm.section("Alice imports a key from Autocrypt Setup Message");
-        alice2.set_config(Config::BccSelf, Some("0")).await?;
-        continue_key_transfer(alice2, msg.id, &setup_code).await?;
-        assert_eq!(alice2.get_config_bool(Config::BccSelf).await?, true);
-        assert_eq!(crate::key::load_self_secret_keyring(alice2).await?.len(), 1);
-
-        // Alice sends a message to self from the new device.
-        let sent = alice2.send_text(msg.chat_id, "Test").await;
-        let rcvd_msg = alice.recv_msg(&sent).await;
-        assert_eq!(rcvd_msg.get_text(), "Test");
-
-        Ok(())
-    }
-
-    /// Tests that Autocrypt Setup Messages is only clickable if it is self-sent.
-    /// This prevents Bob from tricking Alice into changing the key
-    /// by sending her an Autocrypt Setup Message as long as Alice's server
-    /// does not allow to forge the `From:` header.
-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_key_transfer_non_self_sent() -> Result<()> {
-        let mut tcm = TestContextManager::new();
-        let alice = tcm.alice().await;
-        let bob = tcm.bob().await;
-
-        let _setup_code = initiate_key_transfer(&alice).await?;
-
-        // Get Autocrypt Setup Message.
-        let sent = alice.pop_sent_msg().await;
-
-        let rcvd = bob.recv_msg(&sent).await;
-        assert!(!rcvd.is_setupmessage());
-
-        Ok(())
-    }
-
-    /// Tests reception of Autocrypt Setup Message from K-9 6.802.
-    ///
-    /// Unlike Autocrypt Setup Message sent by Delta Chat,
-    /// this message does not contain `Autocrypt-Prefer-Encrypt` header.
-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_key_transfer_k_9() -> Result<()> {
-        let t = &TestContext::new().await;
-        t.configure_addr("autocrypt@nine.testrun.org").await;
-
-        let raw = include_bytes!("../../test-data/message/k-9-autocrypt-setup-message.eml");
-        let received = receive_imf(t, raw, false).await?.unwrap();
-
-        let setup_code = "0655-9868-8252-5455-4232-5158-1237-5333-2638";
-        continue_key_transfer(t, *received.msg_ids.last().unwrap(), setup_code).await?;
-
-        Ok(())
-    }
-}

src/key.rs

@@ -296,7 +296,7 @@ pub(crate) async fn load_self_public_key_opt(context: &Context) -> Result<Option
         .await?
         .context("No transports configured")?;
     let addr = context.get_primary_self_addr().await?;
-    let all_addrs = context.get_all_self_addrs().await?.join(",");
+    let all_addrs = context.get_published_self_addrs().await?.join(",");
     let signed_public_key =
         secret_key_to_public_key(context, signed_secret_key, timestamp, &addr, &all_addrs)?;
     *lock = Some(signed_public_key.clone());
@@ -756,8 +756,7 @@ i8pcjGO+IZffvyZJVRWfVooBJmWWbPB1pueo3tx8w3+fcuzpxz+RLFKaPyqXO+dD
     /// this resulted in various number of garbage
     /// octets at the end of the key, starting from 3 octets,
     /// but possibly 4 or 5 and maybe more octets
-    /// if the key is imported or transferred
-    /// using Autocrypt Setup Message multiple times.
+    /// if the key is imported multiple times.
     #[test]
     fn test_ignore_trailing_garbage() {
         // Test several variants of garbage.

src/login_param.rs

@@ -79,6 +79,16 @@ pub struct EnteredServerLoginParam {
     pub password: String,
 }
 
+/// A transport, as shown in the "relays" list in the UI.
+#[derive(Debug)]
+pub struct TransportListEntry {
+    /// The login data entered by the user.
+    pub param: EnteredLoginParam,
+    /// Whether this transport is set to 'unpublished'.
+    /// See [`Context::set_transport_unpublished`] for details.
+    pub is_unpublished: bool,
+}
+
 /// Login parameters entered by the user.
 #[derive(Debug, Default, Clone, PartialEq, Eq, Serialize, Deserialize)]
 pub struct EnteredLoginParam {

src/message.rs

@@ -30,7 +30,6 @@ use crate::location::delete_poi_location;
 use crate::log::warn;
 use crate::mimeparser::{SystemMessage, parse_message_id};
 use crate::param::{Param, Params};
-use crate::pgp::split_armored_data;
 use crate::reaction::get_msg_reactions;
 use crate::sql;
 use crate::summary::Summary;
@@ -1059,34 +1058,6 @@ impl Message {
         cmd != SystemMessage::Unknown
     }
 
-    /// Returns true if the message is an Autocrypt Setup Message.
-    pub fn is_setupmessage(&self) -> bool {
-        if self.viewtype != Viewtype::File {
-            return false;
-        }
-
-        self.param.get_cmd() == SystemMessage::AutocryptSetupMessage
-    }
-
-    /// Returns the first characters of the setup code.
-    ///
-    /// This is used to pre-fill the first entry field of the setup code.
-    pub async fn get_setupcodebegin(&self, context: &Context) -> Option<String> {
-        if !self.is_setupmessage() {
-            return None;
-        }
-
-        if let Some(filename) = self.get_file(context)
-            && let Ok(ref buf) = read_file(context, &filename).await
-            && let Ok((typ, headers, _)) = split_armored_data(buf)
-            && typ == pgp::armor::BlockType::Message
-        {
-            return headers.get(crate::pgp::HEADER_SETUPCODE).cloned();
-        }
-
-        None
-    }
-
     /// Sets or unsets message text.
     pub fn set_text(&mut self, text: String) {
         self.text = text;
@@ -1934,10 +1905,22 @@ pub async fn markseen_msgs(context: &Context, msg_ids: Vec<MsgId>) -> Result<()>
             // We also don't send read receipts for contact requests.
             // Read receipts will not be sent even after accepting the chat.
             let to_id = if curr_blocked == Blocked::Not
+                && !curr_hidden
                 && curr_param.get_bool(Param::WantsMdn).unwrap_or_default()
                 && curr_param.get_cmd() == SystemMessage::Unknown
                 && context.should_send_mdns().await?
             {
+                // Clear WantsMdn to not handle a MDN twice
+                // if the state later is InFresh again as markfresh_chat() was called.
+                // BccSelf MDN messages in the next branch may be sent twice for syncing.
+                context
+                    .sql
+                    .execute(
+                        "UPDATE msgs SET param=? WHERE id=?",
+                        (curr_param.clone().remove(Param::WantsMdn).to_string(), id),
+                    )
+                    .await
+                    .context("failed to clear WantsMdn")?;
                 Some(curr_from_id)
             } else if context.get_config_bool(Config::BccSelf).await? {
                 Some(ContactId::SELF)
@@ -1955,6 +1938,7 @@ pub async fn markseen_msgs(context: &Context, msg_ids: Vec<MsgId>) -> Result<()>
                     .context("failed to insert into smtp_mdns")?;
                 context.scheduler.interrupt_smtp().await;
             }
+
             if !curr_hidden {
                 updated_chat_ids.insert(curr_chat_id);
             }

src/mimefactory.rs

@@ -17,8 +17,7 @@ use crate::aheader::{Aheader, EncryptPreference};
 use crate::blob::BlobObject;
 use crate::chat::{self, Chat, PARAM_BROADCAST_SECRET, load_broadcast_secret};
 use crate::config::Config;
-use crate::constants::{ASM_SUBJECT, BROADCAST_INCOMPATIBILITY_MSG};
-use crate::constants::{Chattype, DC_FROM_HANDSHAKE};
+use crate::constants::{BROADCAST_INCOMPATIBILITY_MSG, Chattype, DC_FROM_HANDSHAKE};
 use crate::contact::{Contact, ContactId, Origin};
 use crate::context::Context;
 use crate::download::PostMsgMetadata;
@@ -33,7 +32,7 @@ use crate::message::{Message, MsgId, Viewtype};
 use crate::mimeparser::{SystemMessage, is_hidden};
 use crate::param::Param;
 use crate::peer_channels::{create_iroh_header, get_iroh_topic_for_msg};
-use crate::pgp::{SeipdVersion, addresses_from_public_key};
+use crate::pgp::{SeipdVersion, addresses_from_public_key, pubkey_supports_seipdv2};
 use crate::simplify::escape_message_footer_marks;
 use crate::stock_str;
 use crate::tools::{
@@ -1163,17 +1162,6 @@ impl MimeFactory {
                 _ => None,
             };
 
-            // Do not anonymize OpenPGP recipients.
-            //
-            // This is disabled to avoid interoperability problems
-            // with old core versions <1.160.0 that do not support
-            // receiving messages with wildcard Key IDs:
-            // <https://github.com/chatmail/core/issues/7378>
-            //
-            // The option should be changed to true
-            // once new core versions are sufficiently deployed.
-            let anonymous_recipients = false;
-
             if context.get_config_bool(Config::TestHooks).await?
                 && let Some(hook) = &*context.pre_encrypt_mime_hook.lock()
             {
@@ -1188,14 +1176,13 @@ impl MimeFactory {
             } else {
                 // Asymmetric encryption
 
-                let seipd_version = if encryption_pubkeys.is_empty() {
-                    // If message is sent only to self,
-                    // use v2 SEIPD.
+                // Use SEIPDv2 if all recipients support it.
+                let seipd_version = if encryption_pubkeys
+                    .iter()
+                    .all(|(_addr, pubkey)| pubkey_supports_seipdv2(pubkey))
+                {
                     SeipdVersion::V2
                 } else {
-                    // If message is sent to others,
-                    // they may not support v2 SEIPD yet,
-                    // so use v1 SEIPD.
                     SeipdVersion::V1
                 };
 
@@ -1211,7 +1198,6 @@ impl MimeFactory {
                         encryption_keyring,
                         message,
                         compress,
-                        anonymous_recipients,
                         seipd_version,
                     )
                     .await?
@@ -1538,7 +1524,7 @@ impl MimeFactory {
                 let description = chat::get_chat_description(context, chat.id).await?;
                 headers.push((
                     "Chat-Group-Description",
-                    mail_builder::headers::text::Text::new(description.clone()).into(),
+                    mail_builder::headers::raw::Raw::new(b_encode(&description)).into(),
                 ));
                 if let Some(ts) = chat.param.get_i64(Param::GroupDescriptionTimestamp) {
                     headers.push((
@@ -1575,14 +1561,6 @@ impl MimeFactory {
                     mail_builder::headers::raw::Raw::new("auto-generated").into(),
                 ));
             }
-            SystemMessage::AutocryptSetupMessage => {
-                headers.push((
-                    "Autocrypt-Setup-Message",
-                    mail_builder::headers::raw::Raw::new("v1").into(),
-                ));
-
-                placeholdertext = Some(ASM_SUBJECT.to_string());
-            }
             SystemMessage::SecurejoinMessage => {
                 let step = msg.param.get(Param::Arg).unwrap_or_default();
                 if !step.is_empty() {

src/mimefactory/mimefactory_tests.rs

@@ -1,6 +1,9 @@
 use deltachat_contact_tools::ContactAddress;
 use mail_builder::headers::Header;
 use mailparse::{MailHeaderMap, addrparse_header};
+use pgp::armor;
+use pgp::packet::{Packet, PacketParser};
+use std::io::BufReader;
 use std::str;
 use std::time::Duration;
 
@@ -11,7 +14,7 @@ use crate::chat::{
 };
 use crate::chatlist::Chatlist;
 use crate::constants;
-use crate::contact::Origin;
+use crate::contact::{Origin, import_vcard};
 use crate::headerdef::HeaderDef;
 use crate::message;
 use crate::mimeparser::MimeMessage;
@@ -877,3 +880,85 @@ async fn test_no_empty_to_header() -> Result<()> {
 
     Ok(())
 }
+
+/// Parses ASCII-armored message and checks that it only has PKESK and SEIPD packets.
+///
+/// Panics if SEIPD packets are not of expected version.
+fn assert_seipd_version(payload: &str, version: usize) {
+    let cursor = Cursor::new(payload);
+    let dearmor = armor::Dearmor::new(cursor);
+    let packet_parser = PacketParser::new(BufReader::new(dearmor));
+    for packet in packet_parser {
+        match packet.unwrap() {
+            Packet::PublicKeyEncryptedSessionKey(_pkesk) => {}
+            Packet::SymEncryptedProtectedData(seipd) => {
+                assert_eq!(seipd.version(), version);
+            }
+            packet => {
+                panic!("Unexpected packet {:?}", packet);
+            }
+        }
+    }
+}
+
+/// Tests that messages between two test accounts use SEIPDv2 and not SEIPDv1.
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_use_seipdv2() -> Result<()> {
+    let mut tcm = TestContextManager::new();
+    let alice = &tcm.alice().await;
+    let bob = &tcm.bob().await;
+
+    let alice_chat_id = alice.create_chat_id(bob).await;
+    let sent = alice.send_text(alice_chat_id, "Hello!").await;
+    assert_seipd_version(&sent.payload, 2);
+
+    Ok(())
+}
+
+/// Tests that messages to keys that don't advertise SEIPDv2 support
+/// are sent using SEIPDv1.
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_fallback_to_seipdv1() -> Result<()> {
+    let mut tcm = TestContextManager::new();
+    let alice = &tcm.alice().await;
+    let bob = &tcm.bob().await;
+    let charlie = &tcm.charlie().await;
+
+    // vCard of Alice with no SEIPDv2 feature advertised in the key.
+    let alice_vcard = "BEGIN:VCARD
+VERSION:4.0
+EMAIL:alice@example.org
+FN:Alice
+KEY:data:application/pgp-keys;base64,mDMEXlh13RYJKwYBBAHaRw8BAQdAzfVIAleCXMJrq8VeLlEVof6ITCviMktKjmcBKAu4m5C0GUFsaWNlIDxhbGljZUBleGFtcGxlLm9yZz6IkAQTFggAOBYhBC5vossjtTLXKGNLWGSwj2Gp7ZRDBQJeWHXdAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEGSwj2Gp7ZRDE3oA/i4MCyDMTsjWqDZoQwX/A/GoTO2/V0wKPhjJJy/8m2pMAPkBjOnGOtx2SZpQvJGTa9h804RY6iDrRuI8A/8tEEXAA7g4BF5Ydd0SCisGAQQBl1UBBQEBB0AG7cjWy2SFAU8KnltlubVW67rFiyfp01JrRe6Xqy22HQMBCAeIeAQYFggAIBYhBC5vossjtTLXKGNLWGSwj2Gp7ZRDBQJeWHXdAhsMAAoJEGSwj2Gp7ZRDLo8BAObE8GnsGVwKzNqCvHeWgJsqhjS3C6gvSlV3tEm9XmF6AQDXucIyVfoBwoyMh2h6cSn/ATn5QJb35pgo+ivp3jsMAg==
+REV:20250412T195751Z
+END:VCARD";
+    let contact_ids = import_vcard(bob, alice_vcard).await.unwrap();
+    let alice_contact_id = contact_ids[0];
+    let chat_id = ChatId::create_for_contact(bob, alice_contact_id)
+        .await
+        .unwrap();
+
+    // Bob sends a message to Alice with SEIPDv1 packet.
+    let sent = bob.send_text(chat_id, "Hello!").await;
+    assert_seipd_version(&sent.payload, 1);
+
+    // Bob creates a group with Alice and Charlie.
+    // Sending a message there should also use SEIPDv1
+    // because for Bob it looks like Alice does not support SEIPDv2.
+    let charlie_contact_id = bob.add_or_lookup_contact_id(charlie).await;
+    let group_id = create_group(bob, "groupname").await.unwrap();
+    chat::add_contact_to_chat(bob, group_id, alice_contact_id).await?;
+    chat::add_contact_to_chat(bob, group_id, charlie_contact_id).await?;
+
+    let sent = bob.send_text(group_id, "Hello!").await;
+    assert_seipd_version(&sent.payload, 1);
+
+    // Bob gets a new key of Alice via new vCard
+    // and learns that Alice supports SEIPDv2.
+    assert_eq!(bob.add_or_lookup_contact_id(alice).await, alice_contact_id);
+
+    let sent = bob.send_text(group_id, "Hello again with SEIPDv2!").await;
+    assert_seipd_version(&sent.payload, 2);
+
+    Ok(())
+}

src/mimeparser.rs

@@ -199,6 +199,9 @@ pub enum SystemMessage {
     MemberRemovedFromGroup = 5,
 
     /// Autocrypt Setup Message.
+    ///
+    /// Deprecated as of 2026-03-15, such messages should not be created
+    /// but may exist in the database.
     AutocryptSetupMessage = 6,
 
     /// Secure-join message.

src/mimeparser/shared_secret_decryption_tests.rs

@@ -204,7 +204,7 @@ async fn test_qr_code_security() -> Result<()> {
     let charlie_addr = charlie.get_config(Config::Addr).await?.unwrap();
 
     let alice_fp = self_fingerprint(alice).await?;
-    let secret_for_encryption = dbg!(format!("securejoin/{alice_fp}/{authcode}"));
+    let secret_for_encryption = format!("securejoin/{alice_fp}/{authcode}");
     test_shared_secret_decryption_ex(
         bob,
         &charlie_addr,

src/net/tls.rs

@@ -7,8 +7,12 @@ use anyhow::Result;
 
 use crate::net::session::SessionStream;
 
+use tokio_rustls::rustls;
 use tokio_rustls::rustls::client::ClientSessionStore;
 
+mod danger;
+use danger::NoCertificateVerification;
+
 pub async fn wrap_tls<'a>(
     strict_tls: bool,
     hostname: &str,
@@ -82,7 +86,7 @@ impl TlsSessionStore {
                 .lock()
                 .entry((port, alpn.to_string()))
                 .or_insert_with(|| {
-                    Arc::new(tokio_rustls::rustls::client::ClientSessionMemoryCache::new(
+                    Arc::new(rustls::client::ClientSessionMemoryCache::new(
                         TLS_CACHE_SIZE,
                     ))
                 }),
@@ -98,10 +102,10 @@ pub async fn wrap_rustls<'a>(
     stream: impl SessionStream + 'a,
     tls_session_store: &TlsSessionStore,
 ) -> Result<impl SessionStream + 'a> {
-    let mut root_cert_store = tokio_rustls::rustls::RootCertStore::empty();
+    let mut root_cert_store = rustls::RootCertStore::empty();
     root_cert_store.extend(webpki_roots::TLS_SERVER_ROOTS.iter().cloned());
 
-    let mut config = tokio_rustls::rustls::ClientConfig::builder()
+    let mut config = rustls::ClientConfig::builder()
         .with_root_certificates(root_cert_store)
         .with_no_client_auth();
     config.alpn_protocols = if alpn.is_empty() {
@@ -118,13 +122,25 @@ pub async fn wrap_rustls<'a>(
     // and are not worth increasing
     // attack surface: <https://words.filippo.io/we-need-to-talk-about-session-tickets/>.
     let resumption_store = tls_session_store.get(port, alpn);
-    let resumption = tokio_rustls::rustls::client::Resumption::store(resumption_store)
-        .tls12_resumption(tokio_rustls::rustls::client::Tls12Resumption::Disabled);
+    let resumption = rustls::client::Resumption::store(resumption_store)
+        .tls12_resumption(rustls::client::Tls12Resumption::Disabled);
     config.resumption = resumption;
     config.enable_sni = use_sni;
 
+    // Do not verify certificates for hostnames starting with `_`.
+    // They are used for servers with self-signed certificates, e.g. for local testing.
+    // Hostnames starting with `_` can have only self-signed TLS certificates or wildcard certificates.
+    // It is not possible to get valid non-wildcard TLS certificates because CA/Browser Forum requirements
+    // explicitly state that domains should start with a letter, digit or hyphen:
+    // https://github.com/cabforum/servercert/blob/24f38fd4765e019db8bb1a8c56bf63c7115ce0b0/docs/BR.md
+    if hostname.starts_with("_") {
+        config
+            .dangerous()
+            .set_certificate_verifier(Arc::new(NoCertificateVerification::new()));
+    }
+
     let tls = tokio_rustls::TlsConnector::from(Arc::new(config));
-    let name = rustls_pki_types::ServerName::try_from(hostname)?.to_owned();
+    let name = tokio_rustls::rustls::pki_types::ServerName::try_from(hostname)?.to_owned();
     let tls_stream = tls.connect(name, stream).await?;
     Ok(tls_stream)
 }

src/net/tls/danger.rs

@@ -0,0 +1,55 @@
+//! Dangerous TLS implementation of accepting invalid certificates for Rustls.
+
+use rustls::pki_types::{CertificateDer, ServerName, UnixTime};
+use tokio_rustls::rustls;
+
+#[derive(Debug)]
+pub(super) struct NoCertificateVerification();
+
+impl NoCertificateVerification {
+    pub(super) fn new() -> Self {
+        Self()
+    }
+}
+
+impl rustls::client::danger::ServerCertVerifier for NoCertificateVerification {
+    fn verify_server_cert(
+        &self,
+        _end_entity: &CertificateDer<'_>,
+        _intermediates: &[CertificateDer<'_>],
+        _server_name: &ServerName<'_>,
+        _ocsp_response: &[u8],
+        _now: UnixTime,
+    ) -> Result<rustls::client::danger::ServerCertVerified, rustls::Error> {
+        Ok(rustls::client::danger::ServerCertVerified::assertion())
+    }
+
+    fn verify_tls12_signature(
+        &self,
+        message: &[u8],
+        cert: &CertificateDer<'_>,
+        dss: &rustls::DigitallySignedStruct,
+    ) -> Result<rustls::client::danger::HandshakeSignatureValid, rustls::Error> {
+        let provider = rustls::crypto::ring::default_provider();
+        let supported_schemes = &provider.signature_verification_algorithms;
+        rustls::crypto::verify_tls12_signature(message, cert, dss, supported_schemes)
+    }
+
+    fn verify_tls13_signature(
+        &self,
+        message: &[u8],
+        cert: &CertificateDer<'_>,
+        dss: &rustls::DigitallySignedStruct,
+    ) -> Result<rustls::client::danger::HandshakeSignatureValid, rustls::Error> {
+        let provider = rustls::crypto::ring::default_provider();
+        let supported_schemes = &provider.signature_verification_algorithms;
+        rustls::crypto::verify_tls13_signature(message, cert, dss, supported_schemes)
+    }
+
+    fn supported_verify_schemes(&self) -> Vec<rustls::SignatureScheme> {
+        let provider = rustls::crypto::ring::default_provider();
+        provider
+            .signature_verification_algorithms
+            .supported_schemes()
+    }
+}

src/pgp.rs

@@ -1,15 +1,14 @@
 //! OpenPGP helper module using [rPGP facilities](https://github.com/rpgp/rpgp).
 
-use std::collections::{BTreeMap, HashMap, HashSet};
-use std::io::{BufRead, Cursor};
+use std::collections::{HashMap, HashSet};
+use std::io::Cursor;
 
 use anyhow::{Context as _, Result, ensure};
 use deltachat_contact_tools::{EmailAddress, may_be_valid_addr};
-use pgp::armor::BlockType;
 use pgp::composed::{
     ArmorOptions, Deserializable, DetachedSignature, EncryptionCaps, KeyType as PgpKeyType,
-    Message, MessageBuilder, SecretKeyParamsBuilder, SignedKeyDetails, SignedPublicKey,
-    SignedPublicSubKey, SignedSecretKey, SubkeyParamsBuilder, SubpacketConfig,
+    MessageBuilder, SecretKeyParamsBuilder, SignedKeyDetails, SignedPublicKey, SignedPublicSubKey,
+    SignedSecretKey, SubkeyParamsBuilder, SubpacketConfig,
 };
 use pgp::crypto::aead::{AeadAlgorithm, ChunkSize};
 use pgp::crypto::ecc_curve::ECCCurve;
@@ -26,45 +25,9 @@ use tokio::runtime::Handle;
 
 use crate::key::{DcKey, Fingerprint};
 
-#[cfg(test)]
-pub(crate) const HEADER_AUTOCRYPT: &str = "autocrypt-prefer-encrypt";
-
-pub(crate) const HEADER_SETUPCODE: &str = "passphrase-begin";
-
 /// Preferred symmetric encryption algorithm.
 const SYMMETRIC_KEY_ALGORITHM: SymmetricKeyAlgorithm = SymmetricKeyAlgorithm::AES128;
 
-/// Split data from PGP Armored Data as defined in <https://tools.ietf.org/html/rfc4880#section-6.2>.
-///
-/// Returns (type, headers, base64 encoded body).
-pub fn split_armored_data(buf: &[u8]) -> Result<(BlockType, BTreeMap<String, String>, Vec<u8>)> {
-    use std::io::Read;
-
-    let cursor = Cursor::new(buf);
-    let mut dearmor = pgp::armor::Dearmor::new(cursor);
-
-    let mut bytes = Vec::with_capacity(buf.len());
-
-    dearmor.read_to_end(&mut bytes)?;
-    let typ = dearmor.typ.context("failed to parse type")?;
-
-    // normalize headers
-    let headers = dearmor
-        .headers
-        .into_iter()
-        .map(|(key, values)| {
-            (
-                key.trim().to_lowercase(),
-                values
-                    .last()
-                    .map_or_else(String::new, |s| s.trim().to_string()),
-            )
-        })
-        .collect();
-
-    Ok((typ, headers, bytes))
-}
-
 /// Create a new key pair.
 ///
 /// Both secret and public key consist of signing primary key and encryption subkey
@@ -151,7 +114,6 @@ pub async fn pk_encrypt(
     public_keys_for_encryption: Vec<SignedPublicKey>,
     private_key_for_signing: SignedSecretKey,
     compress: bool,
-    anonymous_recipients: bool,
     seipd_version: SeipdVersion,
 ) -> Result<String> {
     Handle::current()
@@ -166,13 +128,7 @@ pub async fn pk_encrypt(
                 hashed.push(Subpacket::critical(SubpacketData::SignatureCreationTime(
                     pgp::types::Timestamp::now(),
                 ))?);
-                // Test "elena" uses old Delta Chat.
-                let skip = private_key_for_signing.dc_fingerprint().hex()
-                    == "B86586B6DEF437D674BFAFC02A6B2EBC633B9E82";
                 for key in &public_keys_for_encryption {
-                    if skip {
-                        break;
-                    }
                     let data = SubpacketData::IntendedRecipientFingerprint(key.fingerprint());
                     let subpkt = match private_key_for_signing.version() < KeyVersion::V6 {
                         true => Subpacket::regular(data)?,
@@ -198,11 +154,7 @@ pub async fn pk_encrypt(
                     let mut msg = msg.seipd_v1(&mut rng, SYMMETRIC_KEY_ALGORITHM);
 
                     for pkey in pkeys {
-                        if anonymous_recipients {
-                            msg.encrypt_to_key_anonymous(&mut rng, &pkey)?;
-                        } else {
-                            msg.encrypt_to_key(&mut rng, &pkey)?;
-                        }
+                        msg.encrypt_to_key_anonymous(&mut rng, &pkey)?;
                     }
 
                     let hash_algorithm = private_key_for_signing.hash_alg();
@@ -227,11 +179,7 @@ pub async fn pk_encrypt(
                     );
 
                     for pkey in pkeys {
-                        if anonymous_recipients {
-                            msg.encrypt_to_key_anonymous(&mut rng, &pkey)?;
-                        } else {
-                            msg.encrypt_to_key(&mut rng, &pkey)?;
-                        }
+                        msg.encrypt_to_key_anonymous(&mut rng, &pkey)?;
                     }
 
                     let hash_algorithm = private_key_for_signing.hash_alg();
@@ -344,24 +292,6 @@ pub fn pk_validate(
     Ok(ret)
 }
 
-/// Symmetric encryption for the autocrypt setup message (ASM).
-pub async fn symm_encrypt_autocrypt_setup(passphrase: &str, plain: Vec<u8>) -> Result<String> {
-    let passphrase = Password::from(passphrase.to_string());
-
-    tokio::task::spawn_blocking(move || {
-        let mut rng = thread_rng();
-        let s2k = StringToKey::new_default(&mut rng);
-        let builder = MessageBuilder::from_bytes("", plain);
-        let mut builder = builder.seipd_v1(&mut rng, SYMMETRIC_KEY_ALGORITHM);
-        builder.encrypt_with_password(s2k, &passphrase)?;
-
-        let encoded_msg = builder.to_armored_string(&mut rng, Default::default())?;
-
-        Ok(encoded_msg)
-    })
-    .await?
-}
-
 /// Symmetrically encrypt the message.
 /// This is used for broadcast channels and for version 2 of the Securejoin protocol.
 /// `shared secret` is the secret that will be used for symmetric encryption.
@@ -405,23 +335,6 @@ pub async fn symm_encrypt_message(
     .await?
 }
 
-/// Symmetric decryption.
-pub async fn symm_decrypt<T: BufRead + std::fmt::Debug + 'static + Send>(
-    passphrase: &str,
-    ctext: T,
-) -> Result<Vec<u8>> {
-    let passphrase = passphrase.to_string();
-    tokio::task::spawn_blocking(move || {
-        let (enc_msg, _) = Message::from_armor(ctext)?;
-        let password = Password::from(passphrase);
-
-        let msg = enc_msg.decrypt_with_password(&password)?;
-        let res = msg.decompress()?.as_data_vec()?;
-        Ok(res)
-    })
-    .await?
-}
-
 /// Merges and minimizes OpenPGP certificates.
 ///
 /// Keeps at most one direct key signature and
@@ -582,6 +495,35 @@ pub(crate) fn addresses_from_public_key(public_key: &SignedPublicKey) -> Option<
     None
 }
 
+/// Returns true if public key advertises SEIPDv2 feature.
+pub(crate) fn pubkey_supports_seipdv2(public_key: &SignedPublicKey) -> bool {
+    // If any Direct Key Signature or any User ID signature has SEIPDv2 feature,
+    // assume that recipient can handle SEIPDv2.
+    //
+    // Third-party User ID signatures are dropped during certificate merging.
+    // We don't check if the User ID is primary User ID.
+    // Primary User ID is preferred during merging
+    // and if some key has only non-primary User ID
+    // it is acceptable. It is anyway unlikely that SEIPDv2
+    // is advertised in a key without DKS or primary User ID.
+    public_key
+        .details
+        .direct_signatures
+        .iter()
+        .chain(
+            public_key
+                .details
+                .users
+                .iter()
+                .flat_map(|user| user.signatures.iter()),
+        )
+        .any(|signature| {
+            signature
+                .features()
+                .is_some_and(|features| features.seipd_v2())
+        })
+}
+
 #[cfg(test)]
 mod tests {
     use std::sync::LazyLock;
@@ -596,7 +538,7 @@ mod tests {
         test_utils::{TestContext, TestContextManager, alice_keypair, bob_keypair},
         token,
     };
-    use pgp::composed::Esk;
+    use pgp::composed::{Esk, Message};
     use pgp::packet::PublicKeyEncryptedSessionKey;
 
     async fn decrypt_bytes(
@@ -641,33 +583,6 @@ mod tests {
         Ok((msg, ret_signature_fingerprints, content))
     }
 
-    #[test]
-    fn test_split_armored_data_1() {
-        let (typ, _headers, base64) = split_armored_data(
-            b"-----BEGIN PGP MESSAGE-----\nNoVal:\n\naGVsbG8gd29ybGQ=\n-----END PGP MESSAGE-----",
-        )
-        .unwrap();
-
-        assert_eq!(typ, BlockType::Message);
-        assert!(!base64.is_empty());
-        assert_eq!(
-            std::string::String::from_utf8(base64).unwrap(),
-            "hello world"
-        );
-    }
-
-    #[test]
-    fn test_split_armored_data_2() {
-        let (typ, headers, base64) = split_armored_data(
-            b"-----BEGIN PGP PRIVATE KEY BLOCK-----\nAutocrypt-Prefer-Encrypt: mutual \n\naGVsbG8gd29ybGQ=\n-----END PGP PRIVATE KEY BLOCK-----"
-        )
-            .unwrap();
-
-        assert_eq!(typ, BlockType::PrivateKey);
-        assert!(!base64.is_empty());
-        assert_eq!(headers.get(HEADER_AUTOCRYPT), Some(&"mutual".to_string()));
-    }
-
     #[test]
     fn test_create_keypair() {
         let keypair0 = create_keypair(EmailAddress::new("foo@bar.de").unwrap()).unwrap();
@@ -707,7 +622,6 @@ mod tests {
 
     /// A ciphertext encrypted to Alice & Bob, signed by Alice.
     async fn ctext_signed() -> &'static String {
-        let anonymous_recipients = true;
         CTEXT_SIGNED
             .get_or_init(|| async {
                 let keyring = vec![KEYS.alice_public.clone(), KEYS.bob_public.clone()];
@@ -718,7 +632,6 @@ mod tests {
                     keyring,
                     KEYS.alice_secret.clone(),
                     compress,
-                    anonymous_recipients,
                     SeipdVersion::V2,
                 )
                 .await
@@ -905,12 +818,12 @@ mod tests {
         let pk_for_encryption = load_self_public_key(alice).await?;
 
         // Encrypt a message, but only to self, not to Bob:
+        let compress = true;
         let ctext = pk_encrypt(
             plain,
             vec![pk_for_encryption],
             KEYS.alice_secret.clone(),
-            true,
-            true,
+            compress,
             SeipdVersion::V2,
         )
         .await?;

src/qr.rs

@@ -682,6 +682,12 @@ fn decode_account(qr: &str) -> Result<Qr> {
     let payload = qr
         .get(DCACCOUNT_SCHEME.len()..)
         .context("Invalid DCACCOUNT payload")?;
+
+    // Handle `dcaccount://...` URLs.
+    let payload = payload.strip_prefix("//").unwrap_or(payload);
+    if payload.is_empty() {
+        bail!("dcaccount payload is empty");
+    }
     if payload.starts_with("https://") {
         let url = url::Url::parse(payload).context("Invalid account URL")?;
         if url.scheme() == "https" {
@@ -695,6 +701,12 @@ fn decode_account(qr: &str) -> Result<Qr> {
             bail!("Bad scheme for account URL: {:?}.", url.scheme());
         }
     } else {
+        if payload.starts_with("/") {
+            // Handle `dcaccount:///` URL reported to have been created
+            // by Telegram link parser at
+            // <https://support.delta.chat/t/could-not-find-dns-resolutions-for-imap-993-when-adding-a-relay/4907>
+            bail!("Hostname in dcaccount URL cannot start with /");
+        }
         Ok(Qr::Account {
             domain: payload.to_string(),
         })

src/qr/qr_tests.rs

@@ -721,7 +721,9 @@ async fn test_decode_account() -> Result<()> {
 
     for text in [
         "DCACCOUNT:example.org",
+        "DCACCOUNT://example.org",
         "dcaccount:example.org",
+        "dcaccount://example.org",
         "DCACCOUNT:https://example.org/new_email?t=1w_7wDjgjelxeX884x96v3",
         "dcaccount:https://example.org/new_email?t=1w_7wDjgjelxeX884x96v3",
     ] {
@@ -737,6 +739,21 @@ async fn test_decode_account() -> Result<()> {
     Ok(())
 }
 
+/// Tests that decoding empty `dcaccount://` URL results in an error.
+/// We should not suggest trying to configure an account in this case.
+/// Such links may be created by copy-paste error or because of incorrect parsing.
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_decode_empty_account() -> Result<()> {
+    let ctx = TestContext::new().await;
+
+    for text in ["DCACCOUNT:", "dcaccount:", "dcaccount://", "dcaccount:///"] {
+        let qr = check_qr(&ctx.ctx, text).await;
+        assert!(qr.is_err(), "Invalid {text:?} is parsed as dcaccount URL");
+    }
+
+    Ok(())
+}
+
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_decode_tg_socks_proxy() -> Result<()> {
     let t = TestContext::new().await;

src/reaction.rs

@@ -393,7 +393,9 @@ mod tests {
     use crate::chatlist::Chatlist;
     use crate::config::Config;
     use crate::contact::{Contact, Origin};
-    use crate::message::{MessageState, Viewtype, delete_msgs};
+    use crate::key::{load_self_public_key, load_self_secret_key};
+    use crate::message::{MessageState, Viewtype, delete_msgs, markseen_msgs};
+    use crate::pgp::{SeipdVersion, pk_encrypt};
     use crate::receive_imf::receive_imf;
     use crate::sql::housekeeping;
     use crate::test_utils::E2EE_INFO_MSGS;
@@ -956,4 +958,152 @@ Content-Disposition: reaction\n\
         }
         Ok(())
     }
+
+    /// Tests that if reaction requests a read receipt,
+    /// no read receipt is sent when the chat is marked as noticed.
+    ///
+    /// Reactions create hidden messages in the chat,
+    /// and when marking the chat as noticed marks
+    /// such messages as seen, read receipts should never be sent
+    /// to avoid the sender of reaction from learning
+    /// that receiver opened the chat.
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_reaction_request_mdn() -> Result<()> {
+        let mut tcm = TestContextManager::new();
+        let alice = &tcm.alice().await;
+        let bob = &tcm.bob().await;
+
+        let alice_chat_id = alice.create_chat_id(bob).await;
+        let alice_sent_msg = alice.send_text(alice_chat_id, "Hello!").await;
+
+        let bob_msg = bob.recv_msg(&alice_sent_msg).await;
+        bob_msg.chat_id.accept(bob).await?;
+        assert_eq!(bob_msg.state, MessageState::InFresh);
+        let bob_chat_id = bob_msg.chat_id;
+        bob_chat_id.accept(bob).await?;
+
+        markseen_msgs(bob, vec![bob_msg.id]).await?;
+        assert_eq!(
+            bob.sql
+                .count(
+                    "SELECT COUNT(*) FROM smtp_mdns WHERE from_id!=?",
+                    (ContactId::SELF,)
+                )
+                .await?,
+            1
+        );
+        bob.sql.execute("DELETE FROM smtp_mdns", ()).await?;
+
+        // Construct reaction with an MDN request.
+        // Note the `Chat-Disposition-Notification-To` header.
+        let known_id = bob_msg.rfc724_mid;
+        let new_id = "e2b6e69e-4124-4e2a-b79f-e4f1be667165@localhost";
+
+        let plain_text = format!(
+            "Content-Type: text/plain; charset=\"utf-8\"; protected-headers=\"v1\"; \r
+        hp=\"cipher\"\r
+Content-Disposition: reaction\r
+From: \"Alice\" <alice@example.org>\r
+To: \"Bob\" <bob@example.net>\r
+Subject: Message from Alice\r
+Date: Sat, 14 Mar 2026 01:02:03 +0000\r
+In-Reply-To: <{known_id}>\r
+References: <{known_id}>\r
+Chat-Version: 1.0\r
+Chat-Disposition-Notification-To: alice@example.org\r
+Message-ID: <{new_id}>\r
+HP-Outer: From: <alice@example.org>\r
+HP-Outer: To: \"hidden-recipients\": ;\r
+HP-Outer: Subject: [...]\r
+HP-Outer: Date: Sat, 14 Mar 2026 01:02:03 +0000\r
+HP-Outer: Message-ID: <{new_id}>\r
+HP-Outer: In-Reply-To: <{known_id}>\r
+HP-Outer: References: <{known_id}>\r
+HP-Outer: Chat-Version: 1.0\r
+Content-Transfer-Encoding: base64\r
+\r
+8J+RgA==\r
+"
+        );
+
+        let alice_public_key = load_self_public_key(alice).await?;
+        let bob_public_key = load_self_public_key(bob).await?;
+        let alice_secret_key = load_self_secret_key(alice).await?;
+        let public_keys_for_encryption = vec![alice_public_key, bob_public_key];
+        let compress = true;
+        let encrypted_payload = pk_encrypt(
+            plain_text.as_bytes().to_vec(),
+            public_keys_for_encryption,
+            alice_secret_key,
+            compress,
+            SeipdVersion::V2,
+        )
+        .await?;
+
+        let boundary = "boundary123";
+        let rcvd_mail = format!(
+            "From: <alice@example.org>\r
+To: \"hidden-recipients\": ;\r
+Subject: [...]\r
+Date: Sat, 14 Mar 2026 01:02:03 +0000\r
+Message-ID: <{new_id}>\r
+In-Reply-To: <{known_id}>\r
+References: <{known_id}>\r
+Content-Type: multipart/encrypted; protocol=\"application/pgp-encrypted\";\r
+        boundary=\"{boundary}\"\r
+MIME-Version: 1.0\r
+\r
+--{boundary}\r
+Content-Type: application/pgp-encrypted; charset=\"utf-8\"\r
+Content-Description: PGP/MIME version identification\r
+Content-Transfer-Encoding: 7bit\r
+\r
+Version: 1\r
+\r
+--{boundary}\r
+Content-Type: application/octet-stream; name=\"encrypted.asc\";\r
+        charset=\"utf-8\"\r
+Content-Description: OpenPGP encrypted message\r
+Content-Disposition: inline; filename=\"encrypted.asc\";\r
+Content-Transfer-Encoding: 7bit\r
+\r
+{encrypted_payload}
+--{boundary}--\r
+"
+        );
+
+        let received = receive_imf(bob, rcvd_mail.as_bytes(), false)
+            .await?
+            .unwrap();
+        let bob_hidden_msg = Message::load_from_db(bob, *received.msg_ids.last().unwrap())
+            .await
+            .unwrap();
+        assert!(bob_hidden_msg.hidden);
+        assert_eq!(bob_hidden_msg.chat_id, bob_chat_id);
+
+        // Bob does not see new message and cannot mark it as seen directly,
+        // but can mark the chat as noticed when opening it.
+        marknoticed_chat(bob, bob_chat_id).await?;
+
+        assert_eq!(
+            bob.sql
+                .count(
+                    "SELECT COUNT(*) FROM smtp_mdns WHERE from_id!=?",
+                    (ContactId::SELF,)
+                )
+                .await?,
+            0,
+            "Bob should not send MDN to Alice"
+        );
+
+        // MDN request was ignored, but reaction was not.
+        let reactions = get_msg_reactions(bob, bob_msg.id).await?;
+        assert_eq!(reactions.reactions.len(), 1);
+        assert_eq!(
+            reactions.emoji_sorted_by_frequency(),
+            vec![("👀".to_string(), 1)]
+        );
+
+        Ok(())
+    }
 }

src/receive_imf.rs

@@ -729,8 +729,7 @@ pub(crate) async fn receive_imf_inner(
 
         let allow_creation = if mime_parser.decrypting_failed {
             false
-        } else if mime_parser.is_system_message != SystemMessage::AutocryptSetupMessage
-            && is_dc_message == MessengerMessage::No
+        } else if is_dc_message == MessengerMessage::No
             && !context.get_config_bool(Config::IsChatmail).await?
         {
             // the message is a classic email in a classic profile
@@ -1322,15 +1321,35 @@ async fn decide_chat_assignment(
     // no database row and ChatId yet.
     let mut num_recipients = 0;
     let mut has_self_addr = false;
-    for recipient in &mime_parser.recipients {
-        has_self_addr |= context.is_self_addr(&recipient.addr).await?;
-        if addr_cmp(&recipient.addr, &mime_parser.from.addr) {
-            continue;
+
+    if let Some((sender_fingerprint, intended_recipient_fingerprints)) = mime_parser
+        .signature
+        .as_ref()
+        .filter(|(_sender_fingerprint, fps)| !fps.is_empty())
+    {
+        // The message is signed and has intended recipient fingerprints.
+
+        // If the message has intended recipient fingerprint and is not trashed already,
+        // then it is intended for us.
+        has_self_addr = true;
+
+        num_recipients = intended_recipient_fingerprints
+            .iter()
+            .filter(|fp| *fp != sender_fingerprint)
+            .count();
+    } else {
+        // Message has no intended recipient fingerprints
+        // or is not signed, count the `To` field recipients.
+        for recipient in &mime_parser.recipients {
+            has_self_addr |= context.is_self_addr(&recipient.addr).await?;
+            if addr_cmp(&recipient.addr, &mime_parser.from.addr) {
+                continue;
+            }
+            num_recipients += 1;
+        }
+        if from_id != ContactId::SELF && !has_self_addr {
+            num_recipients += 1;
         }
-        num_recipients += 1;
-    }
-    if from_id != ContactId::SELF && !has_self_addr {
-        num_recipients += 1;
     }
     let mut can_be_11_chat_log = String::new();
     let mut l = |cond: bool, s: String| {

src/receive_imf/receive_imf_tests.rs

@@ -5108,97 +5108,75 @@ async fn test_dont_verify_by_verified_by_unknown() -> Result<()> {
     Ok(())
 }
 
+/// Tests that second device assigns outgoing encrypted messages
+/// to 1:1 chat with key-contact even if the key of the contact is unknown.
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_recv_outgoing_msg_before_securejoin() -> Result<()> {
     let mut tcm = TestContextManager::new();
     let bob = &tcm.bob().await;
-    let a0 = &tcm.elena().await;
-    let a1 = &tcm.elena().await;
-
-    tcm.execute_securejoin(bob, a0).await;
-    let chat_id_a0_bob = a0.create_chat_id(bob).await;
-    let sent_msg = a0.send_text(chat_id_a0_bob, "Hi").await;
-    bob.recv_msg(&sent_msg).await;
-    let msg_a1 = a1.recv_msg(&sent_msg).await;
-    assert!(msg_a1.get_showpadlock());
-    let chat_a1 = Chat::load_from_db(a1, msg_a1.chat_id).await?;
-    assert_eq!(chat_a1.typ, Chattype::Group);
-    assert!(!chat_a1.is_encrypted(a1).await?);
-    assert_eq!(
-        chat::get_chat_contacts(a1, chat_a1.id).await?,
-        [a1.add_or_lookup_address_contact_id(bob).await]
-    );
-    assert_eq!(
-        chat_a1.why_cant_send(a1).await?,
-        Some(CantSendReason::NotAMember)
-    );
-
-    let sent_msg = a0.send_text(chat_id_a0_bob, "Hi again").await;
-    bob.recv_msg(&sent_msg).await;
-    let msg_a1 = a1.recv_msg(&sent_msg).await;
-    assert!(msg_a1.get_showpadlock());
-    assert_eq!(msg_a1.chat_id, chat_a1.id);
-    let chat_a1 = Chat::load_from_db(a1, msg_a1.chat_id).await?;
-    assert_eq!(
-        chat_a1.why_cant_send(a1).await?,
-        Some(CantSendReason::NotAMember)
-    );
-
-    let msg_a1 = tcm.send_recv(bob, a1, "Hi back").await;
-    assert!(msg_a1.get_showpadlock());
-    let chat_a1 = Chat::load_from_db(a1, msg_a1.chat_id).await?;
-    assert_eq!(chat_a1.typ, Chattype::Single);
-    assert!(chat_a1.is_encrypted(a1).await?);
-    // Weird, but fine, anyway the bigger problem is the conversation split into two chats.
-    assert_eq!(
-        chat_a1.why_cant_send(a1).await?,
-        Some(CantSendReason::ContactRequest)
-    );
-
     let a0 = &tcm.alice().await;
     let a1 = &tcm.alice().await;
+
     tcm.execute_securejoin(bob, a0).await;
     let chat_id_a0_bob = a0.create_chat_id(bob).await;
     let sent_msg = a0.send_text(chat_id_a0_bob, "Hi").await;
-    bob.recv_msg(&sent_msg).await;
+
+    // Device a1 does not have Bob's key.
+    // Message is still received in an encrypted 1:1 chat with Bob.
+    // a1 learns the fingerprint of Bob from the Intended Recipient Fingerprint packet,
+    // but not the key.
     let msg_a1 = a1.recv_msg(&sent_msg).await;
     assert!(msg_a1.get_showpadlock());
     let chat_a1 = Chat::load_from_db(a1, msg_a1.chat_id).await?;
     assert_eq!(chat_a1.typ, Chattype::Single);
     assert!(chat_a1.is_encrypted(a1).await?);
+
+    // Cannot send because a1 does not have Bob's key.
+    assert!(!chat_a1.can_send(a1).await?);
+    assert_eq!(
+        chat_a1.why_cant_send(a1).await?,
+        Some(CantSendReason::MissingKey)
+    );
+
     assert_eq!(
         chat::get_chat_contacts(a1, chat_a1.id).await?,
-        [a1.add_or_lookup_contact_id(bob).await]
+        [a1.add_or_lookup_contact_id_no_key(bob).await]
     );
-    assert!(chat_a1.can_send(a1).await?);
+    assert!(!chat_a1.can_send(a1).await?);
+
+    let a1_chat_id = a1.create_chat_id(bob).await;
+    assert_eq!(a1_chat_id, msg_a1.chat_id);
     Ok(())
 }
 
+/// Tests that outgoing message cannot be assigned to 1:1 chat
+/// without the intended recipient fingerprint.
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_recv_outgoing_msg_before_having_key_and_after() -> Result<()> {
+async fn test_recv_outgoing_msg_no_intended_recipient_fingerprint() -> Result<()> {
     let mut tcm = TestContextManager::new();
-    let a0 = &tcm.elena().await;
-    let a1 = &tcm.elena().await;
-    let bob = &tcm.bob().await;
+    let alice = &tcm.alice().await;
 
-    tcm.execute_securejoin(bob, a0).await;
-    let chat_id_a0_bob = a0.create_chat_id(bob).await;
-    let sent_msg = a0.send_text(chat_id_a0_bob, "Hi").await;
-    let msg_a1 = a1.recv_msg(&sent_msg).await;
-    assert!(msg_a1.get_showpadlock());
-    let chat_a1 = Chat::load_from_db(a1, msg_a1.chat_id).await?;
-    assert_eq!(chat_a1.typ, Chattype::Group);
-    assert!(!chat_a1.is_encrypted(a1).await?);
+    let payload = include_bytes!(
+        "../../test-data/message/alice_to_bob_no_intended_recipient_fingerprint.eml"
+    );
+
+    // Alice does not have Bob's key.
+    // Message is encrypted, but is received in ad hoc group with Bob's address.
+    let rcvd_msg = receive_imf(alice, payload, false).await?.unwrap();
+    let msg_alice = Message::load_from_db(alice, rcvd_msg.msg_ids[0]).await?;
+
+    assert!(msg_alice.get_showpadlock());
+    let chat_alice = Chat::load_from_db(alice, msg_alice.chat_id).await?;
+    assert_eq!(chat_alice.typ, Chattype::Group);
+    assert!(!chat_alice.is_encrypted(alice).await?);
+
+    // Cannot send because Bob's key is unknown.
+    assert!(!chat_alice.can_send(alice).await?);
+    assert_eq!(
+        chat_alice.why_cant_send(alice).await?,
+        Some(CantSendReason::NotAMember)
+    );
 
-    // Device a1 somehow learns Bob's key and creates the corresponding chat. However, this doesn't
-    // help because we only look up key contacts by address in a particular chat and the new chat
-    // isn't referenced by the received message. This is fixed by sending and receiving Intended
-    // Recipient Fingerprint subpackets which elena doesn't send.
-    a1.create_chat_id(bob).await;
-    let sent_msg = a0.send_text(chat_id_a0_bob, "Hi again").await;
-    let msg_a1 = a1.recv_msg(&sent_msg).await;
-    assert!(msg_a1.get_showpadlock());
-    assert_eq!(msg_a1.chat_id, chat_a1.id);
     Ok(())
 }
 

src/smtp.rs

@@ -706,7 +706,7 @@ pub(crate) async fn add_self_recipients(
         // them. Normally the user should have a non-chatmail primary transport to send unencrypted
         // messages.
         if encrypted {
-            for addr in context.get_secondary_self_addrs().await? {
+            for addr in context.get_published_secondary_self_addrs().await? {
                 recipients.push(addr);
             }
         }

src/sql/migrations.rs

@@ -2343,6 +2343,26 @@ ALTER TABLE contacts ADD COLUMN name_normalized TEXT;
         .await?;
     }
 
+    // Add an `is_published` flag to transports.
+    // Unpublished transports are not advertised to contacts,
+    // and self-sent messages are not sent there,
+    // so that we don't cause extra messages to the corresponding inbox,
+    // but can still receive messages from contacts who don't know our new transport addresses yet.
+    // The default is true, but when when the user updates the app,
+    // existing secondary transports are set to unpublished,
+    // so that an existing transport address doesn't suddenly get spammed with a lot of messages.
+    inc_and_check(&mut migration_version, 149)?;
+    if dbversion < migration_version {
+        sql.execute_migration(
+            "ALTER TABLE transports ADD COLUMN is_published INTEGER DEFAULT 1 NOT NULL;
+            UPDATE transports SET is_published=0 WHERE addr!=(
+                SELECT value FROM config WHERE keyname='configured_addr'
+            )",
+            migration_version,
+        )
+        .await?;
+    }
+
     let new_version = sql
         .get_raw_config_int(VERSION_CFG)
         .await?

src/summary.rs

@@ -490,12 +490,5 @@ mod tests {
             msg.get_summary_text_without_prefix(ctx).await,
             "📎 foo.bar \u{2013} bla bla"
         ); // skipping prefix used for reactions summaries
-
-        let mut msg = Message::new(Viewtype::File);
-        msg.set_file_from_bytes(ctx, "autocrypt-setup-message.html", b"data", None)
-            .unwrap();
-        msg.param.set_cmd(SystemMessage::AutocryptSetupMessage);
-        assert_summary_texts(&msg, ctx, "📎 autocrypt-setup-message.html").await;
-        // no special handling of ASM
     }
 }

src/sync.rs

@@ -65,6 +65,10 @@ pub(crate) struct TransportData {
 
     /// Timestamp of when the transport was last time (re)configured.
     pub(crate) timestamp: i64,
+
+    /// Whether the transport is published.
+    /// See [`Context::set_transport_unpublished`] for details.
+    pub(crate) is_published: bool,
 }
 
 #[derive(Debug, Serialize, Deserialize)]

src/test_utils.rs

@@ -118,7 +118,6 @@ impl TestContextManager {
     }
 
     /// Returns new elena's "device".
-    /// Elena doesn't send Intended Recipient Fingerprint subpackets to simulate old Delta Chat.
     pub async fn elena(&mut self) -> TestContext {
         TestContext::builder()
             .configure_elena()
@@ -211,7 +210,7 @@ impl TestContextManager {
             "INSERT OR IGNORE INTO transports (addr, entered_param, configured_param) VALUES (?, ?, ?)",
                (
                    new_addr,
-                   serde_json::to_string(&EnteredLoginParam::default()).unwrap(),
+                   serde_json::to_string(&EnteredLoginParam{addr: new_addr.to_string(), ..Default::default()}).unwrap(),
                    format!(r#"{{"addr":"{new_addr}","imap":[],"imap_user":"","imap_password":"","smtp":[],"smtp_user":"","smtp_password":"","certificate_checks":"Automatic","oauth2":false}}"#)
               ),
           ).await.unwrap();
@@ -894,7 +893,7 @@ impl TestContext {
     ///
     /// If the contact does not exist yet, a new contact will be created
     /// with the correct fingerprint, but without the public key.
-    async fn add_or_lookup_contact_id_no_key(&self, other: &TestContext) -> ContactId {
+    pub async fn add_or_lookup_contact_id_no_key(&self, other: &TestContext) -> ContactId {
         let primary_self_addr = other.ctx.get_primary_self_addr().await.unwrap();
         let addr = ContactAddress::new(&primary_self_addr).unwrap();
         let fingerprint = self_fingerprint(other).await.unwrap();

src/transport.rs

@@ -562,7 +562,15 @@ impl ConfiguredLoginParam {
         entered_param: &EnteredLoginParam,
         timestamp: i64,
     ) -> Result<()> {
-        save_transport(context, entered_param, &self.into(), timestamp).await?;
+        let is_published = true;
+        save_transport(
+            context,
+            entered_param,
+            &self.into(),
+            timestamp,
+            is_published,
+        )
+        .await?;
         Ok(())
     }
 
@@ -628,6 +636,7 @@ pub(crate) async fn save_transport(
     entered_param: &EnteredLoginParam,
     configured: &ConfiguredLoginParamJson,
     add_timestamp: i64,
+    is_published: bool,
 ) -> Result<bool> {
     let addr = addr_normalize(&configured.addr);
     let configured_addr = context.get_config(Config::ConfiguredAddr).await?;
@@ -635,20 +644,23 @@ pub(crate) async fn save_transport(
     let mut modified = context
         .sql
         .execute(
-            "INSERT INTO transports (addr, entered_param, configured_param, add_timestamp)
-             VALUES (?, ?, ?, ?)
+            "INSERT INTO transports (addr, entered_param, configured_param, add_timestamp, is_published)
+             VALUES (?, ?, ?, ?, ?)
              ON CONFLICT (addr)
              DO UPDATE SET entered_param=excluded.entered_param,
                            configured_param=excluded.configured_param,
-                           add_timestamp=excluded.add_timestamp
+                           add_timestamp=excluded.add_timestamp,
+                           is_published=excluded.is_published
              WHERE entered_param != excluded.entered_param
                  OR configured_param != excluded.configured_param
-                 OR add_timestamp < excluded.add_timestamp",
+                 OR add_timestamp < excluded.add_timestamp
+                 OR is_published != excluded.is_published",
             (
                 &addr,
                 serde_json::to_string(entered_param)?,
                 serde_json::to_string(configured)?,
                 add_timestamp,
+                is_published,
             ),
         )
         .await?
@@ -685,7 +697,7 @@ pub(crate) async fn send_sync_transports(context: &Context) -> Result<()> {
     let transports = context
         .sql
         .query_map_vec(
-            "SELECT entered_param, configured_param, add_timestamp
+            "SELECT entered_param, configured_param, add_timestamp, is_published
              FROM transports WHERE id>1",
             (),
             |row| {
@@ -694,10 +706,12 @@ pub(crate) async fn send_sync_transports(context: &Context) -> Result<()> {
                 let configured_json: String = row.get(1)?;
                 let configured: ConfiguredLoginParamJson = serde_json::from_str(&configured_json)?;
                 let timestamp: i64 = row.get(2)?;
+                let is_published: bool = row.get(3)?;
                 Ok(TransportData {
                     configured,
                     entered,
                     timestamp,
+                    is_published,
                 })
             },
         )
@@ -736,9 +750,10 @@ pub(crate) async fn sync_transports(
         configured,
         entered,
         timestamp,
+        is_published,
     } in transports
     {
-        modified |= save_transport(context, entered, configured, *timestamp).await?;
+        modified |= save_transport(context, entered, configured, *timestamp, *is_published).await?;
     }
 
     context
@@ -784,7 +799,7 @@ pub(crate) async fn add_pseudo_transport(context: &Context, addr: &str) -> Resul
             "INSERT INTO transports (addr, entered_param, configured_param) VALUES (?, ?, ?)",
             (
                 addr,
-                serde_json::to_string(&EnteredLoginParam::default())?,
+                serde_json::to_string(&EnteredLoginParam{addr: addr.to_string(), ..Default::default()})?,
                 format!(r#"{{"addr":"{addr}","imap":[],"imap_user":"","imap_password":"","smtp":[],"smtp_user":"","smtp_password":"","certificate_checks":"Automatic","oauth2":false}}"#)
             ),
         )
@@ -793,283 +808,4 @@ pub(crate) async fn add_pseudo_transport(context: &Context, addr: &str) -> Resul
 }
 
 #[cfg(test)]
-mod tests {
-    use super::*;
-    use crate::log::LogExt as _;
-    use crate::provider::get_provider_by_id;
-    use crate::test_utils::TestContext;
-    use crate::tools::time;
-
-    #[test]
-    fn test_configured_certificate_checks_display() {
-        use std::string::ToString;
-
-        assert_eq!(
-            "accept_invalid_certificates".to_string(),
-            ConfiguredCertificateChecks::AcceptInvalidCertificates.to_string()
-        );
-    }
-
-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_save_load_login_param() -> Result<()> {
-        let t = TestContext::new().await;
-
-        let param = ConfiguredLoginParam {
-            addr: "alice@example.org".to_string(),
-            imap: vec![ConfiguredServerLoginParam {
-                connection: ConnectionCandidate {
-                    host: "imap.example.com".to_string(),
-                    port: 123,
-                    security: ConnectionSecurity::Starttls,
-                },
-                user: "alice".to_string(),
-            }],
-            imap_user: "".to_string(),
-            imap_password: "foo".to_string(),
-            smtp: vec![ConfiguredServerLoginParam {
-                connection: ConnectionCandidate {
-                    host: "smtp.example.com".to_string(),
-                    port: 456,
-                    security: ConnectionSecurity::Tls,
-                },
-                user: "alice@example.org".to_string(),
-            }],
-            smtp_user: "".to_string(),
-            smtp_password: "bar".to_string(),
-            provider: None,
-            certificate_checks: ConfiguredCertificateChecks::Strict,
-            oauth2: false,
-        };
-
-        param
-            .clone()
-            .save_to_transports_table(&t, &EnteredLoginParam::default(), time())
-            .await?;
-        let expected_param = r#"{"addr":"alice@example.org","imap":[{"connection":{"host":"imap.example.com","port":123,"security":"Starttls"},"user":"alice"}],"imap_user":"","imap_password":"foo","smtp":[{"connection":{"host":"smtp.example.com","port":456,"security":"Tls"},"user":"alice@example.org"}],"smtp_user":"","smtp_password":"bar","provider_id":null,"certificate_checks":"Strict","oauth2":false}"#;
-        assert_eq!(
-            t.sql
-                .query_get_value::<String>("SELECT configured_param FROM transports", ())
-                .await?
-                .unwrap(),
-            expected_param
-        );
-        assert_eq!(t.is_configured().await?, true);
-        let (_transport_id, loaded) = ConfiguredLoginParam::load(&t).await?.unwrap();
-        assert_eq!(param, loaded);
-
-        // Legacy ConfiguredImapCertificateChecks config is ignored
-        t.set_config(Config::ConfiguredImapCertificateChecks, Some("999"))
-            .await?;
-        assert!(ConfiguredLoginParam::load(&t).await.is_ok());
-
-        // Test that we don't panic on unknown ConfiguredImapCertificateChecks values.
-        let wrong_param = expected_param.replace("Strict", "Stricct");
-        assert_ne!(expected_param, wrong_param);
-        t.sql
-            .execute("UPDATE transports SET configured_param=?", (wrong_param,))
-            .await?;
-        assert!(ConfiguredLoginParam::load(&t).await.is_err());
-
-        Ok(())
-    }
-
-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_posteo_alias() -> Result<()> {
-        let t = TestContext::new().await;
-
-        let user = "alice@posteo.de";
-
-        // Alice has old config with "alice@posteo.at" address
-        // and "alice@posteo.de" username.
-        t.set_config(Config::Configured, Some("1")).await?;
-        t.set_config(Config::ConfiguredProvider, Some("posteo"))
-            .await?;
-        t.sql
-            .set_raw_config(Config::ConfiguredAddr.as_ref(), Some("alice@posteo.at"))
-            .await?;
-        t.set_config(Config::ConfiguredMailServer, Some("posteo.de"))
-            .await?;
-        t.set_config(Config::ConfiguredMailPort, Some("993"))
-            .await?;
-        t.set_config(Config::ConfiguredMailSecurity, Some("1"))
-            .await?; // TLS
-        t.set_config(Config::ConfiguredMailUser, Some(user)).await?;
-        t.set_config(Config::ConfiguredMailPw, Some("foobarbaz"))
-            .await?;
-        t.set_config(Config::ConfiguredImapCertificateChecks, Some("1"))
-            .await?; // Strict
-        t.set_config(Config::ConfiguredSendServer, Some("posteo.de"))
-            .await?;
-        t.set_config(Config::ConfiguredSendPort, Some("465"))
-            .await?;
-        t.set_config(Config::ConfiguredSendSecurity, Some("1"))
-            .await?; // TLS
-        t.set_config(Config::ConfiguredSendUser, Some(user)).await?;
-        t.set_config(Config::ConfiguredSendPw, Some("foobarbaz"))
-            .await?;
-        t.set_config(Config::ConfiguredSmtpCertificateChecks, Some("1"))
-            .await?; // Strict
-        t.set_config(Config::ConfiguredServerFlags, Some("0"))
-            .await?;
-
-        let param = ConfiguredLoginParam {
-            addr: "alice@posteo.at".to_string(),
-            imap: vec![
-                ConfiguredServerLoginParam {
-                    connection: ConnectionCandidate {
-                        host: "posteo.de".to_string(),
-                        port: 993,
-                        security: ConnectionSecurity::Tls,
-                    },
-                    user: user.to_string(),
-                },
-                ConfiguredServerLoginParam {
-                    connection: ConnectionCandidate {
-                        host: "posteo.de".to_string(),
-                        port: 143,
-                        security: ConnectionSecurity::Starttls,
-                    },
-                    user: user.to_string(),
-                },
-            ],
-            imap_user: "alice@posteo.de".to_string(),
-            imap_password: "foobarbaz".to_string(),
-            smtp: vec![
-                ConfiguredServerLoginParam {
-                    connection: ConnectionCandidate {
-                        host: "posteo.de".to_string(),
-                        port: 465,
-                        security: ConnectionSecurity::Tls,
-                    },
-                    user: user.to_string(),
-                },
-                ConfiguredServerLoginParam {
-                    connection: ConnectionCandidate {
-                        host: "posteo.de".to_string(),
-                        port: 587,
-                        security: ConnectionSecurity::Starttls,
-                    },
-                    user: user.to_string(),
-                },
-            ],
-            smtp_user: "alice@posteo.de".to_string(),
-            smtp_password: "foobarbaz".to_string(),
-            provider: get_provider_by_id("posteo"),
-            certificate_checks: ConfiguredCertificateChecks::Strict,
-            oauth2: false,
-        };
-
-        let loaded = ConfiguredLoginParam::load_legacy(&t).await?.unwrap();
-        assert_eq!(loaded, param);
-
-        migrate_configured_login_param(&t).await;
-        let (_transport_id, loaded) = ConfiguredLoginParam::load(&t).await?.unwrap();
-        assert_eq!(loaded, param);
-
-        Ok(())
-    }
-
-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_empty_server_list_legacy() -> Result<()> {
-        // Find a provider that does not have server list set.
-        //
-        // There is at least one such provider in the provider database.
-        let (domain, provider) = crate::provider::data::PROVIDER_DATA
-            .iter()
-            .find(|(_domain, provider)| provider.server.is_empty())
-            .unwrap();
-
-        let t = TestContext::new().await;
-
-        let addr = format!("alice@{domain}");
-
-        t.set_config(Config::Configured, Some("1")).await?;
-        t.set_config(Config::ConfiguredProvider, Some(provider.id))
-            .await?;
-        t.sql
-            .set_raw_config(Config::ConfiguredAddr.as_ref(), Some(&addr))
-            .await?;
-        t.set_config(Config::ConfiguredMailPw, Some("foobarbaz"))
-            .await?;
-        t.set_config(Config::ConfiguredImapCertificateChecks, Some("1"))
-            .await?; // Strict
-        t.set_config(Config::ConfiguredSendPw, Some("foobarbaz"))
-            .await?;
-        t.set_config(Config::ConfiguredSmtpCertificateChecks, Some("1"))
-            .await?; // Strict
-        t.set_config(Config::ConfiguredServerFlags, Some("0"))
-            .await?;
-
-        let loaded = ConfiguredLoginParam::load_legacy(&t).await?.unwrap();
-        assert_eq!(loaded.provider, Some(*provider));
-        assert_eq!(loaded.imap.is_empty(), false);
-        assert_eq!(loaded.smtp.is_empty(), false);
-
-        migrate_configured_login_param(&t).await;
-
-        let (_transport_id, loaded) = ConfiguredLoginParam::load(&t).await?.unwrap();
-        assert_eq!(loaded.provider, Some(*provider));
-        assert_eq!(loaded.imap.is_empty(), false);
-        assert_eq!(loaded.smtp.is_empty(), false);
-
-        Ok(())
-    }
-
-    async fn migrate_configured_login_param(t: &TestContext) {
-        t.sql.execute("DROP TABLE transports;", ()).await.unwrap();
-        t.sql.set_raw_config_int("dbversion", 130).await.unwrap();
-        t.sql.run_migrations(t).await.log_err(t).ok();
-    }
-
-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_empty_server_list() -> Result<()> {
-        // Find a provider that does not have server list set.
-        //
-        // There is at least one such provider in the provider database.
-        let (domain, provider) = crate::provider::data::PROVIDER_DATA
-            .iter()
-            .find(|(_domain, provider)| provider.server.is_empty())
-            .unwrap();
-
-        let t = TestContext::new().await;
-
-        let addr = format!("alice@{domain}");
-
-        ConfiguredLoginParam {
-            addr: addr.clone(),
-            imap: vec![ConfiguredServerLoginParam {
-                connection: ConnectionCandidate {
-                    host: "example.org".to_string(),
-                    port: 100,
-                    security: ConnectionSecurity::Tls,
-                },
-                user: addr.clone(),
-            }],
-            imap_user: addr.clone(),
-            imap_password: "foobarbaz".to_string(),
-            smtp: vec![ConfiguredServerLoginParam {
-                connection: ConnectionCandidate {
-                    host: "example.org".to_string(),
-                    port: 100,
-                    security: ConnectionSecurity::Tls,
-                },
-                user: addr.clone(),
-            }],
-            smtp_user: addr.clone(),
-            smtp_password: "foobarbaz".to_string(),
-            provider: Some(provider),
-            certificate_checks: ConfiguredCertificateChecks::Automatic,
-            oauth2: false,
-        }
-        .save_to_transports_table(&t, &EnteredLoginParam::default(), time())
-        .await?;
-
-        let (_transport_id, loaded) = ConfiguredLoginParam::load(&t).await?.unwrap();
-        assert_eq!(loaded.provider, Some(*provider));
-        assert_eq!(loaded.imap.is_empty(), false);
-        assert_eq!(loaded.smtp.is_empty(), false);
-        assert_eq!(t.get_configured_provider().await?, Some(*provider));
-
-        Ok(())
-    }
-}
+mod transport_tests;

src/transport/transport_tests.rs

@@ -0,0 +1,485 @@
+use std::collections::BTreeSet;
+use std::time::Duration;
+
+use crate::tools::SystemTime;
+
+use super::*;
+use crate::log::LogExt as _;
+use crate::provider::get_provider_by_id;
+use crate::test_utils::TestContext;
+use crate::test_utils::TestContextManager;
+use crate::tools::time;
+
+#[test]
+fn test_configured_certificate_checks_display() {
+    use std::string::ToString;
+
+    assert_eq!(
+        "accept_invalid_certificates".to_string(),
+        ConfiguredCertificateChecks::AcceptInvalidCertificates.to_string()
+    );
+}
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_save_load_login_param() -> Result<()> {
+    let t = TestContext::new().await;
+
+    let param = ConfiguredLoginParam {
+        addr: "alice@example.org".to_string(),
+        imap: vec![ConfiguredServerLoginParam {
+            connection: ConnectionCandidate {
+                host: "imap.example.com".to_string(),
+                port: 123,
+                security: ConnectionSecurity::Starttls,
+            },
+            user: "alice".to_string(),
+        }],
+        imap_user: "".to_string(),
+        imap_password: "foo".to_string(),
+        smtp: vec![ConfiguredServerLoginParam {
+            connection: ConnectionCandidate {
+                host: "smtp.example.com".to_string(),
+                port: 456,
+                security: ConnectionSecurity::Tls,
+            },
+            user: "alice@example.org".to_string(),
+        }],
+        smtp_user: "".to_string(),
+        smtp_password: "bar".to_string(),
+        provider: None,
+        certificate_checks: ConfiguredCertificateChecks::Strict,
+        oauth2: false,
+    };
+
+    param
+        .clone()
+        .save_to_transports_table(&t, &EnteredLoginParam::default(), time())
+        .await?;
+    let expected_param = r#"{"addr":"alice@example.org","imap":[{"connection":{"host":"imap.example.com","port":123,"security":"Starttls"},"user":"alice"}],"imap_user":"","imap_password":"foo","smtp":[{"connection":{"host":"smtp.example.com","port":456,"security":"Tls"},"user":"alice@example.org"}],"smtp_user":"","smtp_password":"bar","provider_id":null,"certificate_checks":"Strict","oauth2":false}"#;
+    assert_eq!(
+        t.sql
+            .query_get_value::<String>("SELECT configured_param FROM transports", ())
+            .await?
+            .unwrap(),
+        expected_param
+    );
+    assert_eq!(t.is_configured().await?, true);
+    let (_transport_id, loaded) = ConfiguredLoginParam::load(&t).await?.unwrap();
+    assert_eq!(param, loaded);
+
+    // Legacy ConfiguredImapCertificateChecks config is ignored
+    t.set_config(Config::ConfiguredImapCertificateChecks, Some("999"))
+        .await?;
+    assert!(ConfiguredLoginParam::load(&t).await.is_ok());
+
+    // Test that we don't panic on unknown ConfiguredImapCertificateChecks values.
+    let wrong_param = expected_param.replace("Strict", "Stricct");
+    assert_ne!(expected_param, wrong_param);
+    t.sql
+        .execute("UPDATE transports SET configured_param=?", (wrong_param,))
+        .await?;
+    assert!(ConfiguredLoginParam::load(&t).await.is_err());
+
+    Ok(())
+}
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_posteo_alias() -> Result<()> {
+    let t = TestContext::new().await;
+
+    let user = "alice@posteo.de";
+
+    // Alice has old config with "alice@posteo.at" address
+    // and "alice@posteo.de" username.
+    t.set_config(Config::Configured, Some("1")).await?;
+    t.set_config(Config::ConfiguredProvider, Some("posteo"))
+        .await?;
+    t.sql
+        .set_raw_config(Config::ConfiguredAddr.as_ref(), Some("alice@posteo.at"))
+        .await?;
+    t.set_config(Config::ConfiguredMailServer, Some("posteo.de"))
+        .await?;
+    t.set_config(Config::ConfiguredMailPort, Some("993"))
+        .await?;
+    t.set_config(Config::ConfiguredMailSecurity, Some("1"))
+        .await?; // TLS
+    t.set_config(Config::ConfiguredMailUser, Some(user)).await?;
+    t.set_config(Config::ConfiguredMailPw, Some("foobarbaz"))
+        .await?;
+    t.set_config(Config::ConfiguredImapCertificateChecks, Some("1"))
+        .await?; // Strict
+    t.set_config(Config::ConfiguredSendServer, Some("posteo.de"))
+        .await?;
+    t.set_config(Config::ConfiguredSendPort, Some("465"))
+        .await?;
+    t.set_config(Config::ConfiguredSendSecurity, Some("1"))
+        .await?; // TLS
+    t.set_config(Config::ConfiguredSendUser, Some(user)).await?;
+    t.set_config(Config::ConfiguredSendPw, Some("foobarbaz"))
+        .await?;
+    t.set_config(Config::ConfiguredSmtpCertificateChecks, Some("1"))
+        .await?; // Strict
+    t.set_config(Config::ConfiguredServerFlags, Some("0"))
+        .await?;
+
+    let param = ConfiguredLoginParam {
+        addr: "alice@posteo.at".to_string(),
+        imap: vec![
+            ConfiguredServerLoginParam {
+                connection: ConnectionCandidate {
+                    host: "posteo.de".to_string(),
+                    port: 993,
+                    security: ConnectionSecurity::Tls,
+                },
+                user: user.to_string(),
+            },
+            ConfiguredServerLoginParam {
+                connection: ConnectionCandidate {
+                    host: "posteo.de".to_string(),
+                    port: 143,
+                    security: ConnectionSecurity::Starttls,
+                },
+                user: user.to_string(),
+            },
+        ],
+        imap_user: "alice@posteo.de".to_string(),
+        imap_password: "foobarbaz".to_string(),
+        smtp: vec![
+            ConfiguredServerLoginParam {
+                connection: ConnectionCandidate {
+                    host: "posteo.de".to_string(),
+                    port: 465,
+                    security: ConnectionSecurity::Tls,
+                },
+                user: user.to_string(),
+            },
+            ConfiguredServerLoginParam {
+                connection: ConnectionCandidate {
+                    host: "posteo.de".to_string(),
+                    port: 587,
+                    security: ConnectionSecurity::Starttls,
+                },
+                user: user.to_string(),
+            },
+        ],
+        smtp_user: "alice@posteo.de".to_string(),
+        smtp_password: "foobarbaz".to_string(),
+        provider: get_provider_by_id("posteo"),
+        certificate_checks: ConfiguredCertificateChecks::Strict,
+        oauth2: false,
+    };
+
+    let loaded = ConfiguredLoginParam::load_legacy(&t).await?.unwrap();
+    assert_eq!(loaded, param);
+
+    migrate_configured_login_param(&t).await;
+    let (_transport_id, loaded) = ConfiguredLoginParam::load(&t).await?.unwrap();
+    assert_eq!(loaded, param);
+
+    Ok(())
+}
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_empty_server_list_legacy() -> Result<()> {
+    // Find a provider that does not have server list set.
+    //
+    // There is at least one such provider in the provider database.
+    let (domain, provider) = crate::provider::data::PROVIDER_DATA
+        .iter()
+        .find(|(_domain, provider)| provider.server.is_empty())
+        .unwrap();
+
+    let t = TestContext::new().await;
+
+    let addr = format!("alice@{domain}");
+
+    t.set_config(Config::Configured, Some("1")).await?;
+    t.set_config(Config::ConfiguredProvider, Some(provider.id))
+        .await?;
+    t.sql
+        .set_raw_config(Config::ConfiguredAddr.as_ref(), Some(&addr))
+        .await?;
+    t.set_config(Config::ConfiguredMailPw, Some("foobarbaz"))
+        .await?;
+    t.set_config(Config::ConfiguredImapCertificateChecks, Some("1"))
+        .await?; // Strict
+    t.set_config(Config::ConfiguredSendPw, Some("foobarbaz"))
+        .await?;
+    t.set_config(Config::ConfiguredSmtpCertificateChecks, Some("1"))
+        .await?; // Strict
+    t.set_config(Config::ConfiguredServerFlags, Some("0"))
+        .await?;
+
+    let loaded = ConfiguredLoginParam::load_legacy(&t).await?.unwrap();
+    assert_eq!(loaded.provider, Some(*provider));
+    assert_eq!(loaded.imap.is_empty(), false);
+    assert_eq!(loaded.smtp.is_empty(), false);
+
+    migrate_configured_login_param(&t).await;
+
+    let (_transport_id, loaded) = ConfiguredLoginParam::load(&t).await?.unwrap();
+    assert_eq!(loaded.provider, Some(*provider));
+    assert_eq!(loaded.imap.is_empty(), false);
+    assert_eq!(loaded.smtp.is_empty(), false);
+
+    Ok(())
+}
+
+async fn migrate_configured_login_param(t: &TestContext) {
+    t.sql.execute("DROP TABLE transports;", ()).await.unwrap();
+    t.sql.set_raw_config_int("dbversion", 130).await.unwrap();
+    t.sql.run_migrations(t).await.log_err(t).ok();
+}
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_empty_server_list() -> Result<()> {
+    // Find a provider that does not have server list set.
+    //
+    // There is at least one such provider in the provider database.
+    let (domain, provider) = crate::provider::data::PROVIDER_DATA
+        .iter()
+        .find(|(_domain, provider)| provider.server.is_empty())
+        .unwrap();
+
+    let t = TestContext::new().await;
+
+    let addr = format!("alice@{domain}");
+
+    dummy_configured_login_param(&addr, Some(provider))
+        .save_to_transports_table(&t, &EnteredLoginParam::default(), time())
+        .await?;
+
+    let (_transport_id, loaded) = ConfiguredLoginParam::load(&t).await?.unwrap();
+    assert_eq!(loaded.provider, Some(*provider));
+    assert_eq!(loaded.imap.is_empty(), false);
+    assert_eq!(loaded.smtp.is_empty(), false);
+    assert_eq!(t.get_configured_provider().await?, Some(*provider));
+
+    Ok(())
+}
+
+fn dummy_configured_login_param(
+    addr: &str,
+    provider: Option<&'static Provider>,
+) -> ConfiguredLoginParam {
+    ConfiguredLoginParam {
+        addr: addr.to_string(),
+        imap: vec![ConfiguredServerLoginParam {
+            connection: ConnectionCandidate {
+                host: "example.org".to_string(),
+                port: 100,
+                security: ConnectionSecurity::Tls,
+            },
+            user: addr.to_string(),
+        }],
+        imap_user: addr.to_string(),
+        imap_password: "foobarbaz".to_string(),
+        smtp: vec![ConfiguredServerLoginParam {
+            connection: ConnectionCandidate {
+                host: "example.org".to_string(),
+                port: 100,
+                security: ConnectionSecurity::Tls,
+            },
+            user: addr.to_string(),
+        }],
+        smtp_user: addr.to_string(),
+        smtp_password: "foobarbaz".to_string(),
+        provider,
+        certificate_checks: ConfiguredCertificateChecks::Automatic,
+        oauth2: false,
+    }
+}
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_is_published_flag() -> Result<()> {
+    let mut tcm = TestContextManager::new();
+    let alice = &tcm.alice().await;
+    let alice2 = &tcm.alice().await;
+    for a in [alice, alice2] {
+        a.set_config_bool(Config::SyncMsgs, true).await?;
+        a.set_config_bool(Config::BccSelf, true).await?;
+    }
+    let bob = &tcm.bob().await;
+
+    check_addrs(
+        alice,
+        alice2,
+        bob,
+        Addresses {
+            primary: "alice@example.org",
+            secondary_published: &[],
+            secondary_unpublished: &[],
+        },
+    )
+    .await;
+
+    dummy_configured_login_param("alice@otherprovider.com", None)
+        .save_to_transports_table(
+            alice,
+            &EnteredLoginParam {
+                addr: "alice@otherprovider.com".to_string(),
+                ..Default::default()
+            },
+            time(),
+        )
+        .await?;
+    send_sync_transports(alice).await?;
+    sync_and_check_recipients(alice, alice2, "alice@otherprovider.com alice@example.org").await;
+
+    check_addrs(
+        alice,
+        alice2,
+        bob,
+        Addresses {
+            primary: "alice@example.org",
+            secondary_published: &["alice@otherprovider.com"],
+            secondary_unpublished: &[],
+        },
+    )
+    .await;
+
+    assert_eq!(
+        alice
+            .set_transport_unpublished("alice@example.org", true)
+            .await
+            .unwrap_err()
+            .to_string(),
+        "Can't set primary relay as unpublished"
+    );
+
+    // Make sure that the newly generated key has a newer timestamp,
+    // so that it is recognized by Bob:
+    SystemTime::shift(Duration::from_secs(2));
+
+    alice
+        .set_transport_unpublished("alice@otherprovider.com", true)
+        .await?;
+    sync_and_check_recipients(alice, alice2, "alice@example.org").await;
+
+    check_addrs(
+        alice,
+        alice2,
+        bob,
+        Addresses {
+            primary: "alice@example.org",
+            secondary_published: &[],
+            secondary_unpublished: &["alice@otherprovider.com"],
+        },
+    )
+    .await;
+
+    SystemTime::shift(Duration::from_secs(2));
+
+    alice
+        .set_config(Config::ConfiguredAddr, Some("alice@otherprovider.com"))
+        .await?;
+    sync_and_check_recipients(alice, alice2, "alice@example.org alice@otherprovider.com").await;
+
+    check_addrs(
+        alice,
+        alice2,
+        bob,
+        Addresses {
+            primary: "alice@otherprovider.com",
+            secondary_published: &["alice@example.org"],
+            secondary_unpublished: &[],
+        },
+    )
+    .await;
+
+    Ok(())
+}
+
+struct Addresses {
+    primary: &'static str,
+    secondary_published: &'static [&'static str],
+    secondary_unpublished: &'static [&'static str],
+}
+
+async fn check_addrs(
+    alice: &TestContext,
+    alice2: &TestContext,
+    bob: &TestContext,
+    addresses: Addresses,
+) {
+    fn assert_eq(left: Vec<String>, right: Vec<&'static str>) {
+        assert_eq!(
+            left.iter().map(|s| s.as_str()).collect::<BTreeSet<_>>(),
+            right.into_iter().collect::<BTreeSet<_>>(),
+        )
+    }
+
+    let published_self_addrs = concat(&[addresses.secondary_published, &[addresses.primary]]);
+    for a in [alice2, alice] {
+        assert_eq(
+            a.get_all_self_addrs().await.unwrap(),
+            concat(&[
+                addresses.secondary_published,
+                addresses.secondary_unpublished,
+                &[addresses.primary],
+            ]),
+        );
+        assert_eq(
+            a.get_published_self_addrs().await.unwrap(),
+            published_self_addrs.clone(),
+        );
+        assert_eq(
+            a.get_secondary_self_addrs().await.unwrap(),
+            concat(&[
+                addresses.secondary_published,
+                addresses.secondary_unpublished,
+            ]),
+        );
+        assert_eq(
+            a.get_published_secondary_self_addrs().await.unwrap(),
+            concat(&[addresses.secondary_published]),
+        );
+        for transport in a.list_transports().await.unwrap() {
+            if addresses.primary == transport.param.addr
+                || addresses
+                    .secondary_published
+                    .contains(&transport.param.addr.as_str())
+            {
+                assert_eq!(transport.is_unpublished, false);
+            } else if addresses
+                .secondary_unpublished
+                .contains(&transport.param.addr.as_str())
+            {
+                assert_eq!(transport.is_unpublished, true);
+            } else {
+                panic!("Unexpected transport {transport:?}");
+            }
+        }
+
+        let alice_bob_chat_id = a.create_chat_id(bob).await;
+        let sent = a.send_text(alice_bob_chat_id, "hi").await;
+        assert_eq!(
+            sent.recipients,
+            format!("bob@example.net {}", published_self_addrs.join(" ")),
+            "{} is sending to the wrong set of recipients",
+            a.name()
+        );
+        let bob_alice_chat_id = bob.recv_msg(&sent).await.chat_id;
+        bob_alice_chat_id.accept(bob).await.unwrap();
+        let answer = bob.send_text(bob_alice_chat_id, "hi back").await;
+        assert_eq(
+            answer.recipients.split(' ').map(Into::into).collect(),
+            concat(&[&published_self_addrs, &["bob@example.net"]]),
+        );
+    }
+}
+
+fn concat(slices: &[&[&'static str]]) -> Vec<&'static str> {
+    let mut res = vec![];
+    for s in slices {
+        res.extend(*s);
+    }
+    res
+}
+
+pub async fn sync_and_check_recipients(from: &TestContext, to: &TestContext, recipients: &str) {
+    from.send_sync_msg().await.unwrap();
+    let sync_msg = from.pop_sent_msg().await;
+    assert_eq!(sync_msg.recipients, recipients);
+    to.recv_msg_trash(&sync_msg).await;
+}

standards.md

@@ -5,7 +5,7 @@ Some of the standards chatmail is based on:
 Tasks                            | Standards
 -------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 Transport                        | IMAP v4 ([RFC 3501][]), SMTP ([RFC 5321][]) and Internet Message Format (IMF, [RFC 5322][])
-Proxy                            | SOCKS5 ([RFC 1928][])
+Proxy                            | SOCKS5 ([RFC 1928][]), [Shadowsocks](https://github.com/Shadowsocks-NET/shadowsocks-specs)
 Embedded media                   | MIME Document Series ([RFC 2045][], [RFC 2046][]), Content-Disposition Header ([RFC 2183][]), Multipart/Related ([RFC 2387][])
 Text and Quote encoding          | Fixed, Flowed ([RFC 3676][])
 Reactions                        | Reaction: Indicating Summary Reaction to a Message ([RFC 9078][])

test-data/message/AutocryptSetupMessage.eml

@@ -1,77 +0,0 @@
-Return-Path: <alice@example.org>
-Delivered-To: alice@example.org
-Received: from hq5.merlinux.eu
-	by hq5.merlinux.eu with LMTP
-	id gNKpOrrTvF+tVAAAPzvFDg
-	(envelope-from <alice@example.org>)
-	for <alice@example.org>; Tue, 24 Nov 2020 10:34:50 +0100
-Subject: Autocrypt Setup Message
-DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=testrun.org;
-	s=testrun; t=1606210490;
-	bh=MXqLqHFK1xC48pxx2TS1GUdxKSi4tdejRRSV4EAN5Tc=;
-	h=Subject:Date:To:From:From;
-	b=DRajftyu+Ycfhaxy0jXAIKCihQRMI0rxbo9+EBu6y5jhtZx13emW3odgZnvyhU6uD
-	 IKfMXaqlmc/2HNV1/mloJVIRsIp5ORncSPX9tLykNApJVyPHg3NKdMo3Ib4NGIJ1Qo
-	 binmLtL5qqL3bYCL68WUgieH1rcgCaf9cwck9GvwZ79pexGuWz4ItgtNWqYfapG8Zc
-	 9eD5maiTMNkV7UwgtOzhbBd39uKgKCoGdLAq63hoJF6dhdBBRVRyRMusAooGUZMgwm
-	 QVuTZ76z9G8w3rDgZuHmoiICWsLsar4CDl4zAgicE6bHwtw3a7YuMiHoCtceq0RjQP
-	 BHVaXT7B75BoA==
-MIME-Version: 1.0
-Date: Tue, 24 Nov 2020 09:34:48 +0000
-Chat-Version: 1.0
-Autocrypt-Setup-Message: v1
-Message-ID: <abc@example.com>
-To: <alice@example.org>
-From:  <alice@example.org>
-Content-Type: multipart/mixed; boundary="dKhu3bbmBniQsT8W8w58YRCCiBK2YY"
-
-
---dKhu3bbmBniQsT8W8w58YRCCiBK2YY
-Content-Type: text/plain; charset=utf-8; format=flowed; delsp=no
-
-This is the Autocrypt Setup Message used to transfer your end-to-end setup 
-between clients.
-
-To decrypt and use your setup, open the message in an Autocrypt-compliant 
-client and enter the setup code presented on the generating device.
-
--- 
-Sent with my Delta Chat Messenger: https://delta.chat
-
---dKhu3bbmBniQsT8W8w58YRCCiBK2YY
-Content-Type: application/autocrypt-setup
-Content-Disposition: attachment; filename="autocrypt-setup-message.html"
-Content-Transfer-Encoding: base64
-
-PCFET0NUWVBFIGh0bWw+DQo8aHRtbD4NCiAgPGhlYWQ+DQogICAgPHRpdGxlPkF1dG9jcnlwdCBTZX
-R1cCBNZXNzYWdlPC90aXRsZT4NCiAgPC9oZWFkPg0KICA8Ym9keT4NCiAgICA8aDE+QXV0b2NyeXB0
-IFNldHVwIE1lc3NhZ2U8L2gxPg0KICAgIDxwPlRoaXMgaXMgdGhlIEF1dG9jcnlwdCBTZXR1cCBNZX
-NzYWdlIHVzZWQgdG8gdHJhbnNmZXIgeW91ciBlbmQtdG8tZW5kIHNldHVwIGJldHdlZW4gY2xpZW50
-cy48YnI+PGJyPlRvIGRlY3J5cHQgYW5kIHVzZSB5b3VyIHNldHVwLCBvcGVuIHRoZSBtZXNzYWdlIG
-luIGFuIEF1dG9jcnlwdC1jb21wbGlhbnQgY2xpZW50IGFuZCBlbnRlciB0aGUgc2V0dXAgY29kZSBw
-cmVzZW50ZWQgb24gdGhlIGdlbmVyYXRpbmcgZGV2aWNlLjwvcD4NCiAgICA8cHJlPg0KLS0tLS1CRU
-dJTiBQR1AgTUVTU0FHRS0tLS0tDQpQYXNzcGhyYXNlLUZvcm1hdDogbnVtZXJpYzl4NA0KUGFzc3Bo
-cmFzZS1CZWdpbjogNjIKCnd4NEVCd01JWEUzNCs4RGhtSC9nRDNNY21JTjhCSUorbmhpbDMrOFE3bF
-hTd21JQnhDSnhBU2VhQUJlTGdFOTIKTi9WaER5MHlrUHFBQkp0S0xvSG9pQmxTQWZJajFRemdPeVlV
-Wjl3czRtSng5OVREUE1lSnNmNHJaemJhUHZFSApQcEIrTTgyTjVhUitvV0dTcWRtUUZNQUplNWNtWX
-hwM3p4eE5aTEc2cXVnRzUzOFNxNUV1TzBDSGduaXlFeEwyCkJya2hFOWVFVE1oSkNRQ3dCZDc5alhN
-U2Mwcm5xYjFHbS9Kd21jbXFqVFNHMlBLTWNNcFlaV1QwQkNMaDE2TmwKTkNNbmRQWGt2cTlHd1crNX
-pEMHc4cElyOERNRHk1SWVBcG83amNZR1U5UWNUR1lMWmltR2QxK1RYYlgvdGxqRQplMnNZd0hZeU5D
-R1N5bHVsYi9XYnNkS2FrYXVodHJ6cUVHOXNYSkJkMnF5ZjNJajRULzdCd1pJVk42OXF1T21sCnlmMm
-9PTmtYY1pCcFBJUE9ZQzdhMnJ5aFh0Q0NhbWhIVEw0czdzclg2NzJXMTVXS3VqNGVBK25URlNocFBC
-cXoKb05EY3QzbG95V0hNSUluSzRha1VJeTFZak42TDFSbGwwRVhudlVQS0lkT0FpY0swbFBPaDVUZU
-t6ZFMvTklyMQpQc2x6c2RyWTRZd0diMWNTdk95OXJQRFpaS3Y4d0dzbFczcFpFOCs3NnJWckllbkNY
-dTdvOUZ6OFhQcVlxTGRrCkpCZGRHUGZnY0l6Um5nZjZqb0lmT0RsU2NiajR0VlgyK3htVVN5RlVhSD
-RQcDFzZDgwVjhDN2xhREJ2WTc0TlAKQW9ydEVhL2xGbzQzcHNOdlhrc0JUUEVRNHFoTVZneVdQWW9V
-ZGV2aUFZOGVDMmJjT0dMSFVURk5zaHZCaDFGRgozVGpIZEVRVk5zZVlqaWtZRWtkUU9Mb3B5VWdqbj
-lSTUJnV2xIZTNKL1VRcmtFUkNYWi9BSVRXeGdYdmE0NHBPCkkzUHllcnF2T1lpVlJLam9JSTVIZGU4
-UFdkTnZwb2J5ZCsrTHlqN3Jxd0kyNFRwbVRwYWtIZ1RJNEJvYWtLSUcKWm1JWDhsQm4xMnQ5dlcvcD
-lrbDluYWluS3Z1VFBoTk4xZmkrTE1YYTRDK1hqRXVPUnQwMFMzc01MdVo3RnBPaQprcXdGWk12RUtw
-bHA3dmRLSnJNbmVzZ2dKLzBLeWc1RTJ4dVd2VFdkZUFBOE1saEJqSGlsK3JVK0dSZzdaTmxsCkxUej
-RKeGpWUVl5TGpFbkhqdGU4bUVnZlNIZEE3ZDErVnV1RTZSZjlYMzRPeXhkL3NocllJSU8xY3FVdnQw
-V3MKNGIwQURIN0lkbjkveTdDRjVrbWFONkMyQURBRkhFRzNIRWFZaDVNNmIwVzVJSW55WkhUQ0QxdC
-tmUFdQYndxUQo0TzFRMEROZ01QT1FCRVJ0ODNXR3g5YW5GQU9YCj05dTUrCi0tLS0tRU5EIFBHUCBN
-RVNTQUdFLS0tLS0KDQo8L3ByZT4NCiAgPC9ib2R5Pg0KPC9odG1sPg0K
-
---dKhu3bbmBniQsT8W8w58YRCCiBK2YY--
-

test-data/message/alice_to_bob_no_intended_recipient_fingerprint.eml

@@ -0,0 +1,66 @@
+Content-Type: multipart/encrypted; protocol="application/pgp-encrypted";
+	boundary="189f5bdd65baabe1_1081b3a339e9a68e_ec024374690079d2"
+MIME-Version: 1.0
+From: <alice@example.org>
+To: "hidden-recipients": ;
+Subject: [...]
+Date: Wed, 18 Mar 2026 14:03:13 +0000
+Message-ID: <4bc40798-0029-42ef-b34a-77866db439a5@localhost>
+Chat-Version: 1.0
+
+
+--189f5bdd65baabe1_1081b3a339e9a68e_ec024374690079d2
+Content-Type: application/pgp-encrypted; charset="utf-8"
+Content-Description: PGP/MIME version identification
+Content-Transfer-Encoding: 7bit
+
+Version: 1
+
+--189f5bdd65baabe1_1081b3a339e9a68e_ec024374690079d2
+Content-Type: application/octet-stream; name="encrypted.asc";
+	charset="utf-8"
+Content-Description: OpenPGP encrypted message
+Content-Disposition: inline; filename="encrypted.asc";
+Content-Transfer-Encoding: 7bit
+
+-----BEGIN PGP MESSAGE-----
+
+wU4DAAAAAAAAAAASAQdA297achK/ltriEs4OZi2IH+z7qzCFohr/zIzQP56gAlUg
+M+1o/VqAjq/vo1iWluO+q7OkQZ71F3svvCb8I8bEtijBwEwDAAAAAAAAAAABB/9z
+ZkrDMm+3gb6VeDe3QV5yLp8GcFHtOqPaIR2FsElDR1TmMJdCnQhZ7TvzYbeGbZ3M
+sqjYHtZLGLfrBiFwaygOFJRpS9mvtyb0q/PB2GteLWysJaBy3nZtk9ZmYPs2vqlw
+eVldQsNFkgAKVG6kaGTElXGGfraETvlCIyK2dglHXQJKmFEMno5OaFk/E7RP04CH
+hsnuDlTrKeppzgjmp6NFtV9vOkb5cCrK5L1Qo7BQgAFxEw5BgPBryxt2VkMdKMMZ
+BscDYnrrqFk8JLzlqrFxPvMWuwwyL0rVjau2rDuGMFEZQWfWkaJ2nPhicc4lpg4s
+qaRwFcbdtZ0jEqHBuHAS0sQmAWStScwsUHghlsk+93sRsRxP1+dqj3+kSC4Gzz79
++ZSeStvk0Aa2khwmeFYNIzJIQUQpfwRDm7tnghnMjy7jDpn08yOpy3V1LR2PNGSz
+KtT7Q9F7rwNn2j/xs1hRAtp9n37fnlLZXyDQvOtsucKtYUiYydkWRfQdcVYem2Rt
+K7iT2kkgHbkbNP8Mk53VzF1sIE/0rnjtoDOTBQ/GAG7I9xxBjJ8bNoF0250E0cFL
+iHvsQRkIbLRip0qYuygsJ1zQgN4xkHYIY71iiiYUroK8PKDbAgyE/jz0kvfXqOdy
+6zjr+HIYb7jD2e7zNiI9pcHr3Or1mgZj5cJUktus2Kpnbz7lBhUMh2hBLCwaVUNv
+Pi0CIc+GMuwuLUOfvrT13E3gzY3a9NMQYORIrfE/I+4sy6urVWQkZarJol0xEJww
+BtKDyOJjdYSK59pT30wKLz0jy1G+XJ4yfqjf9kJlUwwHvWKpj0u8bAa0VrFlCjA2
+sLOgkKCYPHvaImGG0z4wrn4kbBtaiVcTGCF3fPOafkYqdKR9TaN3FBOiUz80ezli
+FLiyaH1/+VvzOmVHj8QWTViwkkO6Psvh/6m3eShqp2xekc82yWPer80xgIGipOxm
+wTeIwBb6x8nB5PuQloJF9rj6O7kYqw4R8bMRS8hs0DxuVACTYxpnDMPsQ65kFAmk
+6Qqzj5xpRGF10IOlMWtVYJIVvTKgnHwDvuWwLEEdgfGv0Edek3+VXIRAhySVJM01
+HJQ1cAHPUdQnksFr5cx5fZfTEdLsQ8onZDtwStptw38NVm3DxQiT0HYyjiilBzOU
+xFN8+Mm1hCYF69DdSD3xBK4fLHQ2DdKwHIdz1UxI5KyBBVek4rfhJsx2jGKoz68o
+l2ziNXgijwDlpZTqwxz+xHQWvw1L+GvP2HRfXVxLwJ61kZzKpEq8L01ZZlg+KI7C
+JQFHbdJOA2NRXZ1WoagJObPuGqLsRqHnZ3oDtpqJ1LvOp5KAvlq138+lkKPXo66s
+NPyExfm2+hjdKI6WqLNqa7sDBEsxqFkvfC84VhrKEvXn7oqmgtWBjmBcHA1O7haC
+xspncUcyLiksOeVdwJLRnCyZDtVB9VtXaeyJT6v2sCCU7gWaoMXFwX/68oKPkz6S
+xjWPkXPsBCBdXMS2ovINBwzhWeU9utluCLgk0g1rgAwZgPNhwpAZr9D74BSHohjD
+EYWGmBdz86ly6DB7UwYYheSzTwWSOb5qYuPfo1MxEVzrAgal5795zYAIv/dcofmc
+ahZ5JPXZgtywqMTAliKV24ENFZWSylE125zICX0vIKEr7zOowbENKBMoXFRqTMCh
+D8tdFdSlSLxMH2Enc3ndC4i5G7W/hZhFT7Lnpab9vWj2suVAvjrgOUCHPzXNY9Un
+RLCN4YfQelE9RAbaFYRVIE5XQUZJYMAf8kJvO3pWZ232a1m2Jp1GhfVo+/T/Y9qM
+3yxv8+rU62B0Eta8OBtcPweE/4X+vwV6GEMCGI4rhcaTohvXFp/XgOqAkXS3weaZ
+QwnmZQ66GsnjBlSbJsTmE3TgqzUrEFsVOOZ0Hc1elyZ6XvYdBR8XgDgaMkzu5M1r
+0JVJN5eMassObqhvZBa3uHlUEvoT2ufA3ue5iRapWqkfAafOzmrDLEH/OBkjff4F
+VEJ9Mqz+YT5A4e+3inYfrmfVdNHNmF4y
+=2p4+
+-----END PGP MESSAGE-----
+
+
+--189f5bdd65baabe1_1081b3a339e9a68e_ec024374690079d2--

test-data/message/k-9-autocrypt-setup-message.eml

@@ -1,65 +0,0 @@
-Return-Path: <autocrypt@nine.testrun.org>
-Delivered-To: autocrypt@nine.testrun.org
-Received: from nine.testrun.org
-	by nine with LMTP
-	id wNinAKX2J2YWDwEAPdT8mA
-	(envelope-from <autocrypt@nine.testrun.org>)
-	for <autocrypt@nine.testrun.org>; Tue, 23 Apr 2024 19:57:57 +0200
-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nine.testrun.org;
-	s=opendkim; t=1713895076;
-	bh=yuHuHSbYX5hE/xr8aU2fy/SlqfTL7XjfV2m1eEePTz4=;
-	h=Subject:Date:From:To:From;
-	b=ZbVNpJ8zjHmgrCqiRnqzENcR/PwR/G182hL18U5bp5CZmkyWcuhQU0EkhkJpCCv1n
-	 8bZ9WlOT0cmzBHpWU43t7HufuUM56NwwuVqEuz2agpVzQV8zKIPhthrBzbYIeR4Prg
-	 1DgwWr8EhotoV6yPgzxi9sMyO3l4spJeaREisB5MPOIdKeIxtRPLR+Woo5hQWNTFoh
-	 ZQtCcY7w5vxXGhBMVPXOjbrrzOCsE5gGB5QYSAR8Bv3ZdJn/mHvIRCEJG5hJGSxXjQ
-	 fD0UGJ5m5RVrF0tWnZ7U5tpoRD/UVV1+Us9Woq733R97ZchpoE4hNpMG9zYW90z4QU
-	 kBajbsH81Nm0A==
-MIME-Version: 1.0
-Content-Type: multipart/mixed;
- boundary=----X2OJUZLGILKJEHMTO29ZMST9701ZDH
-Content-Transfer-Encoding: 7bit
-Subject: Autocrypt Setup Message
-Autocrypt-Setup-Message: v1
-Date: Tue, 23 Apr 2024 19:57:57 +0200
-From: autocrypt@nine.testrun.org
-To: autocrypt@nine.testrun.org
-Message-Id: <20240423175756.F19EB17C214A@nine.testrun.org>
-
-------X2OJUZLGILKJEHMTO29ZMST9701ZDH
-Content-Type: text/plain;
- charset=utf-8
-Content-Transfer-Encoding: quoted-printable
-
-This message contains all information to transfer your Autocrypt settings a=
-long with your secret key securely from your original device=2E To set up y=
-our new device for Autocrypt, please follow the instructions that should be=
- presented by your new device=2E You can keep this message and use it as a =
-backup for your secret key=2E If you want to do this, you should write down=
- the password and store it securely=2E
-------X2OJUZLGILKJEHMTO29ZMST9701ZDH
-Content-Transfer-Encoding: 7bit
-Content-Type: application/autocrypt-setup
-Content-Disposition: attachment; filename="autocrypt-setup-message"
-
------BEGIN PGP MESSAGE-----
-Passphrase-Format: numeric9x4
-Passphrase-Begin: 06
-
-ww0ECQMCAhlJ+TRwb2Fg0sGXAUc+92rmg4k57Sd4D3O/SPQNzShbVdlKsoFzyH+B
-YhimOr/8C5ZHyg/WjRGlk4pD+t57WfVdE7LYnv8qsK86h2kffZAGlj+B9Lh9+qbV
-KgJLpHUKg7ZGa/9aMq7KuFoNSNTbcHtzJ/Ml9GVe+opimER87mpFCjmaEHCcCp0a
-ZeS5VU8gTV7AKuPW40BBipyEmKpUvE/ZWfz3KSI4RZyIwM8v8kXBMojT4WLqWm93
-JoEKUyeh+3JKMvsfyRbmHXrHprG9f2e8PLvNkAiie68YJniFnwA8nmNSnPv9S9rf
-7oUHtnTDKJ4FIpmfPgj1v/KIWWW9KaZWHi7K5mFUCTb4pBoCRIGaFh+JzbSlNL9i
-fz7HIiN95bFJ4xXXL4gcU9wO5//npkVDUncaeHhUy1VBLu0NFYvze+s+eAIesqec
-X3x++U9d+Slbpa1G2Z5Knj50mBY+k9aNwVMZGu50hzhPvdwesqmbr+GTSh0O1bxI
-gw/cDq5s58Ewze3WvYaLxJz/RcwOCGSV8k21FM4WTnEahs4yfLbzNuusYvvciU6l
-w0eZC+vEmh+bINSSRX/mcvkQcIkkCsqvfWyxdSNIBCwmR86oalWnxZniBLbbbZHD
-0KAsv0w7t00Y715gyyFWyiEiT5Lyl4TA+cUIHKmmpKOaVubz50UD1z5rqT7joJ7G
-KRmWtQW8MScgcmK7+tyavLQOxwe8i8i9JkUy+d9jhj17XZil/If26Q3V3epqCXq3
-FdvEvvNGJF0DyJ4YAe9QMBumf22sMmX/XVock9/k0pB46mciMhPL3VA=
-=LYx9
------END PGP MESSAGE-----
-
-------X2OJUZLGILKJEHMTO29ZMST9701ZDH--