fix: explicitly close the database on account removal

debug: remove try_many_times
Attempt to reproduce <https://github.com/deltachat/deltachat-core-rust/issues/5809> in CI.
2026-04-05 06:52:10 +03:00 · 2024-07-29 22:42:39 +00:00 · 2024-07-29 20:34:22 +00:00
69 changed files with 1219 additions and 1767 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -7,10 +7,3 @@ updates:
    commit-message:
      prefix: "chore(cargo)"
    open-pull-requests-limit: 50
-
-  # Keep GitHub Actions up to date.
-  # <https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot>
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "weekly"
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -24,7 +24,7 @@ jobs:
    name: Lint Rust
    runs-on: ubuntu-latest
    env:
-      RUSTUP_TOOLCHAIN: 1.80.1
+      RUSTUP_TOOLCHAIN: 1.80.0
    steps:
      - uses: actions/checkout@v4
        with:
@@ -59,7 +59,7 @@ jobs:
      - uses: actions/checkout@v4
        with:
          show-progress: false
-      - uses: EmbarkStudios/cargo-deny-action@v2
+      - uses: EmbarkStudios/cargo-deny-action@v1
        with:
          arguments: --all-features --workspace
          command: check
@@ -95,11 +95,11 @@ jobs:
      matrix:
        include:
          - os: ubuntu-latest
-            rust: 1.80.1
+            rust: 1.80.0
          - os: windows-latest
-            rust: 1.80.1
+            rust: 1.80.0
          - os: macos-latest
-            rust: 1.80.1
+            rust: 1.80.0

          # Minimum Supported Rust Version = 1.77.0
          - os: ubuntu-latest
--- a/.github/workflows/dependabot.yml
+++ b/.github/workflows/dependabot.yml
@@ -14,7 +14,7 @@ jobs:
    steps:
      - name: Dependabot metadata
        id: metadata
-        uses: dependabot/fetch-metadata@v2.2.0
+        uses: dependabot/fetch-metadata@v1.1.1
        with:
          github-token: "${{ secrets.GITHUB_TOKEN }}"
      - name: Approve a PR
--- a/.github/workflows/node-docs.yml
+++ b/.github/workflows/node-docs.yml
@@ -31,7 +31,7 @@ jobs:
          mv docs js

      - name: Upload
-        uses: horochx/deploy-via-scp@1.1.0
+        uses: horochx/deploy-via-scp@v1.0.1
        with:
          user: ${{ secrets.USERNAME }}
          key: ${{ secrets.KEY }}
--- a/.github/workflows/upload-docs.yml
+++ b/.github/workflows/upload-docs.yml
@@ -74,7 +74,7 @@ jobs:
          show-progress: false
          fetch-depth: 0 # Fetch history to calculate VCS version number.
      - name: Use Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v2
        with:
          node-version: '18'
      - name: npm install
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,153 +1,5 @@
 # Changelog

-## [1.142.6] - 2024-08-15
-
-### Fixes
-
- Default to strict TLS checks if not configured.
-
-### Miscellaneous Tasks
-
- deltachat-rpc-client: Fix ruff 0.6.0 warnings.
-
-## [1.142.5] - 2024-08-14
-
-### Fixes
-
- Still try to create "INBOX.DeltaChat" if couldn't create "DeltaChat" ([#5870](https://github.com/deltachat/deltachat-core-rust/pull/5870)).
- `store_seen_flags_on_imap`: Skip to next messages if couldn't select folder ([#5870](https://github.com/deltachat/deltachat-core-rust/pull/5870)).
- Increase timeout for QR generation to 60s ([#5882](https://github.com/deltachat/deltachat-core-rust/pull/5882)).
-
-### Documentation
-
- Document new `mdns_enabled` behavior (bots do not send MDNs by default).
-
-### CI
-
- Configure Dependabot to update GitHub Actions.
-
-### Miscellaneous Tasks
-
- cargo: Bump regex from 1.10.5 to 1.10.6.
- cargo: Bump serde from 1.0.204 to 1.0.205.
- deps: Bump horochx/deploy-via-scp from 1.0.1 to 1.1.0.
- deps: Bump dependabot/fetch-metadata from 1.1.1 to 2.2.0.
- deps: Bump actions/setup-node from 2 to 4.
- Update provider database.
-
-## [1.142.4] - 2024-08-09
-
-### Build system
-
- Downgrade Tokio to 1.38 to fix Android compilation.
- Use `--locked` with `cargo install`.
-
-### Features / Changes
-
- Add Config::FixIsChatmail.
- Always move outgoing auto-generated messages to the mvbox.
- Disable requesting MDNs for bots by default.
- Allow using OAuth 2 with SOCKS5.
- Allow autoconfig when SOCKS5 is enabled.
- Update provider database.
- cargo: Update iroh from 0.21 to 0.22 ([#5860](https://github.com/deltachat/deltachat-core-rust/pull/5860)).
-
-### CI
-
- Update Rust to 1.80.1.
- Update EmbarkStudios/cargo-deny-action.
-
-### Documentation
-
- Point to active Header Protection draft
-
-### Refactor
-
- Derive `Default` for `CertificateChecks`.
- Merge imap_certificate_checks and smtp_certificate_checks.
- Remove param_addr_urlencoded argument from get_autoconfig().
- Pass address to moz_autoconfigure() instead of LoginParam.
-
-## [1.142.3] - 2024-08-04
-
-### Build system
-
- cargo: Update rusqlite and libsqlite3-sys.
- Fix cargo warnings about default-features
- Do not disable "vendored" feature in the workspace.
- cargo: Bump quick-xml from 0.35.0 to 0.36.1.
- cargo: Bump uuid from 1.9.1 to 1.10.0.
- cargo: Bump tokio from 1.38.0 to 1.39.2.
- cargo: Bump env_logger from 0.11.3 to 0.11.5.
- Remove sha2 dependency.
- Remove `backtrace` dependency.
- Remove direct "quinn" dependency.
-
-## [1.142.2] - 2024-08-02
-
-### Features / Changes
-
- Try only the full email address if username is unspecified.
- Sort DNS results by successful connection timestamp ([#5818](https://github.com/deltachat/deltachat-core-rust/pull/5818)).
-
-### Fixes
-
- Await the tasks after aborting them.
- Do not reset is_chatmail config on failed reconfiguration.
- Fix compilation on iOS.
- Reset configured_provider on reconfiguration.
-
-### Refactor
-
- Don't update message state to `OutMdnRcvd` anymore.
-
-### Build system
-
- Use workspace dependencies to make cargo-deny 0.15.1 happy.
- cargo: Update bytemuck from 0.14.3 to 0.16.3.
- cargo: Bump toml from 0.8.14 to 0.8.15.
- cargo: Bump serde_json from 1.0.120 to 1.0.122.
- cargo: Bump human-panic from 2.0.0 to 2.0.1.
- cargo: Bump thiserror from 1.0.61 to 1.0.63.
- cargo: Bump syn from 2.0.68 to 2.0.72.
- cargo: Bump quoted_printable from 0.5.0 to 0.5.1.
- cargo: Bump serde from 1.0.203 to 1.0.204.
-
-## [1.142.1] - 2024-07-30
-
-### Features / Changes
-
- Do not reveal sender's language in read receipts ([#5802](https://github.com/deltachat/deltachat-core-rust/pull/5802)).
- Try next DNS resolution result if TLS setup fails.
- Report first error instead of the last on connection failure.
-
-### Fixes
-
- smtp: Use DNS cache for implicit TLS connections.
- Imex::import_backup: Unpack all blobs before importing a db ([#4307](https://github.com/deltachat/deltachat-core-rust/pull/4307)).
- Import_backup_stream: Fix progress stucking at 0.
- Sql::import: Detach backup db if any step of the import fails.
- Imex::import_backup: Ignore errors from delete_and_reset_all_device_msgs().
- Explicitly close the database on account removal.
-
-### Miscellaneous Tasks
-
- cargo: Update time from 0.3.34 to 0.3.36.
- cargo: Update iroh from 0.20.0 to 0.21.0.
-
-### Refactor
-
- Add net/dns submodule.
- Pass single ALPN around instead of ALPN list.
- Replace {IMAP,SMTP,HTTP}_TIMEOUT with a single constant.
- smtp: Unify SMTP connection setup between TLS and STARTTLS.
- imap: Unify IMAP connection setup in Client::connect().
- Move DNS resolution into IMAP and SMTP connect code.
-
-### CI
-
- Update Rust to 1.80.0.
-
 ## [1.142.0] - 2024-07-23

 ### API-Changes
@@ -4743,9 +4595,3 @@ https://github.com/deltachat/deltachat-core-rust/pulls?q=is%3Apr+is%3Aclosed
 [1.141.1]: https://github.com/deltachat/deltachat-core-rust/compare/v1.141.0...v1.141.1
 [1.141.2]: https://github.com/deltachat/deltachat-core-rust/compare/v1.141.1...v1.141.2
 [1.142.0]: https://github.com/deltachat/deltachat-core-rust/compare/v1.141.2...v1.142.0
-[1.142.1]: https://github.com/deltachat/deltachat-core-rust/compare/v1.142.0...v1.142.1
-[1.142.2]: https://github.com/deltachat/deltachat-core-rust/compare/v1.142.1...v1.142.2
-[1.142.3]: https://github.com/deltachat/deltachat-core-rust/compare/v1.142.2...v1.142.3
-[1.142.4]: https://github.com/deltachat/deltachat-core-rust/compare/v1.142.3...v1.142.4
-[1.142.5]: https://github.com/deltachat/deltachat-core-rust/compare/v1.142.4...v1.142.5
-[1.142.6]: https://github.com/deltachat/deltachat-core-rust/compare/v1.142.5...v1.142.6
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat"
-version = "1.142.6"
+version = "1.142.0"
 edition = "2021"
 license = "MPL-2.0"
 rust-version = "1.77"
@@ -34,7 +34,7 @@ strip = true
 [dependencies]
 deltachat_derive = { path = "./deltachat_derive" }
 deltachat-time = { path = "./deltachat-time" }
-deltachat-contact-tools = { workspace = true }
+deltachat-contact-tools = { path = "./deltachat-contact-tools" }
 format-flowed = { path = "./format-flowed" }
 ratelimit = { path = "./deltachat-ratelimit" }

@@ -45,6 +45,7 @@ async-imap = { version = "0.9.7", default-features = false, features = ["runtime
 async-native-tls = { version = "0.5", default-features = false, features = ["runtime-tokio"] }
 async-smtp = { version = "0.9", default-features = false, features = ["runtime-tokio"] }
 async_zip = { version = "0.0.12", default-features = false, features = ["deflate", "fs"] }
+backtrace = "0.3"
 base64 = { workspace = true }
 brotli = { version = "6", default-features=false, features = ["std"] }
 chrono = { workspace = true, features = ["alloc", "clock", "std"] }
@@ -60,8 +61,9 @@ hickory-resolver = "0.24"
 humansize = "2"
 image = { version = "0.25.1", default-features=false, features = ["gif", "jpeg", "ico", "png", "pnm", "webp", "bmp"] }
 iroh_old = { version = "0.4.2", default-features = false, package = "iroh"}
-iroh-net = { version = "0.22.0", default-features = false }
-iroh-gossip = { version = "0.22.0", default-features = false, features = ["net"] }
+iroh-net = { version = "0.21.0", default-features = false }
+iroh-gossip = { version = "0.21.0", default-features = false, features = ["net"] }
+quinn = "0.10.0"
 kamadak-exif = "0.5.3"
 lettre_email = { git = "https://github.com/deltachat/lettre", branch = "master" }
 libc = { workspace = true }
@@ -75,7 +77,7 @@ percent-encoding = "2.3"
 parking_lot = "0.12"
 pgp = { version = "0.13", default-features = false }
 qrcodegen = "1.7.0"
-quick-xml = "0.36"
+quick-xml = "0.35"
 quoted_printable = "0.5"
 rand = { workspace = true }
 regex = { workspace = true }
@@ -86,6 +88,7 @@ sanitize-filename = { workspace = true }
 serde_json = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
 sha-1 = "0.10"
+sha2 = "0.10"
 smallvec = "1.13.2"
 strum = "0.26"
 strum_macros = "0.26"
@@ -160,9 +163,6 @@ ansi_term = "0.12.1"
 async-channel = "2.3.1"
 base64 = "0.22"
 chrono = { version = "0.4.38", default-features = false }
-deltachat-contact-tools = { path = "deltachat-contact-tools" }
-deltachat-jsonrpc = { path = "deltachat-jsonrpc" }
-deltachat = { path = "." }
 futures = "0.3.30"
 futures-lite = "2.3.0"
 libc = "0.2"
@@ -171,20 +171,13 @@ num-traits = "0.2"
 once_cell = "1.18.0"
 rand = "0.8"
 regex = "1.10"
-rusqlite = "0.32"
+rusqlite = "0.31"
 sanitize-filename = "0.5"
 serde_json = "1"
 serde = "1.0"
 tempfile = "3.10.1"
 thiserror = "1"
-
-# 1.38 is the latest version before `mio` dependency update
-# that broke compilation with Android NDK r23c and r24.
-# Version 1.39.0 cannot be compiled using these NDKs,
-# see issue <https://github.com/tokio-rs/tokio/issues/6748>
-# for details.
-tokio = "~1.38.1"
-
+tokio = "1.38.0"
 tokio-util = "0.7.11"
 tracing-subscriber = "0.3"
 yerpc = "0.6.2"
--- a/README.md
+++ b/README.md
@@ -30,13 +30,13 @@ $ curl https://sh.rustup.rs -sSf | sh
 Compile and run Delta Chat Core command line utility, using `cargo`:

 ```
-$ cargo run --locked -p deltachat-repl -- ~/deltachat-db
+$ cargo run -p deltachat-repl -- ~/deltachat-db
 ```
 where ~/deltachat-db is the database file. Delta Chat will create it if it does not exist.

 Optionally, install `deltachat-repl` binary with
 ```
-$ cargo install --locked --path deltachat-repl/
+$ cargo install --path deltachat-repl/
 ```
 and run as
 ```
--- a/deltachat-ffi/Cargo.toml
+++ b/deltachat-ffi/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat_ffi"
-version = "1.142.6"
+version = "1.142.0"
 description = "Deltachat FFI"
 edition = "2018"
 readme = "README.md"
@@ -14,8 +14,8 @@ name = "deltachat"
 crate-type = ["cdylib", "staticlib"]

 [dependencies]
-deltachat = { workspace = true, default-features = false }
-deltachat-jsonrpc = { workspace = true, optional = true }
+deltachat = { path = "../", default-features = false }
+deltachat-jsonrpc = { path = "../deltachat-jsonrpc", optional = true }
 libc = { workspace = true }
 human-panic = { version = "2", default-features = false }
 num-traits = { workspace = true }
@@ -29,6 +29,6 @@ yerpc = { workspace = true, features = ["anyhow_expose"] }

 [features]
 default = ["vendored"]
-vendored = ["deltachat/vendored", "deltachat-jsonrpc/vendored"]
+vendored = ["deltachat/vendored"]
 jsonrpc = ["dep:deltachat-jsonrpc"]

--- a/deltachat-ffi/deltachat.h
+++ b/deltachat-ffi/deltachat.h
@@ -409,7 +409,7 @@ char*           dc_get_blobdir               (const dc_context_t* context);
 * - `socks5_user` = SOCKS5 proxy username
 * - `socks5_password` = SOCKS5 proxy password
 * - `imap_certificate_checks` = how to check IMAP certificates, one of the @ref DC_CERTCK flags, defaults to #DC_CERTCK_AUTO (0)
- * - `smtp_certificate_checks` = deprecated option, should be set to the same value as `imap_certificate_checks` but ignored by the new core
+ * - `smtp_certificate_checks` = how to check SMTP certificates, one of the @ref DC_CERTCK flags, defaults to #DC_CERTCK_AUTO (0)
 * - `displayname`  = Own name to use when sending messages. MUAs are allowed to spread this way e.g. using CC, defaults to empty
 * - `selfstatus`   = Own status to display, e.g. in e-mail footers, defaults to empty
 * - `selfavatar`   = File containing avatar. Will immediately be copied to the 
@@ -420,8 +420,7 @@ char*           dc_get_blobdir               (const dc_context_t* context);
 *                    and also recoded to a reasonable size.
 * - `e2ee_enabled` = 0=no end-to-end-encryption, 1=prefer end-to-end-encryption (default)
 * - `mdns_enabled` = 0=do not send or request read receipts,
- *                    1=send and request read receipts
- *                    default=send and request read receipts, only send but not reuqest if `bot` is set
+ *                    1=send and request read receipts (default)
 * - `bcc_self`     = 0=do not send a copy of outgoing messages to self (default),
 *                    1=send a copy of outgoing messages to self.
 *                    Sending messages to self is needed for a proper multi-account setup,
@@ -5712,7 +5711,7 @@ int64_t         dc_lot_get_timestamp     (const dc_lot_t* lot);
 * Accept invalid certificates, including self-signed ones
 * or having incorrect hostname.
 */
-#define DC_CERTCK_ACCEPT_INVALID_CERTIFICATES 2
+#define DC_CERTCK_ACCEPT_INVALID_CERTIFICATES 3

 /**
 * @}
--- a/deltachat-jsonrpc/Cargo.toml
+++ b/deltachat-jsonrpc/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-jsonrpc"
-version = "1.142.6"
+version = "1.142.0"
 description = "DeltaChat JSON-RPC API"
 edition = "2021"
 default-run = "deltachat-jsonrpc-server"
@@ -14,8 +14,8 @@ required-features = ["webserver"]

 [dependencies]
 anyhow = { workspace = true }
-deltachat = { workspace = true }
-deltachat-contact-tools = { workspace = true }
+deltachat = { path = ".." }
+deltachat-contact-tools = { path = "../deltachat-contact-tools" }
 num-traits = { workspace = true }
 schemars = "0.8.21"
 serde = { workspace = true, features = ["derive"] }
@@ -33,7 +33,7 @@ base64 = { workspace = true }

 # optional dependencies
 axum = { version = "0.7", optional = true, features = ["ws"] }
-env_logger = { version = "0.11.5", optional = true }
+env_logger = { version = "0.11.3", optional = true }

 [dev-dependencies]
 tokio = { workspace = true, features = ["full", "rt-multi-thread"] }
--- a/deltachat-jsonrpc/src/api.rs
+++ b/deltachat-jsonrpc/src/api.rs
@@ -1672,10 +1672,10 @@ impl CommandApi {
    ///
    /// This call will block until the QR code is ready,
    /// even if there is no concurrent call to [`CommandApi::provide_backup`],
-    /// but will fail after 60 seconds to avoid deadlocks.
+    /// but will fail after 10 seconds to avoid deadlocks.
    async fn get_backup_qr(&self, account_id: u32) -> Result<String> {
        let qr = tokio::time::timeout(
-            Duration::from_secs(60),
+            Duration::from_secs(10),
            self.inner_get_backup_qr(account_id),
        )
        .await
@@ -1691,13 +1691,13 @@ impl CommandApi {
    ///
    /// This call will block until the QR code is ready,
    /// even if there is no concurrent call to [`CommandApi::provide_backup`],
-    /// but will fail after 60 seconds to avoid deadlocks.
+    /// but will fail after 10 seconds to avoid deadlocks.
    ///
    /// Returns the QR code rendered as an SVG image.
    async fn get_backup_qr_svg(&self, account_id: u32) -> Result<String> {
        let ctx = self.get_context(account_id).await?;
        let qr = tokio::time::timeout(
-            Duration::from_secs(60),
+            Duration::from_secs(10),
            self.inner_get_backup_qr(account_id),
        )
        .await
--- a/deltachat-jsonrpc/src/api/types/contact.rs
+++ b/deltachat-jsonrpc/src/api/types/contact.rs
@@ -19,7 +19,6 @@ pub struct ContactObject {
    profile_image: Option<String>, // BLOBS
    name_and_addr: String,
    is_blocked: bool,
-    e2ee_avail: bool,

    /// True if the contact can be added to verified groups.
    ///
@@ -80,7 +79,6 @@ impl ContactObject {
            profile_image, //BLOBS
            name_and_addr: contact.get_name_n_addr(),
            is_blocked: contact.is_blocked(),
-            e2ee_avail: contact.e2ee_avail(context).await?,
            is_verified,
            is_profile_verified,
            verifier_id,
--- a/deltachat-jsonrpc/typescript/package.json
+++ b/deltachat-jsonrpc/typescript/package.json
@@ -58,5 +58,5 @@
  },
  "type": "module",
  "types": "dist/deltachat.d.ts",
-  "version": "1.142.6"
+  "version": "1.142.0"
 }
--- a/deltachat-repl/Cargo.toml
+++ b/deltachat-repl/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-repl"
-version = "1.142.6"
+version = "1.142.0"
 license = "MPL-2.0"
 edition = "2021"
 repository = "https://github.com/deltachat/deltachat-core-rust"
@@ -8,7 +8,7 @@ repository = "https://github.com/deltachat/deltachat-core-rust"
 [dependencies]
 ansi_term = { workspace = true }
 anyhow = { workspace = true }
-deltachat = { workspace = true, features = ["internals"]}
+deltachat = { path = "..", features = ["internals"]}
 dirs = "5"
 log = { workspace = true }
 rusqlite = { workspace = true }
--- a/deltachat-rpc-client/pyproject.toml
+++ b/deltachat-rpc-client/pyproject.toml
@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"

 [project]
 name = "deltachat-rpc-client"
-version = "1.142.6"
+version = "1.142.0"
 description = "Python client for Delta Chat core JSON-RPC interface"
 classifiers = [
    "Development Status :: 5 - Production/Stable",
--- a/deltachat-rpc-client/src/deltachat_rpc_client/const.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/const.py
@@ -165,7 +165,7 @@ class CertificateChecks(IntEnum):

    AUTOMATIC = 0
    STRICT = 1
-    ACCEPT_INVALID_CERTIFICATES = 2
+    ACCEPT_INVALID_CERTIFICATES = 3


 class Connectivity(IntEnum):
--- a/deltachat-rpc-client/src/deltachat_rpc_client/pytestplugin.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/pytestplugin.py
@@ -114,13 +114,13 @@ class ACFactory:
        return to_client.run_until(lambda e: e.kind == EventType.INCOMING_MSG)


-@pytest.fixture
+@pytest.fixture()
 def rpc(tmp_path) -> AsyncGenerator:
    rpc_server = Rpc(accounts_dir=str(tmp_path / "accounts"))
    with rpc_server:
        yield rpc_server


-@pytest.fixture
+@pytest.fixture()
 def acfactory(rpc) -> AsyncGenerator:
    return ACFactory(DeltaChat(rpc))
--- a/deltachat-rpc-client/tests/test_iroh_webxdc.py
+++ b/deltachat-rpc-client/tests/test_iroh_webxdc.py
@@ -12,11 +12,10 @@ import threading
 import time

 import pytest
-
 from deltachat_rpc_client import EventType


-@pytest.fixture
+@pytest.fixture()
 def path_to_webxdc(request):
    p = request.path.parent.parent.parent.joinpath("test-data/webxdc/chess.xdc")
    assert p.exists()
--- a/deltachat-rpc-client/tests/test_securejoin.py
+++ b/deltachat-rpc-client/tests/test_securejoin.py
@@ -1,7 +1,6 @@
 import logging

 import pytest
-
 from deltachat_rpc_client import Chat, EventType, SpecialContactId


--- a/deltachat-rpc-client/tests/test_something.py
+++ b/deltachat-rpc-client/tests/test_something.py
@@ -3,13 +3,11 @@ import concurrent.futures
 import json
 import logging
 import os
-import socket
 import subprocess
 import time
 from unittest.mock import MagicMock

 import pytest
-
 from deltachat_rpc_client import Contact, EventType, Message, events
 from deltachat_rpc_client.const import DownloadState, MessageState
 from deltachat_rpc_client.direct_imap import DirectImap
@@ -71,18 +69,6 @@ def test_configure_starttls(acfactory) -> None:
    assert account.is_configured()


-def test_configure_ip(acfactory) -> None:
-    account = acfactory.new_preconfigured_account()
-
-    domain = account.get_config("addr").rsplit("@")[-1]
-    ip_address = socket.gethostbyname(domain)
-
-    # This should fail TLS check.
-    account.set_config("mail_server", ip_address)
-    with pytest.raises(JsonRpcError):
-        account.configure()
-
-
 def test_account(acfactory) -> None:
    alice, bob = acfactory.get_online_accounts(2)

--- a/deltachat-rpc-server/Cargo.toml
+++ b/deltachat-rpc-server/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-rpc-server"
-version = "1.142.6"
+version = "1.142.0"
 description = "DeltaChat JSON-RPC server"
 edition = "2021"
 readme = "README.md"
@@ -10,8 +10,8 @@ keywords = ["deltachat", "chat", "openpgp", "email", "encryption"]
 categories = ["cryptography", "std", "email"]

 [dependencies]
-deltachat-jsonrpc = { workspace = true }
-deltachat = { workspace = true }
+deltachat-jsonrpc = { path = "../deltachat-jsonrpc", default-features = false }
+deltachat = { path = "..", default-features = false }

 anyhow = { workspace = true }
 futures-lite = { workspace = true }
--- a/deltachat-rpc-server/npm-package/package.json
+++ b/deltachat-rpc-server/npm-package/package.json
@@ -15,5 +15,5 @@
  },
  "type": "module",
  "types": "index.d.ts",
-  "version": "1.142.6"
+  "version": "1.142.0"
 }
--- a/deny.toml
+++ b/deny.toml
@@ -57,6 +57,7 @@ skip = [
     { name = "h2", version = "0.3.26" },
     { name = "http-body", version = "0.4.6" },
     { name = "http", version = "0.2.12" },
+     { name = "hyper-rustls", version = "0.24.2" },
     { name = "hyper", version = "0.14.28" },
     { name = "idna", version = "0.4.0" },
     { name = "netlink-packet-core", version = "0.5.0" },
@@ -74,6 +75,7 @@ skip = [
     { name = "redox_syscall", version = "0.3.5" },
     { name = "regex-automata", version = "0.1.10" },
     { name = "regex-syntax", version = "0.6.29" },
+     { name = "reqwest", version = "0.11.27" },
     { name = "ring", version = "0.16.20" },
     { name = "rustls-pemfile", version = "1.0.4" },
     { name = "rustls", version = "0.21.11" },
--- a/node/constants.js
+++ b/node/constants.js
@@ -1,7 +1,7 @@
 // Generated!

 module.exports = {
-  DC_CERTCK_ACCEPT_INVALID_CERTIFICATES: 2,
+  DC_CERTCK_ACCEPT_INVALID_CERTIFICATES: 3,
  DC_CERTCK_AUTO: 0,
  DC_CERTCK_STRICT: 1,
  DC_CHAT_ID_ALLDONE_HINT: 7,
--- a/node/lib/constants.ts
+++ b/node/lib/constants.ts
@@ -1,7 +1,7 @@
 // Generated!

 export enum C {
-  DC_CERTCK_ACCEPT_INVALID_CERTIFICATES = 2,
+  DC_CERTCK_ACCEPT_INVALID_CERTIFICATES = 3,
  DC_CERTCK_AUTO = 0,
  DC_CERTCK_STRICT = 1,
  DC_CHAT_ID_ALLDONE_HINT = 7,
--- a/package.json
+++ b/package.json
@@ -55,5 +55,5 @@
    "test:mocha": "mocha node/test/test.mjs --growl --reporter=spec --bail --exit"
  },
  "types": "node/dist/index.d.ts",
-  "version": "1.142.6"
+  "version": "1.142.0"
 }
--- a/python/pyproject.toml
+++ b/python/pyproject.toml
@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"

 [project]
 name = "deltachat"
-version = "1.142.6"
+version = "1.142.0"
 description = "Python bindings for the Delta Chat Core library using CFFI against the Rust-implemented libdeltachat"
 readme = "README.rst"
 requires-python = ">=3.7"
--- a/python/tests/test_1_online.py
+++ b/python/tests/test_1_online.py
@@ -484,16 +484,6 @@ def test_move_works_on_self_sent(acfactory):
    ac1._evtracker.get_matching("DC_EVENT_IMAP_MESSAGE_MOVED")


-def test_move_sync_msgs(acfactory):
-    ac1 = acfactory.new_online_configuring_account(bcc_self=True, sync_msgs=True, fix_is_chatmail=True)
-    acfactory.bring_accounts_online()
-
-    ac1.set_config("displayname", "Alice")
-    ac1._evtracker.get_matching("DC_EVENT_IMAP_MESSAGE_MOVED")
-    ac1.set_config("displayname", "Bob")
-    ac1._evtracker.get_matching("DC_EVENT_IMAP_MESSAGE_MOVED")
-
-
 def test_forward_messages(acfactory, lp):
    ac1, ac2 = acfactory.get_online_accounts(2)
    chat = ac1.create_chat(ac2)
--- a/release-date.in
+++ b/release-date.in
@@ -1 +1 @@
-2024-08-15
+2024-07-23
--- a/scripts/coredeps/install-rust.sh
+++ b/scripts/coredeps/install-rust.sh
@@ -7,7 +7,7 @@ set -euo pipefail
 #
 # Avoid using rustup here as it depends on reading /proc/self/exe and
 # has problems running under QEMU.
-RUST_VERSION=1.80.1
+RUST_VERSION=1.80.0

 ARCH="$(uname -m)"
 test -f "/lib/libc.musl-$ARCH.so.1" && LIBC=musl || LIBC=gnu
--- a/scripts/make-rpc-testenv.sh
+++ b/scripts/make-rpc-testenv.sh
@@ -3,4 +3,4 @@ set -euo pipefail

 tox -c deltachat-rpc-client -e py --devenv venv
 venv/bin/pip install --upgrade pip
-cargo install --locked --path deltachat-rpc-server/ --root "$PWD/venv" --debug
+cargo install --path deltachat-rpc-server/ --root "$PWD/venv" --debug
--- a/scripts/run-rpc-test.sh
+++ b/scripts/run-rpc-test.sh
@@ -1,4 +1,4 @@
 #!/usr/bin/env bash
 set -euo pipefail
-cargo install --locked --path deltachat-rpc-server/ --root "$PWD/venv" --debug
+cargo install --path deltachat-rpc-server/ --root "$PWD/venv" --debug
 PATH="$PWD/venv/bin:$PATH" tox -c deltachat-rpc-client
--- a/scripts/update-provider-database.sh
+++ b/scripts/update-provider-database.sh
@@ -6,7 +6,7 @@ set -euo pipefail
 export TZ=UTC

 # Provider database revision.
-REV=05c1b2029da74718e4bdc3799a46e29c4f794dc7
+REV=828e5ddc7e6609b582fbd7f063cc3f60b580ce96

 CORE_ROOT="$PWD"
 TMP="$(mktemp -d)"
--- a/src/accounts.rs
+++ b/src/accounts.rs
@@ -1,7 +1,6 @@
 //! # Account manager module.

 use std::collections::BTreeMap;
-use std::future::Future;
 use std::path::{Path, PathBuf};

 use anyhow::{ensure, Context as _, Result};
@@ -166,25 +165,13 @@ impl Accounts {
            .remove(&id)
            .with_context(|| format!("no account with id {id}"))?;
        ctx.stop_io().await;
-
-        // Explicitly close the database
-        // to make sure the database file is closed
-        // and can be removed on Windows.
-        // If some spawned task tries to use the database afterwards,
-        // it will fail.
-        //
-        // Previously `stop_io()` aborted the tasks without awaiting them
-        // and this resulted in keeping `Context` clones inside
-        // `Future`s that were not dropped. This bug is fixed now,
-        // but explicitly closing the database ensures that file is freed
-        // even if not all `Context` references are dropped.
        ctx.sql.close().await;
        drop(ctx);

        if let Some(cfg) = self.config.get_account(id) {
            let account_path = self.dir.join(cfg.dir);

-            try_many_times(|| fs::remove_dir_all(&account_path))
+            fs::remove_dir_all(&account_path)
                .await
                .context("failed to remove account data")?;
        }
@@ -220,10 +207,10 @@ impl Accounts {
            fs::create_dir_all(self.dir.join(&account_config.dir))
                .await
                .context("failed to create dir")?;
-            try_many_times(|| fs::rename(&dbfile, &new_dbfile))
+            fs::rename(&dbfile, &new_dbfile)
                .await
                .context("failed to rename dbfile")?;
-            try_many_times(|| fs::rename(&blobdir, &new_blobdir))
+            fs::rename(&blobdir, &new_blobdir)
                .await
                .context("failed to rename blobdir")?;
            if walfile.exists() {
@@ -248,7 +235,7 @@ impl Accounts {
            }
            Err(err) => {
                let account_path = std::path::PathBuf::from(&account_config.dir);
-                try_many_times(|| fs::remove_dir_all(&account_path))
+                fs::remove_dir_all(&account_path)
                    .await
                    .context("failed to remove account data")?;
                self.config.remove_account(account_config.id).await?;
@@ -633,37 +620,6 @@ impl Config {
    }
 }

-/// Spend up to 1 minute trying to do the operation.
-///
-/// Even if Delta Chat itself does not hold the file lock,
-/// there may be other processes such as antivirus,
-/// or the filesystem may be network-mounted.
-///
-/// Without this workaround removing account may fail on Windows with an error
-/// "The process cannot access the file because it is being used by another process. (os error 32)".
-async fn try_many_times<F, Fut, T>(f: F) -> std::result::Result<(), T>
-where
-    F: Fn() -> Fut,
-    Fut: Future<Output = std::result::Result<(), T>>,
-{
-    let mut counter = 0;
-    loop {
-        counter += 1;
-
-        if let Err(err) = f().await {
-            if counter > 60 {
-                return Err(err);
-            }
-
-            // Wait 1 second and try again.
-            tokio::time::sleep(std::time::Duration::from_millis(1000)).await;
-        } else {
-            break;
-        }
-    }
-    Ok(())
-}
-
 /// Configuration of a single account.
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq)]
 struct AccountConfig {
--- a/src/config.rs
+++ b/src/config.rs
@@ -13,7 +13,7 @@ use strum_macros::{AsRefStr, Display, EnumIter, EnumString};
 use tokio::fs;

 use crate::blob::BlobObject;
-use crate::constants;
+use crate::constants::{self, DC_VERSION_STR};
 use crate::context::Context;
 use crate::events::EventType;
 use crate::log::LogExt;
@@ -59,10 +59,7 @@ pub enum Config {
    /// IMAP server security (e.g. TLS, STARTTLS).
    MailSecurity,

-    /// How to check TLS certificates.
-    ///
-    /// "IMAP" in the name is for compatibility,
-    /// this actually applies to both IMAP and SMTP connections.
+    /// How to check IMAP server TLS certificates.
    ImapCertificateChecks,

    /// SMTP server hostname.
@@ -80,9 +77,7 @@ pub enum Config {
    /// SMTP server security (e.g. TLS, STARTTLS).
    SendSecurity,

-    /// Deprecated option for backwards compatibilty.
-    ///
-    /// Certificate checks for SMTP are actually controlled by `imap_certificate_checks` config.
+    /// How to check SMTP server TLS certificates.
    SmtpCertificateChecks,

    /// Whether to use OAuth 2.
@@ -129,14 +124,14 @@ pub enum Config {

    /// True if Message Delivery Notifications (read receipts) should
    /// be sent and requested.
+    #[strum(props(default = "1"))]
    MdnsEnabled,

    /// True if "Sent" folder should be watched for changes.
    #[strum(props(default = "0"))]
    SentboxWatch,

-    /// True if chat messages should be moved to a separate folder. Auto-sent messages like sync
-    /// ones are moved there anyway.
+    /// True if chat messages should be moved to a separate folder.
    #[strum(props(default = "1"))]
    MvboxMove,

@@ -214,12 +209,7 @@ pub enum Config {
    /// Configured IMAP server security (e.g. TLS, STARTTLS).
    ConfiguredMailSecurity,

-    /// Configured TLS certificate checks.
-    /// This option is saved on successful configuration
-    /// and should not be modified manually.
-    ///
-    /// This actually applies to both IMAP and SMTP connections,
-    /// but has "IMAP" in the name for backwards compatibility.
+    /// How to check IMAP server TLS certificates.
    ConfiguredImapCertificateChecks,

    /// Configured SMTP server hostname.
@@ -234,9 +224,7 @@ pub enum Config {
    /// Configured SMTP server port.
    ConfiguredSendPort,

-    /// Deprecated, stored for backwards compatibility.
-    ///
-    /// ConfiguredImapCertificateChecks is actually used.
+    /// How to check SMTP server TLS certificates.
    ConfiguredSmtpCertificateChecks,

    /// Whether OAuth 2 is used with configured provider.
@@ -269,9 +257,6 @@ pub enum Config {
    /// True if account is a chatmail account.
    IsChatmail,

-    /// True if `IsChatmail` mustn't be autoconfigured. For tests.
-    FixIsChatmail,
-
    /// True if account is muted.
    IsMuted,

@@ -397,6 +382,9 @@ impl Config {
    /// multiple users are sharing an account. Another example is `Self::SyncMsgs` itself which
    /// mustn't be controlled by other devices.
    pub(crate) fn is_synced(&self) -> bool {
+        // NB: We don't restart IO from the synchronisation code, so `MvboxMove` isn't effective
+        // immediately if `ConfiguredMvboxFolder` is unset, but only after a reconnect (see
+        // `Imap::prepare()`).
        matches!(
            self,
            Self::Displayname
@@ -410,7 +398,10 @@ impl Config {

    /// Whether the config option needs an IO scheduler restart to take effect.
    pub(crate) fn needs_io_restart(&self) -> bool {
-        matches!(self, Config::OnlyFetchMvbox | Config::SentboxWatch)
+        matches!(
+            self,
+            Config::MvboxMove | Config::OnlyFetchMvbox | Config::SentboxWatch
+        )
    }
 }

@@ -436,7 +427,7 @@ impl Context {
                        .into_owned()
                })
            }
-            Config::SysVersion => Some((*constants::DC_VERSION_STR).clone()),
+            Config::SysVersion => Some((*DC_VERSION_STR).clone()),
            Config::SysMsgsizeMaxRecommended => Some(format!("{RECOMMENDED_FILE_SIZE}")),
            Config::SysConfigKeys => Some(get_config_keys_string()),
            _ => self.sql.get_raw_config(key.as_ref()).await?,
@@ -494,8 +485,7 @@ impl Context {
    /// Returns true if movebox ("DeltaChat" folder) should be watched.
    pub(crate) async fn should_watch_mvbox(&self) -> Result<bool> {
        Ok(self.get_config_bool(Config::MvboxMove).await?
-            || self.get_config_bool(Config::OnlyFetchMvbox).await?
-            || !self.get_config_bool(Config::IsChatmail).await?)
+            || self.get_config_bool(Config::OnlyFetchMvbox).await?)
    }

    /// Returns true if sentbox ("Sent" folder) should be watched.
@@ -514,22 +504,6 @@ impl Context {
            && !self.get_config_bool(Config::Bot).await?)
    }

-    /// Returns whether MDNs should be requested.
-    pub(crate) async fn should_request_mdns(&self) -> Result<bool> {
-        match self.get_config_bool_opt(Config::MdnsEnabled).await? {
-            Some(val) => Ok(val),
-            None => Ok(!self.get_config_bool(Config::Bot).await?),
-        }
-    }
-
-    /// Returns whether MDNs should be sent.
-    pub(crate) async fn should_send_mdns(&self) -> Result<bool> {
-        Ok(self
-            .get_config_bool_opt(Config::MdnsEnabled)
-            .await?
-            .unwrap_or(true))
-    }
-
    /// Gets configured "delete_server_after" value.
    ///
    /// `None` means never delete the message, `Some(0)` means delete
@@ -979,17 +953,6 @@ mod tests {
        Ok(())
    }

-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_mdns_default_behaviour() -> Result<()> {
-        let t = &TestContext::new_alice().await;
-        assert!(t.should_request_mdns().await?);
-        assert!(t.should_send_mdns().await?);
-        t.set_config_bool(Config::Bot, true).await?;
-        assert!(!t.should_request_mdns().await?);
-        assert!(t.should_send_mdns().await?);
-        Ok(())
-    }
-
    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
    async fn test_sync() -> Result<()> {
        let alice0 = TestContext::new_alice().await;
@@ -1016,6 +979,7 @@ mod tests {
        // Reset to default. Test that it's not synced because defaults may differ across client
        // versions.
        alice0.set_config(Config::MdnsEnabled, None).await?;
+        assert_eq!(alice0.get_config_bool(Config::MdnsEnabled).await?, true);
        alice0.set_config_bool(Config::MdnsEnabled, false).await?;
        sync(&alice0, &alice1).await;
        assert_eq!(alice1.get_config_bool(Config::MdnsEnabled).await?, false);
--- a/src/configure.rs
+++ b/src/configure.rs
@@ -27,7 +27,7 @@ use crate::config::{self, Config};
 use crate::context::Context;
 use crate::imap::{session::Session as ImapSession, Imap};
 use crate::log::LogExt;
-use crate::login_param::{LoginParam, ServerLoginParam};
+use crate::login_param::{CertificateChecks, LoginParam, ServerLoginParam};
 use crate::message::{Message, Viewtype};
 use crate::oauth2::get_oauth2_addr;
 use crate::provider::{Protocol, Socket, UsernamePattern};
@@ -113,6 +113,10 @@ impl Context {
        let mut param = LoginParam::load_candidate_params(self).await?;
        let old_addr = self.get_config(Config::ConfiguredAddr).await?;

+        // Reset our knowledge about whether the server is a chatmail server.
+        // We will update it when we connect to IMAP.
+        self.set_config_internal(Config::IsChatmail, None).await?;
+
        let success = configure(self, &mut param).await;
        self.set_config_internal(Config::NotifyAboutWrongPw, None)
            .await?;
@@ -189,8 +193,10 @@ async fn configure(ctx: &Context, param: &mut LoginParam) -> Result<()> {

    // Step 1: Load the parameters and check email-address and password

-    // OAuth is always set either for both IMAP and SMTP or not at all.
-    if param.imap.oauth2 {
+    // Do oauth2 only if socks5 is disabled. As soon as we have a http library that can do
+    // socks5 requests, this can work with socks5 too.  OAuth is always set either for both
+    // IMAP and SMTP or not at all.
+    if param.imap.oauth2 && !socks5_enabled {
        // the used oauth2 addr may differ, check this.
        // if get_oauth2_addr() is not available in the oauth2 implementation, just use the given one.
        progress!(ctx, 10);
@@ -210,6 +216,7 @@ async fn configure(ctx: &Context, param: &mut LoginParam) -> Result<()> {

    let parsed = EmailAddress::new(&param.addr).context("Bad email-address")?;
    let param_domain = parsed.domain;
+    let param_addr_urlencoded = utf8_percent_encode(&param.addr, NON_ALPHANUMERIC).to_string();

    // Step 2: Autoconfig
    progress!(ctx, 200);
@@ -260,6 +267,7 @@ async fn configure(ctx: &Context, param: &mut LoginParam) -> Result<()> {
                                        }
                                    }
                                },
+                                strict_tls: Some(provider.opt.strict_tls),
                            })
                            .collect();

@@ -274,14 +282,19 @@ async fn configure(ctx: &Context, param: &mut LoginParam) -> Result<()> {
        } else {
            // Try receiving autoconfig
            info!(ctx, "no offline autoconfig found");
-            param_autoconfig = get_autoconfig(ctx, param, &param_domain).await;
+            param_autoconfig = if socks5_enabled {
+                // Currently we can't do http requests through socks5, to not leak
+                // the ip, just don't do online autoconfig
+                info!(ctx, "socks5 enabled, skipping autoconfig");
+                None
+            } else {
+                get_autoconfig(ctx, param, &param_domain, &param_addr_urlencoded).await
+            }
        }
    } else {
        param_autoconfig = None;
    }

-    let strict_tls = param.strict_tls();
-
    progress!(ctx, 500);

    let mut servers = param_autoconfig.unwrap_or_default();
@@ -295,6 +308,7 @@ async fn configure(ctx: &Context, param: &mut LoginParam) -> Result<()> {
            port: param.imap.port,
            socket: param.imap.security,
            username: param.imap.user.clone(),
+            strict_tls: None,
        })
    }
    if !servers
@@ -307,9 +321,24 @@ async fn configure(ctx: &Context, param: &mut LoginParam) -> Result<()> {
            port: param.smtp.port,
            socket: param.smtp.security,
            username: param.smtp.user.clone(),
+            strict_tls: None,
        })
    }

+    // respect certificate setting from function parameters
+    for server in &mut servers {
+        let certificate_checks = match server.protocol {
+            Protocol::Imap => param.imap.certificate_checks,
+            Protocol::Smtp => param.smtp.certificate_checks,
+        };
+        server.strict_tls = match certificate_checks {
+            CertificateChecks::AcceptInvalidCertificates
+            | CertificateChecks::AcceptInvalidCertificates2 => Some(false),
+            CertificateChecks::Strict => Some(true),
+            CertificateChecks::Automatic => server.strict_tls,
+        };
+    }
+
    let servers = expand_param_vector(servers, &param.addr, &param_domain);

    progress!(ctx, 550);
@@ -325,6 +354,9 @@ async fn configure(ctx: &Context, param: &mut LoginParam) -> Result<()> {
        .filter(|params| params.protocol == Protocol::Smtp)
        .cloned()
        .collect();
+    let provider_strict_tls = param
+        .provider
+        .map_or(socks5_config.is_some(), |provider| provider.opt.strict_tls);

    let smtp_config_task = task::spawn(async move {
        let mut smtp_configured = false;
@@ -334,13 +366,18 @@ async fn configure(ctx: &Context, param: &mut LoginParam) -> Result<()> {
            smtp_param.server.clone_from(&smtp_server.hostname);
            smtp_param.port = smtp_server.port;
            smtp_param.security = smtp_server.socket;
+            smtp_param.certificate_checks = match smtp_server.strict_tls {
+                Some(true) => CertificateChecks::Strict,
+                Some(false) => CertificateChecks::AcceptInvalidCertificates,
+                None => CertificateChecks::Automatic,
+            };

            match try_smtp_one_param(
                &context_smtp,
                &smtp_param,
                &socks5_config,
                &smtp_addr,
-                strict_tls,
+                provider_strict_tls,
                &mut smtp,
            )
            .await
@@ -376,13 +413,18 @@ async fn configure(ctx: &Context, param: &mut LoginParam) -> Result<()> {
        param.imap.server.clone_from(&imap_server.hostname);
        param.imap.port = imap_server.port;
        param.imap.security = imap_server.socket;
+        param.imap.certificate_checks = match imap_server.strict_tls {
+            Some(true) => CertificateChecks::Strict,
+            Some(false) => CertificateChecks::AcceptInvalidCertificates,
+            None => CertificateChecks::Automatic,
+        };

        match try_imap_one_param(
            ctx,
            &param.imap,
            &param.socks5_config,
            &param.addr,
-            strict_tls,
+            provider_strict_tls,
        )
        .await
        {
@@ -416,22 +458,8 @@ async fn configure(ctx: &Context, param: &mut LoginParam) -> Result<()> {

    progress!(ctx, 900);

-    let is_chatmail = match ctx.get_config_bool(Config::FixIsChatmail).await? {
-        false => {
-            let is_chatmail = imap_session.is_chatmail();
-            ctx.set_config(
-                Config::IsChatmail,
-                Some(match is_chatmail {
-                    false => "0",
-                    true => "1",
-                }),
-            )
-            .await?;
-            is_chatmail
-        }
-        true => ctx.get_config_bool(Config::IsChatmail).await?,
-    };
-    if is_chatmail {
+    if imap_session.is_chatmail() {
+        ctx.set_config(Config::IsChatmail, Some("1")).await?;
        ctx.set_config(Config::SentboxWatch, None).await?;
        ctx.set_config(Config::MvboxMove, Some("0")).await?;
        ctx.set_config(Config::OnlyFetchMvbox, None).await?;
@@ -439,7 +467,8 @@ async fn configure(ctx: &Context, param: &mut LoginParam) -> Result<()> {
        ctx.set_config(Config::E2eeEnabled, Some("1")).await?;
    }

-    let create_mvbox = !is_chatmail;
+    let create_mvbox = ctx.should_watch_mvbox().await?;
+
    imap.configure_folders(ctx, &mut imap_session, create_mvbox)
        .await?;

@@ -490,15 +519,14 @@ async fn get_autoconfig(
    ctx: &Context,
    param: &LoginParam,
    param_domain: &str,
+    param_addr_urlencoded: &str,
 ) -> Option<Vec<ServerParams>> {
-    let param_addr_urlencoded = utf8_percent_encode(&param.addr, NON_ALPHANUMERIC).to_string();
-
    if let Ok(res) = moz_autoconfigure(
        ctx,
        &format!(
            "https://autoconfig.{param_domain}/mail/config-v1.1.xml?emailaddress={param_addr_urlencoded}"
        ),
-        &param.addr,
+        param,
    )
    .await
    {
@@ -513,7 +541,7 @@ async fn get_autoconfig(
            "https://{}/.well-known/autoconfig/mail/config-v1.1.xml?emailaddress={}",
            &param_domain, &param_addr_urlencoded
        ),
-        &param.addr,
+        param,
    )
    .await
    {
@@ -549,7 +577,7 @@ async fn get_autoconfig(
    if let Ok(res) = moz_autoconfigure(
        ctx,
        &format!("https://autoconfig.thunderbird.net/v1.1/{}", &param_domain),
-        &param.addr,
+        param,
    )
    .await
    {
@@ -564,15 +592,15 @@ async fn try_imap_one_param(
    param: &ServerLoginParam,
    socks5_config: &Option<Socks5Config>,
    addr: &str,
-    strict_tls: bool,
+    provider_strict_tls: bool,
 ) -> Result<(Imap, ImapSession), ConfigurationError> {
    let inf = format!(
-        "imap: {}@{}:{} security={} strict_tls={} oauth2={} socks5_config={}",
+        "imap: {}@{}:{} security={} certificate_checks={} oauth2={} socks5_config={}",
        param.user,
        param.server,
        param.port,
        param.security,
-        strict_tls,
+        param.certificate_checks,
        param.oauth2,
        if let Some(socks5_config) = socks5_config {
            socks5_config.to_string()
@@ -584,7 +612,7 @@ async fn try_imap_one_param(

    let (_s, r) = async_channel::bounded(1);

-    let mut imap = match Imap::new(param, socks5_config.clone(), addr, strict_tls, r) {
+    let mut imap = match Imap::new(param, socks5_config.clone(), addr, provider_strict_tls, r) {
        Err(err) => {
            info!(context, "failure: {:#}", err);
            return Err(ConfigurationError {
@@ -615,16 +643,16 @@ async fn try_smtp_one_param(
    param: &ServerLoginParam,
    socks5_config: &Option<Socks5Config>,
    addr: &str,
-    strict_tls: bool,
+    provider_strict_tls: bool,
    smtp: &mut Smtp,
 ) -> Result<(), ConfigurationError> {
    let inf = format!(
-        "smtp: {}@{}:{} security={} strict_tls={} oauth2={} socks5_config={}",
+        "smtp: {}@{}:{} security={} certificate_checks={} oauth2={} socks5_config={}",
        param.user,
        param.server,
        param.port,
        param.security,
-        strict_tls,
+        param.certificate_checks,
        param.oauth2,
        if let Some(socks5_config) = socks5_config {
            socks5_config.to_string()
@@ -635,7 +663,7 @@ async fn try_smtp_one_param(
    info!(context, "Trying: {}", inf);

    if let Err(err) = smtp
-        .connect(context, param, socks5_config, addr, strict_tls)
+        .connect(context, param, socks5_config, addr, provider_strict_tls)
        .await
    {
        info!(context, "SMTP failure: {err:#}.");
--- a/src/configure/auto_mozilla.rs
+++ b/src/configure/auto_mozilla.rs
@@ -9,6 +9,7 @@ use quick_xml::events::{BytesStart, Event};

 use super::{Error, ServerParams};
 use crate::context::Context;
+use crate::login_param::LoginParam;
 use crate::net::read_url;
 use crate::provider::{Protocol, Socket};

@@ -247,6 +248,7 @@ fn parse_serverparams(in_emailaddr: &str, xml_raw: &str) -> Result<Vec<ServerPar
                hostname: server.hostname,
                port: server.port,
                username: server.username,
+                strict_tls: None,
            })
        })
        .collect();
@@ -256,11 +258,11 @@ fn parse_serverparams(in_emailaddr: &str, xml_raw: &str) -> Result<Vec<ServerPar
 pub(crate) async fn moz_autoconfigure(
    context: &Context,
    url: &str,
-    addr: &str,
+    param_in: &LoginParam,
 ) -> Result<Vec<ServerParams>, Error> {
    let xml_raw = read_url(context, url).await?;

-    let res = parse_serverparams(addr, &xml_raw);
+    let res = parse_serverparams(&param_in.addr, &xml_raw);
    if let Err(err) = &res {
        warn!(
            context,
--- a/src/configure/auto_outlook.rs
+++ b/src/configure/auto_outlook.rs
@@ -187,6 +187,7 @@ fn protocols_to_serverparams(protocols: Vec<ProtocolTag>) -> Vec<ServerParams> {
                hostname: protocol.server,
                port: protocol.port,
                username: String::new(),
+                strict_tls: None,
            })
        })
        .collect()
--- a/src/configure/server_params.rs
+++ b/src/configure/server_params.rs
@@ -22,18 +22,31 @@ pub(crate) struct ServerParams {

    /// Username, empty if unknown.
    pub username: String,
+
+    /// Whether TLS certificates should be strictly checked or not, `None` for automatic.
+    pub strict_tls: Option<bool>,
 }

 impl ServerParams {
    fn expand_usernames(self, addr: &str) -> Vec<ServerParams> {
+        let mut res = Vec::new();
+
        if self.username.is_empty() {
-            vec![Self {
+            res.push(Self {
                username: addr.to_string(),
                ..self.clone()
-            }]
+            });
+
+            if let Some(at) = addr.find('@') {
+                res.push(Self {
+                    username: addr.split_at(at).0.to_string(),
+                    ..self
+                });
+            }
        } else {
-            vec![self]
+            res.push(self)
        }
+        res
    }

    fn expand_hostnames(self, param_domain: &str) -> Vec<ServerParams> {
@@ -122,6 +135,14 @@ impl ServerParams {
            vec![self]
        }
    }
+
+    fn expand_strict_tls(self) -> Vec<ServerParams> {
+        vec![Self {
+            // Strict if not set by the user or provider database.
+            strict_tls: Some(self.strict_tls.unwrap_or(true)),
+            ..self
+        }]
+    }
 }

 /// Expands vector of `ServerParams`, replacing placeholders with
@@ -134,7 +155,9 @@ pub(crate) fn expand_param_vector(
    v.into_iter()
        // The order of expansion is important.
        //
-        // Ports are expanded the last, so they are changed the first.
+        // Ports are expanded the last, so they are changed the first.  Username is only changed if
+        // default value (address with domain) didn't work for all available hosts and ports.
+        .flat_map(|params| params.expand_strict_tls().into_iter())
        .flat_map(|params| params.expand_usernames(addr).into_iter())
        .flat_map(|params| params.expand_hostnames(domain).into_iter())
        .flat_map(|params| params.expand_ports().into_iter())
@@ -154,6 +177,7 @@ mod tests {
                port: 0,
                socket: Socket::Ssl,
                username: "foobar".to_string(),
+                strict_tls: Some(true),
            }],
            "foobar@example.net",
            "example.net",
@@ -167,6 +191,7 @@ mod tests {
                port: 993,
                socket: Socket::Ssl,
                username: "foobar".to_string(),
+                strict_tls: Some(true)
            }],
        );

@@ -177,6 +202,7 @@ mod tests {
                port: 123,
                socket: Socket::Automatic,
                username: "foobar".to_string(),
+                strict_tls: None,
            }],
            "foobar@example.net",
            "example.net",
@@ -191,6 +217,7 @@ mod tests {
                    port: 123,
                    socket: Socket::Ssl,
                    username: "foobar".to_string(),
+                    strict_tls: Some(true),
                },
                ServerParams {
                    protocol: Protocol::Smtp,
@@ -198,10 +225,12 @@ mod tests {
                    port: 123,
                    socket: Socket::Starttls,
                    username: "foobar".to_string(),
+                    strict_tls: Some(true)
                },
            ],
        );

+        // Test that strict_tls is not expanded for plaintext connections.
        let v = expand_param_vector(
            vec![ServerParams {
                protocol: Protocol::Smtp,
@@ -209,6 +238,7 @@ mod tests {
                port: 123,
                socket: Socket::Plain,
                username: "foobar".to_string(),
+                strict_tls: Some(true),
            }],
            "foobar@example.net",
            "example.net",
@@ -221,6 +251,7 @@ mod tests {
                port: 123,
                socket: Socket::Plain,
                username: "foobar".to_string(),
+                strict_tls: Some(true)
            }],
        );

@@ -232,6 +263,7 @@ mod tests {
                port: 10480,
                socket: Socket::Ssl,
                username: "foobar".to_string(),
+                strict_tls: Some(true),
            }],
            "foobar@example.net",
            "example.net",
@@ -245,6 +277,7 @@ mod tests {
                    port: 10480,
                    socket: Socket::Ssl,
                    username: "foobar".to_string(),
+                    strict_tls: Some(true)
                },
                ServerParams {
                    protocol: Protocol::Imap,
@@ -252,6 +285,7 @@ mod tests {
                    port: 10480,
                    socket: Socket::Ssl,
                    username: "foobar".to_string(),
+                    strict_tls: Some(true)
                },
                ServerParams {
                    protocol: Protocol::Imap,
@@ -259,6 +293,7 @@ mod tests {
                    port: 10480,
                    socket: Socket::Ssl,
                    username: "foobar".to_string(),
+                    strict_tls: Some(true)
                }
            ],
        );
@@ -272,6 +307,7 @@ mod tests {
                port: 0,
                socket: Socket::Automatic,
                username: "foobar".to_string(),
+                strict_tls: Some(true),
            }],
            "foobar@example.net",
            "example.net",
@@ -285,6 +321,7 @@ mod tests {
                    port: 465,
                    socket: Socket::Ssl,
                    username: "foobar".to_string(),
+                    strict_tls: Some(true)
                },
                ServerParams {
                    protocol: Protocol::Smtp,
@@ -292,45 +329,7 @@ mod tests {
                    port: 587,
                    socket: Socket::Starttls,
                    username: "foobar".to_string(),
-                },
-            ],
-        );
-
-        // Test that email address is used as the default username.
-        // We do not try other usernames
-        // such as the local part of the address
-        // as this is very uncommon configuration
-        // and not worth doubling the number of candidates to try.
-        // If such configuration is used, email provider
-        // should provide XML autoconfig or
-        // be added to the provider database as an exception.
-        let v = expand_param_vector(
-            vec![ServerParams {
-                protocol: Protocol::Imap,
-                hostname: "example.net".to_string(),
-                port: 0,
-                socket: Socket::Automatic,
-                username: "".to_string(),
-            }],
-            "foobar@example.net",
-            "example.net",
-        );
-        assert_eq!(
-            v,
-            vec![
-                ServerParams {
-                    protocol: Protocol::Imap,
-                    hostname: "example.net".to_string(),
-                    port: 993,
-                    socket: Socket::Ssl,
-                    username: "foobar@example.net".to_string(),
-                },
-                ServerParams {
-                    protocol: Protocol::Imap,
-                    hostname: "example.net".to_string(),
-                    port: 143,
-                    socket: Socket::Starttls,
-                    username: "foobar@example.net".to_string(),
+                    strict_tls: Some(true)
                },
            ],
        );
--- a/src/constants.rs
+++ b/src/constants.rs
@@ -209,7 +209,7 @@ pub const WORSE_IMAGE_SIZE: u32 = 640;
 // Key for the folder configuration version (see below).
 pub(crate) const DC_FOLDERS_CONFIGURED_KEY: &str = "folders_configured";
 // this value can be increased if the folder configuration is changed and must be redone on next program start
-pub(crate) const DC_FOLDERS_CONFIGURED_VERSION: i32 = 5;
+pub(crate) const DC_FOLDERS_CONFIGURED_VERSION: i32 = 4;

 // If more recipients are needed in SMTP's `RCPT TO:` header, the recipient list is split into
 // chunks. This does not affect MIME's `To:` header. Can be overwritten by setting
--- a/src/contact.rs
+++ b/src/contact.rs
@@ -1402,17 +1402,6 @@ impl Contact {
        self.status.as_str()
    }

-    /// Returns whether end-to-end encryption to the contact is available.
-    pub async fn e2ee_avail(&self, context: &Context) -> Result<bool> {
-        if self.id == ContactId::SELF {
-            return Ok(true);
-        }
-        let Some(peerstate) = Peerstate::from_addr(context, &self.addr).await? else {
-            return Ok(false);
-        };
-        Ok(peerstate.peek_key(false).is_some())
-    }
-
    /// Returns true if the contact
    /// can be added to verified chats,
    /// i.e. has a verified key
@@ -1924,13 +1913,8 @@ impl RecentlySeenLoop {
            .unwrap();
    }

-    pub(crate) async fn abort(self) {
+    pub(crate) fn abort(self) {
        self.handle.abort();
-
-        // Await aborted task to ensure the `Future` is dropped
-        // with all resources moved inside such as the `Context`
-        // reference to `InnerContext`.
-        self.handle.await.ok();
    }
 }

@@ -2684,8 +2668,6 @@ mod tests {

        let encrinfo = Contact::get_encrinfo(&alice, contact_bob_id).await?;
        assert_eq!(encrinfo, "No encryption");
-        let contact = Contact::get_by_id(&alice, contact_bob_id).await?;
-        assert!(!contact.e2ee_avail(&alice).await?);

        let bob = TestContext::new_bob().await;
        let chat_alice = bob
@@ -2709,8 +2691,6 @@ bob@example.net:
 CCCB 5AA9 F6E1 141C 9431
 65F1 DB18 B18C BCF7 0487"
        );
-        let contact = Contact::get_by_id(&alice, contact_bob_id).await?;
-        assert!(contact.e2ee_avail(&alice).await?);
        Ok(())
    }

--- a/src/context.rs
+++ b/src/context.rs
@@ -814,12 +814,6 @@ impl Context {
        }

        res.insert("is_chatmail", self.is_chatmail().await?.to_string());
-        res.insert(
-            "fix_is_chatmail",
-            self.get_config_bool(Config::FixIsChatmail)
-                .await?
-                .to_string(),
-        );
        res.insert(
            "is_muted",
            self.get_config_bool(Config::IsMuted).await?.to_string(),
--- a/src/headerdef.rs
+++ b/src/headerdef.rs
@@ -11,7 +11,6 @@ pub enum HeaderDef {
    Date,
    From_,
    To,
-    AutoSubmitted,

    /// Carbon copy.
    Cc,
--- a/src/imap.rs
+++ b/src/imap.rs
@@ -32,7 +32,7 @@ use crate::contact::{Contact, ContactId, Modifier, Origin};
 use crate::context::Context;
 use crate::events::EventType;
 use crate::headerdef::{HeaderDef, HeaderDefMap};
-use crate::login_param::{LoginParam, ServerLoginParam};
+use crate::login_param::{CertificateChecks, LoginParam, ServerLoginParam};
 use crate::message::{self, Message, MessageState, MessengerMessage, MsgId, Viewtype};
 use crate::mimeparser;
 use crate::oauth2::get_oauth2_access_token;
@@ -231,13 +231,20 @@ impl Imap {
        lp: &ServerLoginParam,
        socks5_config: Option<Socks5Config>,
        addr: &str,
-        strict_tls: bool,
+        provider_strict_tls: bool,
        idle_interrupt_receiver: Receiver<()>,
    ) -> Result<Self> {
        if lp.server.is_empty() || lp.user.is_empty() || lp.password.is_empty() {
            bail!("Incomplete IMAP connection parameters");
        }

+        let strict_tls = match lp.certificate_checks {
+            CertificateChecks::Automatic => provider_strict_tls,
+            CertificateChecks::Strict => true,
+            CertificateChecks::AcceptInvalidCertificates
+            | CertificateChecks::AcceptInvalidCertificates2 => false,
+        };
+
        let imap = Imap {
            idle_interrupt_receiver,
            addr: addr.to_string(),
@@ -265,11 +272,17 @@ impl Imap {
        }

        let param = LoginParam::load_configured_params(context).await?;
+        // the trailing underscore is correct
+
        let imap = Self::new(
            &param.imap,
            param.socks5_config.clone(),
            &param.addr,
-            param.strict_tls(),
+            param
+                .provider
+                .map_or(param.socks5_config.is_some(), |provider| {
+                    provider.opt.strict_tls
+                }),
            idle_interrupt_receiver,
        )?;
        Ok(imap)
@@ -433,11 +446,7 @@ impl Imap {
            .get_raw_config_int(constants::DC_FOLDERS_CONFIGURED_KEY)
            .await?;
        if folders_configured.unwrap_or_default() < constants::DC_FOLDERS_CONFIGURED_VERSION {
-            let is_chatmail = match context.get_config_bool(Config::FixIsChatmail).await? {
-                false => session.is_chatmail(),
-                true => context.get_config_bool(Config::IsChatmail).await?,
-            };
-            let create_mvbox = !is_chatmail || context.get_config_bool(Config::MvboxMove).await?;
+            let create_mvbox = true;
            self.configure_folders(context, &mut session, create_mvbox)
                .await?;
        }
@@ -1045,12 +1054,18 @@ impl Session {
            .await?;

        for (folder, rowid_set, uid_set) in UidGrouper::from(rows) {
-            if let Err(err) = self.select_with_uidvalidity(context, &folder).await {
-                warn!(context, "store_seen_flags_on_imap: Failed to select {folder}, will retry later: {err:#}.");
-            } else if let Err(err) = self.add_flag_finalized_with_set(&uid_set, "\\Seen").await {
+            self.select_with_uidvalidity(context, &folder)
+                .await
+                .context("failed to select folder")?;
+
+            if let Err(err) = self.add_flag_finalized_with_set(&uid_set, "\\Seen").await {
                warn!(
                    context,
-                    "Cannot mark messages {uid_set} in {folder} as seen, will retry later: {err:#}.");
+                    "Cannot mark messages {} in folder {} as seen, will retry later: {}.",
+                    uid_set,
+                    folder,
+                    err
+                );
            } else {
                info!(
                    context,
@@ -1474,7 +1489,7 @@ impl Session {
        } else if !context.push_subscriber.heartbeat_subscribed().await {
            let context = context.clone();
            // Subscribe for heartbeat notifications.
-            tokio::spawn(async move { context.push_subscriber.subscribe(&context).await });
+            tokio::spawn(async move { context.push_subscriber.subscribe().await });
        }

        Ok(())
@@ -1504,8 +1519,8 @@ impl Session {

    /// Attempts to configure mvbox.
    ///
-    /// Tries to find any folder examining `folders` in the order they go. If none is found, tries
-    /// to create any folder in the same order. This method does not use LIST command to ensure that
+    /// Tries to find any folder in the given list of `folders`. If none is found, tries to create
+    /// `folders[0]`. This method does not use LIST command to ensure that
    /// configuration works even if mailbox lookup is forbidden via Access Control List (see
    /// <https://datatracker.ietf.org/doc/html/rfc4314>).
    ///
@@ -1539,17 +1554,16 @@ impl Session {
        if !create_mvbox {
            return Ok(None);
        }
-        // Some servers require namespace-style folder names like "INBOX.DeltaChat", so we try all
-        // the variants here.
-        for folder in folders {
-            match self.select_with_uidvalidity(context, folder).await {
-                Ok(_) => {
-                    info!(context, "MVBOX-folder {} created.", folder);
-                    return Ok(Some(folder));
-                }
-                Err(err) => {
-                    warn!(context, "Cannot create MVBOX-folder {:?}: {}", folder, err);
-                }
+        let Some(folder) = folders.first() else {
+            return Ok(None);
+        };
+        match self.select_with_uidvalidity(context, folder).await {
+            Ok(_) => {
+                info!(context, "MVBOX-folder {} created.", folder);
+                return Ok(Some(folder));
+            }
+            Err(err) => {
+                warn!(context, "Cannot create MVBOX-folder {:?}: {}", folder, err);
            }
        }
        Ok(None)
@@ -1797,20 +1811,6 @@ async fn needs_move_to_mvbox(
    context: &Context,
    headers: &[mailparse::MailHeader<'_>],
 ) -> Result<bool> {
-    let has_chat_version = headers.get_header_value(HeaderDef::ChatVersion).is_some();
-    if !context.get_config_bool(Config::IsChatmail).await?
-        && has_chat_version
-        && headers
-            .get_header_value(HeaderDef::AutoSubmitted)
-            .filter(|val| val.to_ascii_lowercase() == "auto-generated")
-            .is_some()
-    {
-        if let Some(from) = mimeparser::get_from(headers) {
-            if context.is_self_addr(&from.addr).await? {
-                return Ok(true);
-            }
-        }
-    }
    if !context.get_config_bool(Config::MvboxMove).await? {
        return Ok(false);
    }
@@ -1824,7 +1824,7 @@ async fn needs_move_to_mvbox(
        return Ok(false);
    }

-    if has_chat_version {
+    if headers.get_header_value(HeaderDef::ChatVersion).is_some() {
        Ok(true)
    } else if let Some(parent) = get_prefetch_parent_message(context, headers).await? {
        match parent.is_dc_message {
--- a/src/imap/client.rs
+++ b/src/imap/client.rs
@@ -1,23 +1,19 @@
-use std::net::SocketAddr;
 use std::ops::{Deref, DerefMut};

-use anyhow::{bail, format_err, Context as _, Result};
+use anyhow::{bail, Context as _, Result};
 use async_imap::Client as ImapClient;
 use async_imap::Session as ImapSession;
-use fast_socks5::client::Socks5Stream;
 use tokio::io::BufWriter;

 use super::capabilities::Capabilities;
 use super::session::Session;
 use crate::context::Context;
-use crate::net::dns::{lookup_host_with_cache, update_connect_timestamp};
 use crate::net::session::SessionStream;
 use crate::net::tls::wrap_tls;
-use crate::net::update_connection_history;
-use crate::net::{connect_tcp_inner, connect_tls_inner};
+use crate::net::{connect_starttls_imap, connect_tcp, connect_tls};
 use crate::provider::Socket;
 use crate::socks::Socks5Config;
-use crate::tools::time;
+use fast_socks5::client::Socks5Stream;

 #[derive(Debug)]
 pub(crate) struct Client {
@@ -106,58 +102,37 @@ impl Client {
        security: Socket,
    ) -> Result<Self> {
        if let Some(socks5_config) = socks5_config {
-            let client = match security {
+            match security {
                Socket::Automatic => bail!("IMAP port security is not configured"),
                Socket::Ssl => {
                    Client::connect_secure_socks5(context, host, port, strict_tls, socks5_config)
-                        .await?
+                        .await
                }
                Socket::Starttls => {
                    Client::connect_starttls_socks5(context, host, port, socks5_config, strict_tls)
-                        .await?
+                        .await
                }
                Socket::Plain => {
-                    Client::connect_insecure_socks5(context, host, port, socks5_config).await?
-                }
-            };
-            Ok(client)
-        } else {
-            let mut first_error = None;
-            let load_cache =
-                strict_tls && (security == Socket::Ssl || security == Socket::Starttls);
-            for resolved_addr in
-                lookup_host_with_cache(context, host, port, "imap", load_cache).await?
-            {
-                let res = match security {
-                    Socket::Automatic => bail!("IMAP port security is not configured"),
-                    Socket::Ssl => Client::connect_secure(resolved_addr, host, strict_tls).await,
-                    Socket::Starttls => {
-                        Client::connect_starttls(resolved_addr, host, strict_tls).await
-                    }
-                    Socket::Plain => Client::connect_insecure(resolved_addr).await,
-                };
-                match res {
-                    Ok(client) => {
-                        let ip_addr = resolved_addr.ip().to_string();
-                        if load_cache {
-                            update_connect_timestamp(context, host, &ip_addr).await?;
-                        }
-                        update_connection_history(context, "imap", host, port, &ip_addr, time())
-                            .await?;
-                        return Ok(client);
-                    }
-                    Err(err) => {
-                        warn!(context, "Failed to connect to {resolved_addr}: {err:#}.");
-                        first_error.get_or_insert(err);
-                    }
+                    Client::connect_insecure_socks5(context, host, port, socks5_config).await
                }
            }
-            Err(first_error.unwrap_or_else(|| format_err!("no DNS resolution results for {host}")))
+        } else {
+            match security {
+                Socket::Automatic => bail!("IMAP port security is not configured"),
+                Socket::Ssl => Client::connect_secure(context, host, port, strict_tls).await,
+                Socket::Starttls => Client::connect_starttls(context, host, port, strict_tls).await,
+                Socket::Plain => Client::connect_insecure(context, host, port).await,
+            }
        }
    }

-    async fn connect_secure(addr: SocketAddr, hostname: &str, strict_tls: bool) -> Result<Self> {
-        let tls_stream = connect_tls_inner(addr, hostname, strict_tls, "imap").await?;
+    async fn connect_secure(
+        context: &Context,
+        hostname: &str,
+        port: u16,
+        strict_tls: bool,
+    ) -> Result<Self> {
+        let tls_stream = connect_tls(context, hostname, port, strict_tls, "imap").await?;
        let buffered_stream = BufWriter::new(tls_stream);
        let session_stream: Box<dyn SessionStream> = Box::new(buffered_stream);
        let mut client = Client::new(session_stream);
@@ -168,8 +143,8 @@ impl Client {
        Ok(client)
    }

-    async fn connect_insecure(addr: SocketAddr) -> Result<Self> {
-        let tcp_stream = connect_tcp_inner(addr).await?;
+    async fn connect_insecure(context: &Context, hostname: &str, port: u16) -> Result<Self> {
+        let tcp_stream = connect_tcp(context, hostname, port, false).await?;
        let buffered_stream = BufWriter::new(tcp_stream);
        let session_stream: Box<dyn SessionStream> = Box::new(buffered_stream);
        let mut client = Client::new(session_stream);
@@ -180,26 +155,13 @@ impl Client {
        Ok(client)
    }

-    async fn connect_starttls(addr: SocketAddr, host: &str, strict_tls: bool) -> Result<Self> {
-        let tcp_stream = connect_tcp_inner(addr).await?;
-
-        // Run STARTTLS command and convert the client back into a stream.
-        let buffered_tcp_stream = BufWriter::new(tcp_stream);
-        let mut client = async_imap::Client::new(buffered_tcp_stream);
-        let _greeting = client
-            .read_response()
-            .await
-            .context("failed to read greeting")??;
-        client
-            .run_command_and_check_ok("STARTTLS", None)
-            .await
-            .context("STARTTLS command failed")?;
-        let buffered_tcp_stream = client.into_inner();
-        let tcp_stream = buffered_tcp_stream.into_inner();
-
-        let tls_stream = wrap_tls(strict_tls, host, "imap", tcp_stream)
-            .await
-            .context("STARTTLS upgrade failed")?;
+    async fn connect_starttls(
+        context: &Context,
+        hostname: &str,
+        port: u16,
+        strict_tls: bool,
+    ) -> Result<Self> {
+        let tls_stream = connect_starttls_imap(context, hostname, port, strict_tls).await?;

        let buffered_stream = BufWriter::new(tls_stream);
        let session_stream: Box<dyn SessionStream> = Box::new(buffered_stream);
--- a/src/imap/session.rs
+++ b/src/imap/session.rs
@@ -24,7 +24,6 @@ const PREFETCH_FLAGS: &str = "(UID INTERNALDATE RFC822.SIZE BODY.PEEK[HEADER.FIE
                              FROM \
                              IN-REPLY-TO REFERENCES \
                              CHAT-VERSION \
-                              AUTO-SUBMITTED \
                              AUTOCRYPT-SETUP-MESSAGE\
                              )])";

--- a/src/login_param.rs
+++ b/src/login_param.rs
@@ -10,66 +10,41 @@ use crate::provider::Socket;
 use crate::provider::{get_provider_by_id, Provider};
 use crate::socks::Socks5Config;

-/// User entered setting for certificate checks.
-///
-/// Should be saved into `imap_certificate_checks` before running configuration.
-#[derive(Copy, Clone, Debug, Default, Display, FromPrimitive, ToPrimitive, PartialEq, Eq)]
+#[derive(Copy, Clone, Debug, Display, FromPrimitive, ToPrimitive, PartialEq, Eq)]
 #[repr(u32)]
 #[strum(serialize_all = "snake_case")]
-pub enum EnteredCertificateChecks {
-    /// `Automatic` means that provider database setting should be taken.
-    /// If there is no provider database setting for certificate checks,
-    /// check certificates strictly.
-    #[default]
-    Automatic = 0,
-
-    /// Ensure that TLS certificate is valid for the server hostname.
-    Strict = 1,
-
-    /// Accept certificates that are expired, self-signed
-    /// or otherwise not valid for the server hostname.
-    AcceptInvalidCertificates = 2,
-
-    /// Alias for `AcceptInvalidCertificates`
-    /// for API compatibility.
-    AcceptInvalidCertificates2 = 3,
-}
-
-/// Values saved into `imap_certificate_checks`.
-#[derive(Copy, Clone, Debug, Default, Display, FromPrimitive, ToPrimitive, PartialEq, Eq)]
-#[repr(u32)]
-#[strum(serialize_all = "snake_case")]
-pub enum ConfiguredCertificateChecks {
-    /// Use configuration from the provider database.
-    /// If there is no provider database setting for certificate checks,
-    /// accept invalid certificates.
+pub enum CertificateChecks {
+    /// Same as AcceptInvalidCertificates if stored in the database
+    /// as `configured_{imap,smtp}_certificate_checks`.
    ///
-    /// Must not be saved by new versions.
-    ///
-    /// Previous Delta Chat versions before core 1.133.0
-    /// stored this in `configured_imap_certificate_checks`
+    /// Previous Delta Chat versions stored this in `configured_*`
    /// if Automatic configuration
    /// was selected, configuration with strict TLS checks failed
    /// and configuration without strict TLS checks succeeded.
-    OldAutomatic = 0,
+    ///
+    /// Currently Delta Chat stores only
+    /// `Strict` or `AcceptInvalidCertificates` variants
+    /// in `configured_*` settings.
+    ///
+    /// `Automatic` in `{imap,smtp}_certificate_checks`
+    /// means that provider database setting should be taken.
+    /// If there is no provider database setting for certificate checks,
+    /// `Automatic` is the same as `Strict`.
+    Automatic = 0,

-    /// Ensure that TLS certificate is valid for the server hostname.
    Strict = 1,

-    /// Accept certificates that are expired, self-signed
-    /// or otherwise not valid for the server hostname.
-    AcceptInvalidCertificates = 2,
+    /// Same as AcceptInvalidCertificates
+    /// Previously known as AcceptInvalidHostnames, now deprecated.
+    AcceptInvalidCertificates2 = 2,

-    /// Accept certificates that are expired, self-signed
-    /// or otherwise not valid for the server hostname.
-    ///
-    /// Alias to `AcceptInvalidCertificates` for compatibility.
-    AcceptInvalidCertificates2 = 3,
+    AcceptInvalidCertificates = 3,
+}

-    /// Use configuration from the provider database.
-    /// If there is no provider database setting for certificate checks,
-    /// apply strict checks to TLS certificates.
-    Automatic = 4,
+impl Default for CertificateChecks {
+    fn default() -> Self {
+        Self::Automatic
+    }
 }

 /// Login parameters for a single server, either IMAP or SMTP
@@ -81,6 +56,10 @@ pub struct ServerLoginParam {
    pub port: u16,
    pub security: Socket,
    pub oauth2: bool,
+
+    /// TLS options: whether to allow invalid certificates and/or
+    /// invalid hostnames
+    pub certificate_checks: CertificateChecks,
 }

 #[derive(Default, Debug, Clone, PartialEq, Eq)]
@@ -90,10 +69,6 @@ pub struct LoginParam {
    pub smtp: ServerLoginParam,
    pub provider: Option<&'static Provider>,
    pub socks5_config: Option<Socks5Config>,
-
-    /// TLS options: whether to allow invalid certificates and/or
-    /// invalid hostnames
-    pub certificate_checks: CertificateChecks,
 }

 impl LoginParam {
@@ -155,12 +130,8 @@ impl LoginParam {
            .and_then(num_traits::FromPrimitive::from_i32)
            .unwrap_or_default();

-        // The setting is named `imap_certificate_checks`
-        // for backwards compatibility,
-        // but now it is a global setting applied to all protocols,
-        // while `smtp_certificate_checks` is ignored.
        let key = &format!("{prefix}imap_certificate_checks");
-        let certificate_checks =
+        let imap_certificate_checks =
            if let Some(certificate_checks) = sql.get_raw_config_int(key).await? {
                num_traits::FromPrimitive::from_i32(certificate_checks).unwrap()
            } else {
@@ -186,6 +157,14 @@ impl LoginParam {
            .and_then(num_traits::FromPrimitive::from_i32)
            .unwrap_or_default();

+        let key = &format!("{prefix}smtp_certificate_checks");
+        let smtp_certificate_checks =
+            if let Some(certificate_checks) = sql.get_raw_config_int(key).await? {
+                num_traits::FromPrimitive::from_i32(certificate_checks).unwrap_or_default()
+            } else {
+                Default::default()
+            };
+
        let key = &format!("{prefix}server_flags");
        let server_flags = sql.get_raw_config_int(key).await?.unwrap_or_default();
        let oauth2 = matches!(server_flags & DC_LP_AUTH_FLAGS, DC_LP_AUTH_OAUTH2);
@@ -207,6 +186,7 @@ impl LoginParam {
                port: mail_port as u16,
                security: mail_security,
                oauth2,
+                certificate_checks: imap_certificate_checks,
            },
            smtp: ServerLoginParam {
                server: send_server,
@@ -215,8 +195,8 @@ impl LoginParam {
                port: send_port as u16,
                security: send_security,
                oauth2,
+                certificate_checks: smtp_certificate_checks,
            },
-            certificate_checks,
            provider,
            socks5_config,
        })
@@ -247,7 +227,7 @@ impl LoginParam {
            .await?;

        let key = &format!("{prefix}imap_certificate_checks");
-        sql.set_raw_config_int(key, self.certificate_checks as i32)
+        sql.set_raw_config_int(key, self.imap.certificate_checks as i32)
            .await?;

        let key = &format!("{prefix}send_server");
@@ -267,9 +247,8 @@ impl LoginParam {
        sql.set_raw_config_int(key, self.smtp.security as i32)
            .await?;

-        // This is only saved for compatibility reasons, but never loaded.
        let key = &format!("{prefix}smtp_certificate_checks");
-        sql.set_raw_config_int(key, self.certificate_checks as i32)
+        sql.set_raw_config_int(key, self.smtp.certificate_checks as i32)
            .await?;

        // The OAuth2 flag is either set for both IMAP and SMTP or not at all.
@@ -280,23 +259,13 @@ impl LoginParam {
        };
        sql.set_raw_config_int(key, server_flags).await?;

-        let key = &format!("{prefix}provider");
-        sql.set_raw_config(key, self.provider.map(|provider| provider.id))
-            .await?;
+        if let Some(provider) = self.provider {
+            let key = &format!("{prefix}provider");
+            sql.set_raw_config(key, Some(provider.id)).await?;
+        }

        Ok(())
    }
-
-    pub fn strict_tls(&self) -> bool {
-        let user_strict_tls = match self.certificate_checks {
-            CertificateChecks::Automatic => None,
-            CertificateChecks::Strict => Some(true),
-            CertificateChecks::AcceptInvalidCertificates
-            | CertificateChecks::AcceptInvalidCertificates2 => Some(false),
-        };
-        let provider_strict_tls = self.provider.map(|provider| provider.opt.strict_tls);
-        user_strict_tls.or(provider_strict_tls).unwrap_or(true)
-    }
 }

 impl fmt::Display for LoginParam {
@@ -306,7 +275,7 @@ impl fmt::Display for LoginParam {

        write!(
            f,
-            "{} imap:{}:{}:{}:{}:{}:{} smtp:{}:{}:{}:{}:{}:{} cert_{}",
+            "{} imap:{}:{}:{}:{}:{}:cert_{}:{} smtp:{}:{}:{}:{}:{}:cert_{}:{}",
            unset_empty(&self.addr),
            unset_empty(&self.imap.user),
            if !self.imap.password.is_empty() {
@@ -317,6 +286,7 @@ impl fmt::Display for LoginParam {
            unset_empty(&self.imap.server),
            self.imap.port,
            self.imap.security,
+            self.imap.certificate_checks,
            if self.imap.oauth2 {
                "OAUTH2"
            } else {
@@ -331,12 +301,12 @@ impl fmt::Display for LoginParam {
            unset_empty(&self.smtp.server),
            self.smtp.port,
            self.smtp.security,
+            self.smtp.certificate_checks,
            if self.smtp.oauth2 {
                "OAUTH2"
            } else {
                "AUTH_NORMAL"
            },
-            self.certificate_checks
        )
    }
 }
@@ -377,6 +347,7 @@ mod tests {
                port: 123,
                security: Socket::Starttls,
                oauth2: false,
+                certificate_checks: CertificateChecks::Strict,
            },
            smtp: ServerLoginParam {
                server: "smtp.example.com".to_string(),
@@ -385,24 +356,16 @@ mod tests {
                port: 456,
                security: Socket::Ssl,
                oauth2: false,
+                certificate_checks: CertificateChecks::AcceptInvalidCertificates,
            },
            provider: get_provider_by_id("example.com"),
            // socks5_config is not saved by `save_to_database`, using default value
            socks5_config: None,
-            certificate_checks: CertificateChecks::Strict,
        };

        param.save_as_configured_params(&t).await?;
        let loaded = LoginParam::load_configured_params(&t).await?;
-        assert_eq!(param, loaded);

-        // Remove provider.
-        let param = LoginParam {
-            provider: None,
-            ..param
-        };
-        param.save_as_configured_params(&t).await?;
-        let loaded = LoginParam::load_configured_params(&t).await?;
        assert_eq!(param, loaded);
        Ok(())
    }
--- a/src/message.rs
+++ b/src/message.rs
@@ -81,20 +81,7 @@ impl MsgId {
    pub async fn get_state(self, context: &Context) -> Result<MessageState> {
        let result = context
            .sql
-            .query_row_optional(
-                concat!(
-                    "SELECT m.state, mdns.msg_id",
-                    " FROM msgs m LEFT JOIN msgs_mdns mdns ON mdns.msg_id=m.id",
-                    " WHERE id=?",
-                    " LIMIT 1",
-                ),
-                (self,),
-                |row| {
-                    let state: MessageState = row.get(0)?;
-                    let mdn_msg_id: Option<MsgId> = row.get(1)?;
-                    Ok(state.with_mdns(mdn_msg_id.is_some()))
-                },
-            )
+            .query_get_value("SELECT state FROM msgs WHERE id=?", (self,))
            .await?
            .unwrap_or_default();
        Ok(result)
@@ -532,7 +519,6 @@ impl Message {
                    "    m.ephemeral_timestamp AS ephemeral_timestamp,",
                    "    m.type AS type,",
                    "    m.state AS state,",
-                    "    mdns.msg_id AS mdn_msg_id,",
                    "    m.download_state AS download_state,",
                    "    m.error AS error,",
                    "    m.msgrmsg AS msgrmsg,",
@@ -543,16 +529,11 @@ impl Message {
                    "    m.hidden AS hidden,",
                    "    m.location_id AS location,",
                    "    c.blocked AS blocked",
-                    " FROM msgs m",
-                    " LEFT JOIN chats c ON c.id=m.chat_id",
-                    " LEFT JOIN msgs_mdns mdns ON mdns.msg_id=m.id",
-                    " WHERE m.id=? AND chat_id!=3",
-                    " LIMIT 1",
+                    " FROM msgs m LEFT JOIN chats c ON c.id=m.chat_id",
+                    " WHERE m.id=? AND chat_id!=3;"
                ),
                (id,),
                |row| {
-                    let state: MessageState = row.get("state")?;
-                    let mdn_msg_id: Option<MsgId> = row.get("mdn_msg_id")?;
                    let text = match row.get_ref("txt")? {
                        rusqlite::types::ValueRef::Text(buf) => {
                            match String::from_utf8(buf.to_vec()) {
@@ -587,7 +568,7 @@ impl Message {
                        ephemeral_timer: row.get("ephemeral_timer")?,
                        ephemeral_timestamp: row.get("ephemeral_timestamp")?,
                        viewtype: row.get("type")?,
-                        state: state.with_mdns(mdn_msg_id.is_some()),
+                        state: row.get("state")?,
                        download_state: row.get("download_state")?,
                        error: Some(row.get::<_, String>("error")?)
                            .filter(|error| !error.is_empty()),
@@ -1372,7 +1353,7 @@ pub enum MessageState {
    OutDelivered = 26,

    /// Outgoing message read by the recipient (two checkmarks; this
-    /// requires goodwill on the receiver's side). Not used in the db for new messages.
+    /// requires goodwill on the receiver's side)
    OutMdnRcvd = 28,
 }

@@ -1415,14 +1396,6 @@ impl MessageState {
            OutPreparing | OutDraft | OutPending | OutFailed | OutDelivered | OutMdnRcvd
        )
    }
-
-    /// Returns adjusted message state if the message has MDNs.
-    pub(crate) fn with_mdns(self, has_mdns: bool) -> Self {
-        if self == MessageState::OutDelivered && has_mdns {
-            return MessageState::OutMdnRcvd;
-        }
-        self
-    }
 }

 /// Returns contacts that sent read receipts and the time of reading.
@@ -1769,17 +1742,19 @@ pub async fn markseen_msgs(context: &Context, msg_ids: Vec<MsgId>) -> Result<()>
            if curr_blocked == Blocked::Not
                && curr_param.get_bool(Param::WantsMdn).unwrap_or_default()
                && curr_param.get_cmd() == SystemMessage::Unknown
-                && context.should_send_mdns().await?
            {
-                context
-                    .sql
-                    .execute(
-                        "INSERT INTO smtp_mdns (msg_id, from_id, rfc724_mid) VALUES(?, ?, ?)",
-                        (id, curr_from_id, curr_rfc724_mid),
-                    )
-                    .await
-                    .context("failed to insert into smtp_mdns")?;
-                context.scheduler.interrupt_smtp().await;
+                let mdns_enabled = context.get_config_bool(Config::MdnsEnabled).await?;
+                if mdns_enabled {
+                    context
+                        .sql
+                        .execute(
+                            "INSERT INTO smtp_mdns (msg_id, from_id, rfc724_mid) VALUES(?, ?, ?)",
+                            (id, curr_from_id, curr_rfc724_mid),
+                        )
+                        .await
+                        .context("failed to insert into smtp_mdns")?;
+                    context.scheduler.interrupt_smtp().await;
+                }
            }
            updated_chat_ids.insert(curr_chat_id);
        }
@@ -1803,10 +1778,6 @@ pub(crate) async fn update_msg_state(
    msg_id: MsgId,
    state: MessageState,
 ) -> Result<()> {
-    ensure!(
-        state != MessageState::OutMdnRcvd,
-        "Update msgs_mdns table instead!"
-    );
    ensure!(state != MessageState::OutFailed, "use set_msg_failed()!");
    let error_subst = match state >= MessageState::OutPending {
        true => ", error=''",
@@ -2594,6 +2565,9 @@ mod tests {
        let payload = alice.pop_sent_msg().await;
        assert_state(&alice, alice_msg.id, MessageState::OutDelivered).await;

+        update_msg_state(&alice, alice_msg.id, MessageState::OutMdnRcvd).await?;
+        assert_state(&alice, alice_msg.id, MessageState::OutMdnRcvd).await;
+
        set_msg_failed(&alice, &mut alice_msg, "badly failed").await?;
        assert_state(&alice, alice_msg.id, MessageState::OutFailed).await;

--- a/src/mimefactory.rs
+++ b/src/mimefactory.rs
@@ -186,7 +186,7 @@ impl MimeFactory {

            if !msg.is_system_message()
                && msg.param.get_int(Param::Reaction).unwrap_or_default() == 0
-                && context.should_request_mdns().await?
+                && context.get_config_bool(Config::MdnsEnabled).await?
            {
                req_mdn = true;
            }
--- a/src/mimeparser.rs
+++ b/src/mimeparser.rs
@@ -28,7 +28,10 @@ use crate::dehtml::dehtml;
 use crate::events::EventType;
 use crate::headerdef::{HeaderDef, HeaderDefMap};
 use crate::key::{self, load_self_secret_keyring, DcKey, Fingerprint, SignedPublicKey};
-use crate::message::{self, get_vcard_summary, set_msg_failed, Message, MsgId, Viewtype};
+use crate::message::{
+    self, get_vcard_summary, set_msg_failed, update_msg_state, Message, MessageState, MsgId,
+    Viewtype,
+};
 use crate::param::{Param, Params};
 use crate::peerstate::Peerstate;
 use crate::simplify::{simplify, SimplifiedText};
@@ -2154,32 +2157,24 @@ async fn handle_mdn(
        return Ok(());
    }

-    let Some((msg_id, chat_id, has_mdns, is_dup)) = context
+    let Some((msg_id, chat_id, msg_state)) = context
        .sql
        .query_row_optional(
            concat!(
                "SELECT",
                "    m.id AS msg_id,",
                "    c.id AS chat_id,",
-                "    mdns.contact_id AS mdn_contact",
-                " FROM msgs m ",
-                " LEFT JOIN chats c ON m.chat_id=c.id",
-                " LEFT JOIN msgs_mdns mdns ON mdns.msg_id=m.id",
+                "    m.state AS state",
+                " FROM msgs m LEFT JOIN chats c ON m.chat_id=c.id",
                " WHERE rfc724_mid=? AND from_id=1",
-                " ORDER BY msg_id DESC, mdn_contact=? DESC",
-                " LIMIT 1",
+                " ORDER BY m.id"
            ),
-            (&rfc724_mid, from_id),
+            (&rfc724_mid,),
            |row| {
                let msg_id: MsgId = row.get("msg_id")?;
                let chat_id: ChatId = row.get("chat_id")?;
-                let mdn_contact: Option<ContactId> = row.get("mdn_contact")?;
-                Ok((
-                    msg_id,
-                    chat_id,
-                    mdn_contact.is_some(),
-                    mdn_contact == Some(from_id),
-                ))
+                let msg_state: MessageState = row.get("state")?;
+                Ok((msg_id, chat_id, msg_state))
            },
        )
        .await?
@@ -2191,17 +2186,28 @@ async fn handle_mdn(
        return Ok(());
    };

-    if is_dup {
-        return Ok(());
-    }
-    context
+    if !context
        .sql
-        .execute(
-            "INSERT INTO msgs_mdns (msg_id, contact_id, timestamp_sent) VALUES (?, ?, ?)",
-            (msg_id, from_id, timestamp_sent),
+        .exists(
+            "SELECT COUNT(*) FROM msgs_mdns WHERE msg_id=? AND contact_id=?",
+            (msg_id, from_id),
        )
-        .await?;
-    if !has_mdns {
+        .await?
+    {
+        context
+            .sql
+            .execute(
+                "INSERT INTO msgs_mdns (msg_id, contact_id, timestamp_sent) VALUES (?, ?, ?)",
+                (msg_id, from_id, timestamp_sent),
+            )
+            .await?;
+    }
+
+    if msg_state == MessageState::OutPreparing
+        || msg_state == MessageState::OutPending
+        || msg_state == MessageState::OutDelivered
+    {
+        update_msg_state(context, msg_id, MessageState::OutMdnRcvd).await?;
        context.emit_event(EventType::MsgRead { chat_id, msg_id });
        // note(treefit): only matters if it is the last message in chat (but probably too expensive to check, debounce also solves it)
        chatlist_events::emit_chatlist_item_changed(context, chat_id);
@@ -2309,7 +2315,7 @@ mod tests {
        chat,
        chatlist::Chatlist,
        constants::{Blocked, DC_DESIRED_TEXT_LEN, DC_ELLIPSIS},
-        message::{MessageState, MessengerMessage},
+        message::MessengerMessage,
        receive_imf::receive_imf,
        test_utils::{TestContext, TestContextManager},
        tools::time,
--- a/src/net.rs
+++ b/src/net.rs
@@ -5,12 +5,13 @@ use std::time::Duration;

 use anyhow::{format_err, Context as _, Result};
 use async_native_tls::TlsStream;
+use tokio::io::BufStream;
+use tokio::io::BufWriter;
 use tokio::net::TcpStream;
 use tokio::time::timeout;
 use tokio_io_timeout::TimeoutStream;

 use crate::context::Context;
-use crate::tools::time;

 pub(crate) mod dns;
 pub(crate) mod http;
@@ -26,73 +27,12 @@ use tls::wrap_tls;
 /// This constant should be more than the largest expected RTT.
 pub(crate) const TIMEOUT: Duration = Duration::from_secs(60);

-/// TTL for caches in seconds.
-pub(crate) const CACHE_TTL: u64 = 30 * 24 * 60 * 60;
-
-/// Removes connection history entries after `CACHE_TTL`.
-pub(crate) async fn prune_connection_history(context: &Context) -> Result<()> {
-    let now = time();
-    context
-        .sql
-        .execute(
-            "DELETE FROM connection_history
-             WHERE ? > timestamp + ?",
-            (now, CACHE_TTL),
-        )
-        .await?;
-    Ok(())
-}
-
-pub(crate) async fn update_connection_history(
-    context: &Context,
-    alpn: &str,
-    host: &str,
-    port: u16,
-    addr: &str,
-    now: i64,
-) -> Result<()> {
-    context
-        .sql
-        .execute(
-            "INSERT INTO connection_history (host, port, alpn, addr, timestamp)
-             VALUES (?, ?, ?, ?, ?)
-             ON CONFLICT (host, port, alpn, addr)
-             DO UPDATE SET timestamp=excluded.timestamp",
-            (host, port, alpn, addr, now),
-        )
-        .await?;
-    Ok(())
-}
-
-pub(crate) async fn load_connection_timestamp(
-    context: &Context,
-    alpn: &str,
-    host: &str,
-    port: u16,
-    addr: &str,
-) -> Result<Option<i64>> {
-    let timestamp = context
-        .sql
-        .query_get_value(
-            "SELECT timestamp FROM connection_history
-             WHERE host = ?
-               AND port = ?
-               AND alpn = ?
-               AND addr = ?",
-            (host, port, alpn, addr),
-        )
-        .await?;
-    Ok(timestamp)
-}
-
 /// Returns a TCP connection stream with read/write timeouts set
 /// and Nagle's algorithm disabled with `TCP_NODELAY`.
 ///
 /// `TCP_NODELAY` ensures writing to the stream always results in immediate sending of the packet
 /// to the network, which is important to reduce the latency of interactive protocols such as IMAP.
-pub(crate) async fn connect_tcp_inner(
-    addr: SocketAddr,
-) -> Result<Pin<Box<TimeoutStream<TcpStream>>>> {
+async fn connect_tcp_inner(addr: SocketAddr) -> Result<Pin<Box<TimeoutStream<TcpStream>>>> {
    let tcp_stream = timeout(TIMEOUT, TcpStream::connect(addr))
        .await
        .context("connection timeout")?
@@ -110,7 +50,7 @@ pub(crate) async fn connect_tcp_inner(

 /// Attempts to establish TLS connection
 /// given the result of the hostname to address resolution.
-pub(crate) async fn connect_tls_inner(
+async fn connect_tls_inner(
    addr: SocketAddr,
    host: &str,
    strict_tls: bool,
@@ -135,7 +75,7 @@ pub(crate) async fn connect_tcp(
 ) -> Result<Pin<Box<TimeoutStream<TcpStream>>>> {
    let mut first_error = None;

-    for resolved_addr in lookup_host_with_cache(context, host, port, "", load_cache).await? {
+    for resolved_addr in lookup_host_with_cache(context, host, port, load_cache).await? {
        match connect_tcp_inner(resolved_addr).await {
            Ok(stream) => {
                return Ok(stream);
@@ -152,3 +92,130 @@ pub(crate) async fn connect_tcp(

    Err(first_error.unwrap_or_else(|| format_err!("no DNS resolution results for {host}")))
 }
+
+pub(crate) async fn connect_tls(
+    context: &Context,
+    host: &str,
+    port: u16,
+    strict_tls: bool,
+    alpn: &str,
+) -> Result<TlsStream<Pin<Box<TimeoutStream<TcpStream>>>>> {
+    let mut first_error = None;
+
+    for resolved_addr in lookup_host_with_cache(context, host, port, strict_tls).await? {
+        match connect_tls_inner(resolved_addr, host, strict_tls, alpn).await {
+            Ok(tls_stream) => {
+                if strict_tls {
+                    dns::update_connect_timestamp(context, host, &resolved_addr.ip().to_string())
+                        .await?;
+                }
+                return Ok(tls_stream);
+            }
+            Err(err) => {
+                warn!(context, "Failed to connect to {resolved_addr}: {err:#}.");
+                first_error.get_or_insert(err);
+            }
+        }
+    }
+
+    Err(first_error.unwrap_or_else(|| format_err!("no DNS resolution results for {host}")))
+}
+
+async fn connect_starttls_imap_inner(
+    addr: SocketAddr,
+    host: &str,
+    strict_tls: bool,
+) -> Result<TlsStream<Pin<Box<TimeoutStream<TcpStream>>>>> {
+    let tcp_stream = connect_tcp_inner(addr).await?;
+
+    // Run STARTTLS command and convert the client back into a stream.
+    let buffered_tcp_stream = BufWriter::new(tcp_stream);
+    let mut client = async_imap::Client::new(buffered_tcp_stream);
+    let _greeting = client
+        .read_response()
+        .await
+        .context("failed to read greeting")??;
+    client
+        .run_command_and_check_ok("STARTTLS", None)
+        .await
+        .context("STARTTLS command failed")?;
+    let buffered_tcp_stream = client.into_inner();
+    let tcp_stream = buffered_tcp_stream.into_inner();
+
+    let tls_stream = wrap_tls(strict_tls, host, "imap", tcp_stream)
+        .await
+        .context("STARTTLS upgrade failed")?;
+
+    Ok(tls_stream)
+}
+
+pub(crate) async fn connect_starttls_imap(
+    context: &Context,
+    host: &str,
+    port: u16,
+    strict_tls: bool,
+) -> Result<TlsStream<Pin<Box<TimeoutStream<TcpStream>>>>> {
+    let mut first_error = None;
+
+    for resolved_addr in lookup_host_with_cache(context, host, port, strict_tls).await? {
+        match connect_starttls_imap_inner(resolved_addr, host, strict_tls).await {
+            Ok(tls_stream) => {
+                if strict_tls {
+                    dns::update_connect_timestamp(context, host, &resolved_addr.ip().to_string())
+                        .await?;
+                }
+                return Ok(tls_stream);
+            }
+            Err(err) => {
+                warn!(context, "Failed to connect to {resolved_addr}: {err:#}.");
+                first_error.get_or_insert(err);
+            }
+        }
+    }
+
+    Err(first_error.unwrap_or_else(|| format_err!("no DNS resolution results for {host}")))
+}
+
+async fn connect_starttls_smtp_inner(
+    addr: SocketAddr,
+    host: &str,
+    strict_tls: bool,
+) -> Result<TlsStream<Pin<Box<TimeoutStream<TcpStream>>>>> {
+    let tcp_stream = connect_tcp_inner(addr).await?;
+
+    // Run STARTTLS command and convert the client back into a stream.
+    let client = async_smtp::SmtpClient::new().smtp_utf8(true);
+    let transport = async_smtp::SmtpTransport::new(client, BufStream::new(tcp_stream)).await?;
+    let tcp_stream = transport.starttls().await?.into_inner();
+    let tls_stream = wrap_tls(strict_tls, host, "smtp", tcp_stream)
+        .await
+        .context("STARTTLS upgrade failed")?;
+    Ok(tls_stream)
+}
+
+pub(crate) async fn connect_starttls_smtp(
+    context: &Context,
+    host: &str,
+    port: u16,
+    strict_tls: bool,
+) -> Result<TlsStream<Pin<Box<TimeoutStream<TcpStream>>>>> {
+    let mut first_error = None;
+
+    for resolved_addr in lookup_host_with_cache(context, host, port, strict_tls).await? {
+        match connect_starttls_smtp_inner(resolved_addr, host, strict_tls).await {
+            Ok(tls_stream) => {
+                if strict_tls {
+                    dns::update_connect_timestamp(context, host, &resolved_addr.ip().to_string())
+                        .await?;
+                }
+                return Ok(tls_stream);
+            }
+            Err(err) => {
+                warn!(context, "Failed to connect to {resolved_addr}: {err:#}.");
+                first_error.get_or_insert(err);
+            }
+        }
+    }
+
+    Err(first_error.unwrap_or_else(|| format_err!("no DNS resolution results for {host}")))
+}
--- a/src/net/dns.rs
+++ b/src/net/dns.rs
@@ -6,68 +6,15 @@ use std::str::FromStr;
 use tokio::net::lookup_host;
 use tokio::time::timeout;

-use super::load_connection_timestamp;
 use crate::context::Context;
 use crate::tools::time;

-/// Inserts entry into DNS cache
-/// or updates existing one with a new timestamp.
-async fn update_cache(context: &Context, host: &str, addr: &str, now: i64) -> Result<()> {
-    context
-        .sql
-        .execute(
-            "INSERT INTO dns_cache
-             (hostname, address, timestamp)
-             VALUES (?, ?, ?)
-             ON CONFLICT (hostname, address)
-             DO UPDATE SET timestamp=excluded.timestamp",
-            (host, addr, now),
-        )
-        .await?;
-    Ok(())
-}
-
-pub(crate) async fn prune_dns_cache(context: &Context) -> Result<()> {
-    let now = time();
-    context
-        .sql
-        .execute(
-            "DELETE FROM dns_cache
-             WHERE ? > timestamp + ?",
-            (now, super::CACHE_TTL),
-        )
-        .await?;
-    Ok(())
-}
-
-/// Looks up the hostname and updates DNS cache
-/// on success.
-async fn lookup_host_and_update_cache(
-    context: &Context,
-    hostname: &str,
-    port: u16,
-    now: i64,
-) -> Result<Vec<SocketAddr>> {
-    let res: Vec<SocketAddr> = timeout(super::TIMEOUT, lookup_host((hostname, port)))
+async fn lookup_host_with_timeout(hostname: &str, port: u16) -> Result<Vec<SocketAddr>> {
+    let res = timeout(super::TIMEOUT, lookup_host((hostname, port)))
        .await
        .context("DNS lookup timeout")?
-        .context("DNS lookup failure")?
-        .collect();
-
-    for addr in &res {
-        let ip_string = addr.ip().to_string();
-        if ip_string == hostname {
-            // IP address resolved into itself, not interesting to cache.
-            continue;
-        }
-
-        info!(context, "Resolved {hostname}:{port} into {addr}.");
-
-        // Update the cache.
-        update_cache(context, hostname, &ip_string, now).await?;
-    }
-
-    Ok(res)
+        .context("DNS lookup failure")?;
+    Ok(res.collect())
 }

 // Updates timestamp of the cached entry
@@ -106,161 +53,18 @@ pub(crate) async fn update_connect_timestamp(
    Ok(())
 }

-/// Load hardcoded cache if everything else fails.
-///
-/// See <https://support.delta.chat/t/no-dns-resolution-result/2778> and
-/// <https://github.com/deltachat/deltachat-core-rust/issues/4920> for reasons.
-///
-/// In the future we may pre-resolve all provider database addresses
-/// and build them in.
-fn load_hardcoded_cache(hostname: &str, port: u16) -> Vec<SocketAddr> {
-    match hostname {
-        "mail.sangham.net" => {
-            vec![
-                SocketAddr::new(
-                    IpAddr::V6(Ipv6Addr::new(0x2a01, 0x4f8, 0xc17, 0x798c, 0, 0, 0, 1)),
-                    port,
-                ),
-                SocketAddr::new(IpAddr::V4(Ipv4Addr::new(159, 69, 186, 85)), port),
-            ]
-        }
-        "nine.testrun.org" => {
-            vec![
-                SocketAddr::new(
-                    IpAddr::V6(Ipv6Addr::new(0x2a01, 0x4f8, 0x241, 0x4ce8, 0, 0, 0, 2)),
-                    port,
-                ),
-                SocketAddr::new(IpAddr::V4(Ipv4Addr::new(116, 202, 233, 236)), port),
-            ]
-        }
-        "disroot.org" => {
-            vec![SocketAddr::new(
-                IpAddr::V4(Ipv4Addr::new(178, 21, 23, 139)),
-                port,
-            )]
-        }
-        "mail.riseup.net" => {
-            vec![
-                SocketAddr::new(IpAddr::V4(Ipv4Addr::new(198, 252, 153, 70)), port),
-                SocketAddr::new(IpAddr::V4(Ipv4Addr::new(198, 252, 153, 71)), port),
-            ]
-        }
-        "imap.gmail.com" => {
-            vec![
-                SocketAddr::new(
-                    IpAddr::V6(Ipv6Addr::new(0x2a00, 0x1450, 0x400c, 0xc1f, 0, 0, 0, 0x6c)),
-                    port,
-                ),
-                SocketAddr::new(
-                    IpAddr::V6(Ipv6Addr::new(0x2a00, 0x1450, 0x400c, 0xc1f, 0, 0, 0, 0x6d)),
-                    port,
-                ),
-                SocketAddr::new(IpAddr::V4(Ipv4Addr::new(142, 250, 110, 109)), port),
-                SocketAddr::new(IpAddr::V4(Ipv4Addr::new(142, 250, 110, 108)), port),
-            ]
-        }
-        "smtp.gmail.com" => {
-            vec![
-                SocketAddr::new(
-                    IpAddr::V6(Ipv6Addr::new(0x2a00, 0x1450, 0x4013, 0xc04, 0, 0, 0, 0x6c)),
-                    port,
-                ),
-                SocketAddr::new(IpAddr::V4(Ipv4Addr::new(142, 250, 110, 109)), port),
-            ]
-        }
-        _ => Vec::new(),
-    }
-}
-
-async fn lookup_cache(
-    context: &Context,
-    host: &str,
-    port: u16,
-    alpn: &str,
-    now: i64,
-) -> Result<Vec<SocketAddr>> {
-    let mut res = Vec::new();
-    for cached_address in context
-        .sql
-        .query_map(
-            "SELECT dns_cache.address
-             FROM dns_cache
-             LEFT JOIN connection_history
-               ON dns_cache.hostname = connection_history.host
-               AND dns_cache.address = connection_history.addr
-               AND connection_history.port = ?
-               AND connection_history.alpn = ?
-             WHERE dns_cache.hostname = ?
-             AND ? < dns_cache.timestamp + ?
-             ORDER BY IFNULL(connection_history.timestamp, dns_cache.timestamp) DESC
-             LIMIT 50",
-            (port, alpn, host, now, super::CACHE_TTL),
-            |row| {
-                let address: String = row.get(0)?;
-                Ok(address)
-            },
-            |rows| {
-                rows.collect::<std::result::Result<Vec<String>, _>>()
-                    .map_err(Into::into)
-            },
-        )
-        .await?
-    {
-        match IpAddr::from_str(&cached_address) {
-            Ok(ip_addr) => {
-                let addr = SocketAddr::new(ip_addr, port);
-                res.push(addr);
-            }
-            Err(err) => {
-                warn!(
-                    context,
-                    "Failed to parse cached address {:?}: {:#}.", cached_address, err
-                );
-            }
-        }
-    }
-    Ok(res)
-}
-
-/// Sorts DNS resolution results by connection timestamp in descending order
-/// so IP addresses that we recently connected to successfully are tried first.
-async fn sort_by_connection_timestamp(
-    context: &Context,
-    input: Vec<SocketAddr>,
-    alpn: &str,
-    host: &str,
-) -> Result<Vec<SocketAddr>> {
-    let mut res: Vec<(Option<i64>, SocketAddr)> = Vec::new();
-    for addr in input {
-        let timestamp =
-            load_connection_timestamp(context, alpn, host, addr.port(), &addr.ip().to_string())
-                .await?;
-        res.push((timestamp, addr));
-    }
-    res.sort_by_key(|(ts, _addr)| std::cmp::Reverse(*ts));
-    Ok(res.into_iter().map(|(_ts, addr)| addr).collect())
-}
-
 /// Looks up hostname and port using DNS and updates the address resolution cache.
 ///
-/// `alpn` is used to sort DNS results by the time we have successfully
-/// connected to the IP address using given `alpn`.
-/// If result sorting is not needed or `alpn` is unknown,
-/// pass empty string here, e.g. for HTTP requests
-/// or when resolving the IP address of SOCKS proxy.
-///
 /// If `load_cache` is true, appends cached results not older than 30 days to the end
 /// or entries from fallback cache if there are no cached addresses.
 pub(crate) async fn lookup_host_with_cache(
    context: &Context,
    hostname: &str,
    port: u16,
-    alpn: &str,
    load_cache: bool,
 ) -> Result<Vec<SocketAddr>> {
    let now = time();
-    let mut resolved_addrs = match lookup_host_and_update_cache(context, hostname, port, now).await
-    {
+    let mut resolved_addrs = match lookup_host_with_timeout(hostname, port).await {
        Ok(res) => res,
        Err(err) => {
            warn!(
@@ -270,257 +74,144 @@ pub(crate) async fn lookup_host_with_cache(
            Vec::new()
        }
    };
-    if !alpn.is_empty() {
-        resolved_addrs =
-            sort_by_connection_timestamp(context, resolved_addrs, alpn, hostname).await?;
+
+    for addr in &resolved_addrs {
+        let ip_string = addr.ip().to_string();
+        if ip_string == hostname {
+            // IP address resolved into itself, not interesting to cache.
+            continue;
+        }
+
+        info!(context, "Resolved {}:{} into {}.", hostname, port, &addr);
+
+        // Update the cache.
+        context
+            .sql
+            .execute(
+                "INSERT INTO dns_cache
+                 (hostname, address, timestamp)
+                 VALUES (?, ?, ?)
+                 ON CONFLICT (hostname, address)
+                 DO UPDATE SET timestamp=excluded.timestamp",
+                (hostname, ip_string, now),
+            )
+            .await?;
    }

    if load_cache {
-        for addr in lookup_cache(context, hostname, port, alpn, now).await? {
-            if !resolved_addrs.contains(&addr) {
-                resolved_addrs.push(addr);
+        for cached_address in context
+            .sql
+            .query_map(
+                "SELECT address
+                 FROM dns_cache
+                 WHERE hostname = ?
+                 AND ? < timestamp + 30 * 24 * 3600
+                 ORDER BY timestamp DESC",
+                (hostname, now),
+                |row| {
+                    let address: String = row.get(0)?;
+                    Ok(address)
+                },
+                |rows| {
+                    rows.collect::<std::result::Result<Vec<_>, _>>()
+                        .map_err(Into::into)
+                },
+            )
+            .await?
+        {
+            match IpAddr::from_str(&cached_address) {
+                Ok(ip_addr) => {
+                    let addr = SocketAddr::new(ip_addr, port);
+                    if !resolved_addrs.contains(&addr) {
+                        resolved_addrs.push(addr);
+                    }
+                }
+                Err(err) => {
+                    warn!(
+                        context,
+                        "Failed to parse cached address {:?}: {:#}.", cached_address, err
+                    );
+                }
            }
        }

        if resolved_addrs.is_empty() {
-            return Ok(load_hardcoded_cache(hostname, port));
+            // Load hardcoded cache if everything else fails.
+            //
+            // See <https://support.delta.chat/t/no-dns-resolution-result/2778> and
+            // <https://github.com/deltachat/deltachat-core-rust/issues/4920> for reasons.
+            //
+            // In the future we may pre-resolve all provider database addresses
+            // and build them in.
+            match hostname {
+                "mail.sangham.net" => {
+                    resolved_addrs.push(SocketAddr::new(
+                        IpAddr::V6(Ipv6Addr::new(0x2a01, 0x4f8, 0xc17, 0x798c, 0, 0, 0, 1)),
+                        port,
+                    ));
+                    resolved_addrs.push(SocketAddr::new(
+                        IpAddr::V4(Ipv4Addr::new(159, 69, 186, 85)),
+                        port,
+                    ));
+                }
+                "nine.testrun.org" => {
+                    resolved_addrs.push(SocketAddr::new(
+                        IpAddr::V6(Ipv6Addr::new(0x2a01, 0x4f8, 0x241, 0x4ce8, 0, 0, 0, 2)),
+                        port,
+                    ));
+                    resolved_addrs.push(SocketAddr::new(
+                        IpAddr::V4(Ipv4Addr::new(116, 202, 233, 236)),
+                        port,
+                    ));
+                }
+                "disroot.org" => {
+                    resolved_addrs.push(SocketAddr::new(
+                        IpAddr::V4(Ipv4Addr::new(178, 21, 23, 139)),
+                        port,
+                    ));
+                }
+                "mail.riseup.net" => {
+                    resolved_addrs.push(SocketAddr::new(
+                        IpAddr::V4(Ipv4Addr::new(198, 252, 153, 70)),
+                        port,
+                    ));
+                    resolved_addrs.push(SocketAddr::new(
+                        IpAddr::V4(Ipv4Addr::new(198, 252, 153, 71)),
+                        port,
+                    ));
+                }
+                "imap.gmail.com" => {
+                    resolved_addrs.push(SocketAddr::new(
+                        IpAddr::V6(Ipv6Addr::new(0x2a00, 0x1450, 0x400c, 0xc1f, 0, 0, 0, 0x6c)),
+                        port,
+                    ));
+                    resolved_addrs.push(SocketAddr::new(
+                        IpAddr::V6(Ipv6Addr::new(0x2a00, 0x1450, 0x400c, 0xc1f, 0, 0, 0, 0x6d)),
+                        port,
+                    ));
+                    resolved_addrs.push(SocketAddr::new(
+                        IpAddr::V4(Ipv4Addr::new(142, 250, 110, 109)),
+                        port,
+                    ));
+                    resolved_addrs.push(SocketAddr::new(
+                        IpAddr::V4(Ipv4Addr::new(142, 250, 110, 108)),
+                        port,
+                    ));
+                }
+                "smtp.gmail.com" => {
+                    resolved_addrs.push(SocketAddr::new(
+                        IpAddr::V6(Ipv6Addr::new(0x2a00, 0x1450, 0x4013, 0xc04, 0, 0, 0, 0x6c)),
+                        port,
+                    ));
+                    resolved_addrs.push(SocketAddr::new(
+                        IpAddr::V4(Ipv4Addr::new(142, 250, 110, 109)),
+                        port,
+                    ));
+                }
+                _ => {}
+            }
        }
    }

    Ok(resolved_addrs)
 }
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-
-    use crate::net::update_connection_history;
-    use crate::test_utils::TestContext;
-
-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_sort_by_connection_timestamp() {
-        let alice = &TestContext::new_alice().await;
-        let now = time();
-
-        let ipv6_addr = IpAddr::V6(Ipv6Addr::new(0x2a01, 0x4f8, 0x241, 0x4ce8, 0, 0, 0, 2));
-        let ipv4_addr = IpAddr::V4(Ipv4Addr::new(116, 202, 233, 236));
-
-        assert_eq!(
-            sort_by_connection_timestamp(
-                alice,
-                vec![
-                    SocketAddr::new(ipv6_addr, 993),
-                    SocketAddr::new(ipv4_addr, 993)
-                ],
-                "imap",
-                "nine.testrun.org"
-            )
-            .await
-            .unwrap(),
-            vec![
-                SocketAddr::new(ipv6_addr, 993),
-                SocketAddr::new(ipv4_addr, 993)
-            ]
-        );
-        update_connection_history(
-            alice,
-            "imap",
-            "nine.testrun.org",
-            993,
-            "116.202.233.236",
-            now,
-        )
-        .await
-        .unwrap();
-        assert_eq!(
-            sort_by_connection_timestamp(
-                alice,
-                vec![
-                    SocketAddr::new(ipv6_addr, 993),
-                    SocketAddr::new(ipv4_addr, 993)
-                ],
-                "imap",
-                "nine.testrun.org"
-            )
-            .await
-            .unwrap(),
-            vec![
-                SocketAddr::new(ipv4_addr, 993),
-                SocketAddr::new(ipv6_addr, 993),
-            ]
-        );
-
-        assert_eq!(
-            sort_by_connection_timestamp(
-                alice,
-                vec![
-                    SocketAddr::new(ipv6_addr, 465),
-                    SocketAddr::new(ipv4_addr, 465)
-                ],
-                "smtp",
-                "nine.testrun.org"
-            )
-            .await
-            .unwrap(),
-            vec![
-                SocketAddr::new(ipv6_addr, 465),
-                SocketAddr::new(ipv4_addr, 465),
-            ]
-        );
-        update_connection_history(
-            alice,
-            "smtp",
-            "nine.testrun.org",
-            465,
-            "116.202.233.236",
-            now,
-        )
-        .await
-        .unwrap();
-        assert_eq!(
-            sort_by_connection_timestamp(
-                alice,
-                vec![
-                    SocketAddr::new(ipv6_addr, 465),
-                    SocketAddr::new(ipv4_addr, 465)
-                ],
-                "smtp",
-                "nine.testrun.org"
-            )
-            .await
-            .unwrap(),
-            vec![
-                SocketAddr::new(ipv4_addr, 465),
-                SocketAddr::new(ipv6_addr, 465),
-            ]
-        );
-
-        update_connection_history(
-            alice,
-            "imap",
-            "nine.testrun.org",
-            993,
-            "2a01:4f8:241:4ce8::2",
-            now,
-        )
-        .await
-        .unwrap();
-        assert_eq!(
-            sort_by_connection_timestamp(
-                alice,
-                vec![
-                    SocketAddr::new(ipv6_addr, 993),
-                    SocketAddr::new(ipv4_addr, 993)
-                ],
-                "imap",
-                "nine.testrun.org"
-            )
-            .await
-            .unwrap(),
-            vec![
-                SocketAddr::new(ipv6_addr, 993),
-                SocketAddr::new(ipv4_addr, 993)
-            ]
-        );
-    }
-
-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_lookup_cache() {
-        let alice = &TestContext::new_alice().await;
-
-        let ipv4_addr = IpAddr::V4(Ipv4Addr::new(116, 202, 233, 236));
-        let ipv6_addr = IpAddr::V6(Ipv6Addr::new(0x2a01, 0x4f8, 0x241, 0x4ce8, 0, 0, 0, 2));
-
-        let now = time();
-        assert!(lookup_cache(alice, "nine.testrun.org", 587, "smtp", now)
-            .await
-            .unwrap()
-            .is_empty());
-
-        update_cache(alice, "nine.testrun.org", "116.202.233.236", now)
-            .await
-            .unwrap();
-
-        assert_eq!(
-            lookup_cache(alice, "nine.testrun.org", 587, "smtp", now)
-                .await
-                .unwrap(),
-            vec![SocketAddr::new(ipv4_addr, 587)]
-        );
-
-        // Cache should be returned for other ports and no ALPN as well,
-        // port and ALPN should only affect the order
-        assert_eq!(
-            lookup_cache(alice, "nine.testrun.org", 443, "", now)
-                .await
-                .unwrap(),
-            vec![SocketAddr::new(ipv4_addr, 443)]
-        );
-
-        update_cache(alice, "nine.testrun.org", "2a01:4f8:241:4ce8::2", now + 30)
-            .await
-            .unwrap();
-
-        // New DNS cache entry should go first.
-        assert_eq!(
-            lookup_cache(alice, "nine.testrun.org", 443, "", now + 60)
-                .await
-                .unwrap(),
-            vec![
-                SocketAddr::new(ipv6_addr, 443),
-                SocketAddr::new(ipv4_addr, 443)
-            ],
-        );
-
-        // After successful connection to SMTP over port 465 using IPv4 address,
-        // IPv4 address has higher priority.
-        update_connection_history(
-            alice,
-            "smtp",
-            "nine.testrun.org",
-            465,
-            "116.202.233.236",
-            now + 100,
-        )
-        .await
-        .unwrap();
-        assert_eq!(
-            lookup_cache(alice, "nine.testrun.org", 465, "smtp", now + 120)
-                .await
-                .unwrap(),
-            vec![
-                SocketAddr::new(ipv4_addr, 465),
-                SocketAddr::new(ipv6_addr, 465)
-            ]
-        );
-
-        // For other ports and ALPNs order remains the same.
-        assert_eq!(
-            lookup_cache(alice, "nine.testrun.org", 993, "imap", now + 120)
-                .await
-                .unwrap(),
-            vec![
-                SocketAddr::new(ipv6_addr, 993),
-                SocketAddr::new(ipv4_addr, 993)
-            ],
-        );
-        assert_eq!(
-            lookup_cache(alice, "nine.testrun.org", 465, "imap", now + 120)
-                .await
-                .unwrap(),
-            vec![
-                SocketAddr::new(ipv6_addr, 465),
-                SocketAddr::new(ipv4_addr, 465)
-            ],
-        );
-        assert_eq!(
-            lookup_cache(alice, "nine.testrun.org", 993, "smtp", now + 120)
-                .await
-                .unwrap(),
-            vec![
-                SocketAddr::new(ipv6_addr, 993),
-                SocketAddr::new(ipv4_addr, 993)
-            ],
-        );
-    }
-}
--- a/src/net/http.rs
+++ b/src/net/http.rs
@@ -119,7 +119,7 @@ impl reqwest::dns::Resolve for CustomResolver {
            let port = 443; // Actual port does not matter.

            let socket_addrs =
-                lookup_host_with_cache(&context, hostname.as_str(), port, "", load_cache).await;
+                lookup_host_with_cache(&context, hostname.as_str(), port, load_cache).await;
            match socket_addrs {
                Ok(socket_addrs) => {
                    let addrs: reqwest::dns::Addrs = Box::new(socket_addrs.into_iter());
--- a/src/peer_channels.rs
+++ b/src/peer_channels.rs
@@ -26,16 +26,15 @@
 use anyhow::{anyhow, Context as _, Result};
 use email::Header;
 use futures_lite::StreamExt;
-use iroh_gossip::net::{Event, Gossip, GossipEvent, JoinOptions, GOSSIP_ALPN};
-use iroh_gossip::proto::TopicId;
+use iroh_gossip::net::{Gossip, JoinTopicFut, GOSSIP_ALPN};
+use iroh_gossip::proto::{Event as IrohEvent, TopicId};
 use iroh_net::key::{PublicKey, SecretKey};
 use iroh_net::relay::{RelayMap, RelayUrl};
 use iroh_net::{relay::RelayMode, Endpoint};
 use iroh_net::{NodeAddr, NodeId};
-use parking_lot::Mutex;
 use std::collections::{BTreeSet, HashMap};
 use std::env;
-use tokio::sync::{oneshot, RwLock};
+use tokio::sync::RwLock;
 use tokio::task::JoinHandle;
 use url::Url;

@@ -60,9 +59,6 @@ pub struct Iroh {
    /// [Gossip] needed for iroh peer channels.
    pub(crate) gossip: Gossip,

-    /// Sequence numbers for gossip channels.
-    pub(crate) sequence_numbers: Mutex<HashMap<TopicId, i32>>,
-
    /// Topics for which an advertisement has already been sent.
    pub(crate) iroh_channels: RwLock<HashMap<TopicId, ChannelState>>,

@@ -87,7 +83,7 @@ impl Iroh {
        &self,
        ctx: &Context,
        msg_id: MsgId,
-    ) -> Result<Option<oneshot::Receiver<()>>> {
+    ) -> Result<Option<JoinTopicFut>> {
        let topic = get_iroh_topic_for_msg(ctx, msg_id)
            .await?
            .with_context(|| format!("Message {msg_id} has no gossip topic"))?;
@@ -98,9 +94,14 @@ impl Iroh {
        // Otherwise we would receive every message twice or more times.
        let mut iroh_channels = self.iroh_channels.write().await;

-        if iroh_channels.contains_key(&topic) {
-            return Ok(None);
-        }
+        let seq = if let Some(channel_state) = iroh_channels.get(&topic) {
+            if channel_state.subscribe_loop.is_some() {
+                return Ok(None);
+            }
+            channel_state.seq_number
+        } else {
+            0
+        };

        let peers = get_iroh_gossip_peers(ctx, msg_id).await?;
        let node_ids = peers.iter().map(|p| p.node_id).collect::<Vec<_>>();
@@ -117,35 +118,33 @@ impl Iroh {
            }
        }

-        let (join_tx, join_rx) = oneshot::channel();
-
-        let (gossip_sender, gossip_receiver) = self
-            .gossip
-            .join_with_opts(topic, JoinOptions::with_bootstrap(node_ids))
-            .split();
+        // Connect to all peers
+        let connect_future = self.gossip.join(topic, node_ids).await?;

        let ctx = ctx.clone();
+        let gossip = self.gossip.clone();
        let subscribe_loop = tokio::spawn(async move {
-            if let Err(e) = subscribe_loop(&ctx, gossip_receiver, topic, msg_id, join_tx).await {
+            if let Err(e) = subscribe_loop(&ctx, gossip, topic, msg_id).await {
                warn!(ctx, "subscribe_loop failed: {e}")
            }
        });

-        iroh_channels.insert(topic, ChannelState::new(subscribe_loop, gossip_sender));
+        iroh_channels.insert(topic, ChannelState::new(seq, subscribe_loop));

-        Ok(Some(join_rx))
+        Ok(Some(connect_future))
    }

    /// Add gossip peers to realtime channel if it is already active.
    pub async fn maybe_add_gossip_peers(&self, topic: TopicId, peers: Vec<NodeAddr>) -> Result<()> {
-        if self.iroh_channels.read().await.get(&topic).is_some() {
-            for peer in &peers {
-                self.endpoint.add_node_addr(peer.clone())?;
+        if let Some(state) = self.iroh_channels.read().await.get(&topic) {
+            if state.subscribe_loop.is_some() {
+                for peer in &peers {
+                    self.endpoint.add_node_addr(peer.clone())?;
+                }
+                self.gossip
+                    .join(topic, peers.into_iter().map(|peer| peer.node_id).collect())
+                    .await?;
            }
-
-            self.gossip
-                .join(topic, peers.into_iter().map(|peer| peer.node_id).collect())
-                .await?;
        }
        Ok(())
    }
@@ -162,16 +161,11 @@ impl Iroh {
            .with_context(|| format!("Message {msg_id} has no gossip topic"))?;
        self.join_and_subscribe_gossip(ctx, msg_id).await?;

-        let seq_num = self.get_and_incr(&topic);
-
-        let mut iroh_channels = self.iroh_channels.write().await;
-        let state = iroh_channels
-            .get_mut(&topic)
-            .context("Just created state does not exist")?;
+        let seq_num = self.get_and_incr(&topic).await;
        data.extend(seq_num.to_le_bytes());
        data.extend(self.public_key.as_bytes());

-        state.sender.broadcast(data.into()).await?;
+        self.gossip.broadcast(topic, data.into()).await?;

        if env::var("REALTIME_DEBUG").is_ok() {
            info!(ctx, "Sent realtime data");
@@ -180,11 +174,13 @@ impl Iroh {
        Ok(())
    }

-    fn get_and_incr(&self, topic: &TopicId) -> i32 {
-        let mut sequence_numbers = self.sequence_numbers.lock();
-        let entry = sequence_numbers.entry(*topic).or_default();
-        *entry = entry.wrapping_add(1);
-        *entry
+    async fn get_and_incr(&self, topic: &TopicId) -> i32 {
+        let mut seq = 0;
+        if let Some(state) = self.iroh_channels.write().await.get_mut(topic) {
+            seq = state.seq_number;
+            state.seq_number = state.seq_number.wrapping_add(1)
+        }
+        seq
    }

    /// Get the iroh [NodeAddr] without direct IP addresses.
@@ -196,17 +192,12 @@ impl Iroh {

    /// Leave the realtime channel for a given topic.
    pub(crate) async fn leave_realtime(&self, topic: TopicId) -> Result<()> {
-        if let Some(channel) = self.iroh_channels.write().await.remove(&topic) {
-            // Dropping the last GossipTopic results in quitting the topic.
-            // It is split into GossipReceiver and GossipSender.
-            // GossipSender (`channel.sender`) is dropped automatically.
-
-            // Subscribe loop owns GossipReceiver.
-            // Aborting it and waiting for it to be dropped
-            // drops the receiver.
-            channel.subscribe_loop.abort();
-            let _ = channel.subscribe_loop.await;
+        if let Some(channel) = &mut self.iroh_channels.write().await.get_mut(&topic) {
+            if let Some(subscribe_loop) = channel.subscribe_loop.take() {
+                subscribe_loop.abort();
+            }
        }
+        self.gossip.quit(topic).await?;
        Ok(())
    }
 }
@@ -214,17 +205,17 @@ impl Iroh {
 /// Single gossip channel state.
 #[derive(Debug)]
 pub(crate) struct ChannelState {
+    /// Sequence number for the gossip channel.
+    seq_number: i32,
    /// The subscribe loop handle.
-    subscribe_loop: JoinHandle<()>,
-
-    sender: iroh_gossip::net::GossipSender,
+    subscribe_loop: Option<JoinHandle<()>>,
 }

 impl ChannelState {
-    fn new(subscribe_loop: JoinHandle<()>, sender: iroh_gossip::net::GossipSender) -> Self {
+    fn new(seq_number: i32, subscribe_loop: JoinHandle<()>) -> Self {
        Self {
-            subscribe_loop,
-            sender,
+            seq_number,
+            subscribe_loop: Some(subscribe_loop),
        }
    }
 }
@@ -270,7 +261,6 @@ impl Context {
        Ok(Iroh {
            endpoint,
            gossip,
-            sequence_numbers: Mutex::new(HashMap::new()),
            iroh_channels: RwLock::new(HashMap::new()),
            public_key,
        })
@@ -380,7 +370,7 @@ pub(crate) async fn get_iroh_topic_for_msg(
 pub async fn send_webxdc_realtime_advertisement(
    ctx: &Context,
    msg_id: MsgId,
-) -> Result<Option<oneshot::Receiver<()>>> {
+) -> Result<Option<JoinTopicFut>> {
    if !ctx.get_config_bool(Config::WebxdcRealtimeEnabled).await? {
        return Ok(None);
    }
@@ -477,50 +467,32 @@ async fn handle_connection(

 async fn subscribe_loop(
    context: &Context,
-    mut stream: iroh_gossip::net::GossipReceiver,
+    gossip: Gossip,
    topic: TopicId,
    msg_id: MsgId,
-    join_tx: oneshot::Sender<()>,
 ) -> Result<()> {
-    let mut join_tx = Some(join_tx);
-
-    while let Some(event) = stream.try_next().await? {
+    let mut stream = gossip.subscribe(topic).await?;
+    loop {
+        let event = stream.recv().await?;
        match event {
-            Event::Gossip(event) => match event {
-                GossipEvent::Joined(nodes) => {
-                    if let Some(join_tx) = join_tx.take() {
-                        // Try to notify that at least one peer joined,
-                        // but ignore the error if receiver is dropped and nobody listens.
-                        join_tx.send(()).ok();
-                    }
-
-                    for node in nodes {
-                        iroh_add_peer_for_topic(context, msg_id, topic, node, None).await?;
-                    }
-                }
-                GossipEvent::NeighborUp(node) => {
-                    info!(context, "IROH_REALTIME: NeighborUp: {}", node.to_string());
-                    iroh_add_peer_for_topic(context, msg_id, topic, node, None).await?;
-                }
-                GossipEvent::NeighborDown(_node) => {}
-                GossipEvent::Received(message) => {
-                    info!(context, "IROH_REALTIME: Received realtime data");
-                    context.emit_event(EventType::WebxdcRealtimeData {
-                        msg_id,
-                        data: message
-                            .content
-                            .get(0..message.content.len() - 4 - PUBLIC_KEY_LENGTH)
-                            .context("too few bytes in iroh message")?
-                            .into(),
-                    });
-                }
-            },
-            Event::Lagged => {
-                warn!(context, "Gossip lost some messages");
+            IrohEvent::NeighborUp(node) => {
+                info!(context, "IROH_REALTIME: NeighborUp: {}", node.to_string());
+                iroh_add_peer_for_topic(context, msg_id, topic, node, None).await?;
            }
+            IrohEvent::Received(event) => {
+                info!(context, "IROH_REALTIME: Received realtime data");
+                context.emit_event(EventType::WebxdcRealtimeData {
+                    msg_id,
+                    data: event
+                        .content
+                        .get(0..event.content.len() - 4 - PUBLIC_KEY_LENGTH)
+                        .context("too few bytes in iroh message")?
+                        .into(),
+                });
+            }
+            _ => (),
        };
    }
-    Ok(())
 }

 #[cfg(test)]
@@ -568,10 +540,10 @@ mod tests {
        assert_eq!(alice_webxdc.get_viewtype(), Viewtype::Webxdc);

        let webxdc = alice.pop_sent_msg().await;
-        let bob_webxdc = bob.recv_msg(&webxdc).await;
-        assert_eq!(bob_webxdc.get_viewtype(), Viewtype::Webxdc);
+        let bob_webdxc = bob.recv_msg(&webxdc).await;
+        assert_eq!(bob_webdxc.get_viewtype(), Viewtype::Webxdc);

-        bob_webxdc.chat_id.accept(bob).await.unwrap();
+        bob_webdxc.chat_id.accept(bob).await.unwrap();

        // Alice advertises herself.
        send_webxdc_realtime_advertisement(alice, alice_webxdc.id)
@@ -582,7 +554,7 @@ mod tests {
        let bob_iroh = bob.get_or_try_init_peer_channel().await.unwrap();

        // Bob adds alice to gossip peers.
-        let members = get_iroh_gossip_peers(bob, bob_webxdc.id)
+        let members = get_iroh_gossip_peers(bob, bob_webdxc.id)
            .await
            .unwrap()
            .into_iter()
@@ -596,7 +568,7 @@ mod tests {
        );

        bob_iroh
-            .join_and_subscribe_gossip(bob, bob_webxdc.id)
+            .join_and_subscribe_gossip(bob, bob_webdxc.id)
            .await
            .unwrap()
            .unwrap()
@@ -624,7 +596,7 @@ mod tests {
        }
        // Bob sends ephemeral message
        bob_iroh
-            .send_webxdc_realtime_data(bob, bob_webxdc.id, "bob -> alice".as_bytes().to_vec())
+            .send_webxdc_realtime_data(bob, bob_webdxc.id, "bob -> alice".as_bytes().to_vec())
            .await
            .unwrap();

@@ -656,7 +628,7 @@ mod tests {
        );

        bob_iroh
-            .send_webxdc_realtime_data(bob, bob_webxdc.id, "bob -> alice 2".as_bytes().to_vec())
+            .send_webxdc_realtime_data(bob, bob_webdxc.id, "bob -> alice 2".as_bytes().to_vec())
            .await
            .unwrap();

@@ -714,10 +686,10 @@ mod tests {
        assert_eq!(alice_webxdc.get_viewtype(), Viewtype::Webxdc);

        let webxdc = alice.pop_sent_msg().await;
-        let bob_webxdc = bob.recv_msg(&webxdc).await;
-        assert_eq!(bob_webxdc.get_viewtype(), Viewtype::Webxdc);
+        let bob_webdxc = bob.recv_msg(&webxdc).await;
+        assert_eq!(bob_webdxc.get_viewtype(), Viewtype::Webxdc);

-        bob_webxdc.chat_id.accept(bob).await.unwrap();
+        bob_webdxc.chat_id.accept(bob).await.unwrap();

        // Alice advertises herself.
        send_webxdc_realtime_advertisement(alice, alice_webxdc.id)
@@ -728,7 +700,7 @@ mod tests {
        let bob_iroh = bob.get_or_try_init_peer_channel().await.unwrap();

        // Bob adds alice to gossip peers.
-        let members = get_iroh_gossip_peers(bob, bob_webxdc.id)
+        let members = get_iroh_gossip_peers(bob, bob_webdxc.id)
            .await
            .unwrap()
            .into_iter()
@@ -742,7 +714,7 @@ mod tests {
        );

        bob_iroh
-            .join_and_subscribe_gossip(bob, bob_webxdc.id)
+            .join_and_subscribe_gossip(bob, bob_webdxc.id)
            .await
            .unwrap()
            .unwrap()
@@ -769,32 +741,11 @@ mod tests {
            }
        }

-        let bob_topic = get_iroh_topic_for_msg(bob, bob_webxdc.id)
-            .await
-            .unwrap()
-            .unwrap();
-        let bob_sequence_number = bob
-            .iroh
-            .get()
-            .unwrap()
-            .sequence_numbers
-            .lock()
-            .get(&bob_topic)
-            .copied();
-        leave_webxdc_realtime(bob, bob_webxdc.id).await.unwrap();
-        let bob_sequence_number_after = bob
-            .iroh
-            .get()
-            .unwrap()
-            .sequence_numbers
-            .lock()
-            .get(&bob_topic)
-            .copied();
-        // Check that sequence number is persisted when leaving the channel.
-        assert_eq!(bob_sequence_number, bob_sequence_number_after);
+        // TODO: check that seq number is persisted
+        leave_webxdc_realtime(bob, bob_webdxc.id).await.unwrap();

        bob_iroh
-            .join_and_subscribe_gossip(bob, bob_webxdc.id)
+            .join_and_subscribe_gossip(bob, bob_webdxc.id)
            .await
            .unwrap()
            .unwrap()
@@ -802,7 +753,7 @@ mod tests {
            .unwrap();

        bob_iroh
-            .send_webxdc_realtime_data(bob, bob_webxdc.id, "bob -> alice".as_bytes().to_vec())
+            .send_webxdc_realtime_data(bob, bob_webdxc.id, "bob -> alice".as_bytes().to_vec())
            .await
            .unwrap();

@@ -832,7 +783,7 @@ mod tests {
            .await
            .unwrap()
            .unwrap();
-        assert!(alice
+        assert!(if let Some(state) = alice
            .iroh
            .get()
            .unwrap()
@@ -840,7 +791,11 @@ mod tests {
            .read()
            .await
            .get(&topic)
-            .is_none());
+        {
+            state.subscribe_loop.is_none()
+        } else {
+            false
+        });
    }

    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
--- a/src/provider/data.rs
+++ b/src/provider/data.rs
@@ -520,7 +520,7 @@ static P_FREENET_DE: Provider = Provider {
 static P_GMAIL: Provider = Provider {
    id: "gmail",
    status: Status::Preparation,
-    before_login_hint: "For Gmail accounts, you need to have \"2-Step Verification\" enabled and create an app-password.",
+    before_login_hint: "For Gmail accounts, you need to create an app-password if you have \"2-Step Verification\" enabled. If this setting is not available, you need to enable \"less secure apps\".",
    after_login_hint: "",
    overview_page: "https://providers.delta.chat/gmail",
    server: &[
@@ -1037,20 +1037,6 @@ static P_NINE_TESTRUN_ORG: Provider = Provider {
            port: 587,
            username_pattern: Email,
        },
-        Server {
-            protocol: Imap,
-            socket: Ssl,
-            hostname: "nine.testrun.org",
-            port: 443,
-            username_pattern: Email,
-        },
-        Server {
-            protocol: Smtp,
-            socket: Ssl,
-            hostname: "nine.testrun.org",
-            port: 443,
-            username_pattern: Email,
-        },
    ],
    opt: ProviderOptions::new(),
    config_defaults: Some(&[ConfigDefault {
@@ -1274,14 +1260,14 @@ static P_RISEUP_NET: Provider = Provider {
            socket: Ssl,
            hostname: "mail.riseup.net",
            port: 993,
-            username_pattern: Email,
+            username_pattern: Emaillocalpart,
        },
        Server {
            protocol: Smtp,
            socket: Ssl,
            hostname: "mail.riseup.net",
            port: 465,
-            username_pattern: Email,
+            username_pattern: Emaillocalpart,
        },
    ],
    opt: ProviderOptions::new(),
@@ -1315,37 +1301,6 @@ static P_SONIC: Provider = Provider {
    oauth2_authorizer: None,
 };

-// stinpriza.net.md: stinpriza.net, stinpriza.eu, el-hoyo.net
-static P_STINPRIZA_NET: Provider = Provider {
-    id: "stinpriza.net",
-    status: Status::Ok,
-    before_login_hint: "",
-    after_login_hint: "",
-    overview_page: "https://providers.delta.chat/stinpriza-net",
-    server: &[
-        Server {
-            protocol: Imap,
-            socket: Starttls,
-            hostname: "stinpriza.net",
-            port: 143,
-            username_pattern: Email,
-        },
-        Server {
-            protocol: Smtp,
-            socket: Starttls,
-            hostname: "stinpriza.net",
-            port: 587,
-            username_pattern: Email,
-        },
-    ],
-    opt: ProviderOptions {
-        strict_tls: true,
-        ..ProviderOptions::new()
-    },
-    config_defaults: None,
-    oauth2_authorizer: None,
-};
-
 // systemausfall.org.md: systemausfall.org, solidaris.me
 static P_SYSTEMAUSFALL_ORG: Provider = Provider {
    id: "systemausfall.org",
@@ -1600,13 +1555,11 @@ static P_VIVALDI: Provider = Provider {
 // vk.com.md: vk.com
 static P_VK_COM: Provider = Provider {
    id: "vk.com",
-    status: Status::Preparation,
-    before_login_hint: "Вам необходимо сгенерировать \"пароль для внешнего приложения\" в веб-интерфейсе mail.ru https://account.mail.ru/user/2-step-auth/passwords/ чтобы vk.com работал с Delta Chat.",
+    status: Status::Broken,
+    before_login_hint: "К сожалению, VK Почта не поддерживает работу с Delta Chat. См. https://help.vk.mail.ru/vkmail/questions/client",
    after_login_hint: "",
    overview_page: "https://providers.delta.chat/vk-com",
    server: &[
-        Server { protocol: Imap, socket: Ssl, hostname: "imap.mail.ru", port: 993, username_pattern: Email },
-        Server { protocol: Smtp, socket: Ssl, hostname: "smtp.mail.ru", port: 465, username_pattern: Email },
    ],
    opt: ProviderOptions::new(),
    config_defaults: None,
@@ -1804,7 +1757,7 @@ static P_ZOHO: Provider = Provider {
    oauth2_authorizer: None,
 };

-pub(crate) static PROVIDER_DATA: [(&str, &Provider); 531] = [
+pub(crate) static PROVIDER_DATA: [(&str, &Provider); 528] = [
    ("163.com", &P_163),
    ("aktivix.org", &P_AKTIVIX_ORG),
    ("aliyun.com", &P_ALIYUN),
@@ -2259,9 +2212,6 @@ pub(crate) static PROVIDER_DATA: [(&str, &Provider); 531] = [
    ("riseup.net", &P_RISEUP_NET),
    ("rogers.com", &P_ROGERS_COM),
    ("sonic.net", &P_SONIC),
-    ("stinpriza.net", &P_STINPRIZA_NET),
-    ("stinpriza.eu", &P_STINPRIZA_NET),
-    ("el-hoyo.net", &P_STINPRIZA_NET),
    ("systemausfall.org", &P_SYSTEMAUSFALL_ORG),
    ("solidaris.me", &P_SYSTEMAUSFALL_ORG),
    ("systemli.org", &P_SYSTEMLI_ORG),
@@ -2393,7 +2343,6 @@ pub(crate) static PROVIDER_IDS: Lazy<HashMap<&'static str, &'static Provider>> =
        ("riseup.net", &P_RISEUP_NET),
        ("rogers.com", &P_ROGERS_COM),
        ("sonic", &P_SONIC),
-        ("stinpriza.net", &P_STINPRIZA_NET),
        ("systemausfall.org", &P_SYSTEMAUSFALL_ORG),
        ("systemli.org", &P_SYSTEMLI_ORG),
        ("t-online", &P_T_ONLINE),
@@ -2417,4 +2366,4 @@ pub(crate) static PROVIDER_IDS: Lazy<HashMap<&'static str, &'static Provider>> =
 });

 pub static _PROVIDER_UPDATED: Lazy<chrono::NaiveDate> =
-    Lazy::new(|| chrono::NaiveDate::from_ymd_opt(2024, 8, 14).unwrap());
+    Lazy::new(|| chrono::NaiveDate::from_ymd_opt(2024, 6, 24).unwrap());
--- a/src/push.rs
+++ b/src/push.rs
@@ -48,7 +48,7 @@ impl PushSubscriber {

    /// Subscribes for heartbeat notifications with previously set device token.
    #[cfg(target_os = "ios")]
-    pub(crate) async fn subscribe(&self, context: &Context) -> Result<()> {
+    pub(crate) async fn subscribe(&self) -> Result<()> {
        use crate::net::http;

        let mut state = self.inner.write().await;
@@ -61,9 +61,8 @@ impl PushSubscriber {
            return Ok(());
        };

-        let load_cache = true;
-        let response = http::get_client(context, load_cache)
-            .await?
+        let socks5_config = None;
+        let response = http::get_client(socks5_config)?
            .post("https://notifications.delta.chat/register")
            .body(format!("{{\"token\":\"{token}\"}}"))
            .send()
@@ -78,7 +77,7 @@ impl PushSubscriber {

    /// Placeholder to skip subscribing to heartbeat notifications outside iOS.
    #[cfg(not(target_os = "ios"))]
-    pub(crate) async fn subscribe(&self, _context: &Context) -> Result<()> {
+    pub(crate) async fn subscribe(&self) -> Result<()> {
        let mut state = self.inner.write().await;
        state.heartbeat_subscribed = true;
        Ok(())
--- a/src/qr.rs
+++ b/src/qr.rs
@@ -1405,12 +1405,9 @@ mod tests {
            ctx.ctx.get_config(Config::SendUser).await?,
            Some("SendUser".to_owned())
        );
-
-        // `sc` option is actually ignored and `ic` is used instead
-        // because `smtp_certificate_checks` is deprecated.
        assert_eq!(
            ctx.ctx.get_config(Config::SmtpCertificateChecks).await?,
-            Some("1".to_owned())
+            Some("3".to_owned())
        );
        assert_eq!(
            ctx.ctx.get_config(Config::SendSecurity).await?,
--- a/src/qr/dclogin_scheme.rs
+++ b/src/qr/dclogin_scheme.rs
@@ -39,6 +39,9 @@ pub enum LoginOptions {
        /// IMAP socket security.
        imap_security: Option<Socket>,

+        /// IMAP certificate checks.
+        imap_certificate_checks: Option<CertificateChecks>,
+
        /// SMTP host.
        smtp_host: Option<String>,

@@ -54,8 +57,8 @@ pub enum LoginOptions {
        /// SMTP socket security.
        smtp_security: Option<Socket>,

-        /// Certificate checks.
-        certificate_checks: Option<CertificateChecks>,
+        /// SMTP certificate checks.
+        smtp_certificate_checks: Option<CertificateChecks>,
    },
 }

@@ -104,13 +107,14 @@ pub(super) fn decode_login(qr: &str) -> Result<Qr> {
                imap_username: parameter_map.get("iu").map(|s| s.to_owned()),
                imap_password: parameter_map.get("ipw").map(|s| s.to_owned()),
                imap_security: parse_socket_security(parameter_map.get("is"))?,
+                imap_certificate_checks: parse_certificate_checks(parameter_map.get("ic"))?,
                smtp_host: parameter_map.get("sh").map(|s| s.to_owned()),
                smtp_port: parse_port(parameter_map.get("sp"))
                    .context("could not parse smtp port")?,
                smtp_username: parameter_map.get("su").map(|s| s.to_owned()),
                smtp_password: parameter_map.get("spw").map(|s| s.to_owned()),
                smtp_security: parse_socket_security(parameter_map.get("ss"))?,
-                certificate_checks: parse_certificate_checks(parameter_map.get("ic"))?,
+                smtp_certificate_checks: parse_certificate_checks(parameter_map.get("sc"))?,
            },
            Some(Ok(v)) => LoginOptions::UnsuportedVersion(v),
            Some(Err(_)) => bail!("version could not be parsed as number E6"),
@@ -173,12 +177,13 @@ pub(crate) async fn configure_from_login_qr(
            imap_username,
            imap_password,
            imap_security,
+            imap_certificate_checks,
            smtp_host,
            smtp_port,
            smtp_username,
            smtp_password,
            smtp_security,
-            certificate_checks,
+            smtp_certificate_checks,
        } => {
            context
                .set_config_internal(Config::MailPw, Some(&mail_pw))
@@ -211,6 +216,14 @@ pub(crate) async fn configure_from_login_qr(
                    .set_config_internal(Config::MailSecurity, Some(&code.to_string()))
                    .await?;
            }
+            if let Some(value) = imap_certificate_checks {
+                let code = value
+                    .to_u32()
+                    .context("could not convert imap certificate checks value to number")?;
+                context
+                    .set_config_internal(Config::ImapCertificateChecks, Some(&code.to_string()))
+                    .await?;
+            }
            if let Some(value) = smtp_host {
                context
                    .set_config_internal(Config::SendServer, Some(&value))
@@ -239,13 +252,10 @@ pub(crate) async fn configure_from_login_qr(
                    .set_config_internal(Config::SendSecurity, Some(&code.to_string()))
                    .await?;
            }
-            if let Some(value) = certificate_checks {
+            if let Some(value) = smtp_certificate_checks {
                let code = value
                    .to_u32()
-                    .context("could not convert certificate checks value to number")?;
-                context
-                    .set_config_internal(Config::ImapCertificateChecks, Some(&code.to_string()))
-                    .await?;
+                    .context("could not convert smtp certificate checks value to number")?;
                context
                    .set_config_internal(Config::SmtpCertificateChecks, Some(&code.to_string()))
                    .await?;
@@ -274,12 +284,13 @@ mod test {
                imap_username: None,
                imap_password: None,
                imap_security: None,
+                imap_certificate_checks: None,
                smtp_host: None,
                smtp_port: None,
                smtp_username: None,
                smtp_password: None,
                smtp_security: None,
-                certificate_checks: None,
+                smtp_certificate_checks: None,
            }
        };
    }
@@ -381,12 +392,13 @@ mod test {
                    imap_username: Some("max".to_owned()),
                    imap_password: Some("87654".to_owned()),
                    imap_security: Some(Socket::Ssl),
+                    imap_certificate_checks: Some(CertificateChecks::Strict),
                    smtp_host: Some("mail.host.tld".to_owned()),
                    smtp_port: Some(3000),
                    smtp_username: Some("max@host.tld".to_owned()),
                    smtp_password: Some("3242HS".to_owned()),
                    smtp_security: Some(Socket::Plain),
-                    certificate_checks: Some(CertificateChecks::Strict),
+                    smtp_certificate_checks: Some(CertificateChecks::AcceptInvalidCertificates),
                }
            );
        } else {
--- a/src/receive_imf.rs
+++ b/src/receive_imf.rs
@@ -807,7 +807,7 @@ async fn add_parts(
                        // 1:1 chat is blocked, but the contact is not.
                        // This happens when 1:1 chat is hidden
                        // during scanning of a group invitation code.
-                        create_blocked_default
+                        Blocked::Request
                    }
                }
            }
--- a/src/receive_imf/tests.rs
+++ b/src/receive_imf/tests.rs
@@ -14,7 +14,6 @@ use crate::contact;
 use crate::download::MIN_DOWNLOAD_LIMIT;
 use crate::imap::prefetch_should_download;
 use crate::imex::{imex, ImexMode};
-use crate::securejoin::get_securejoin_qr;
 use crate::test_utils::{get_chat_msg, mark_as_verified, TestContext, TestContextManager};
 use crate::tools::{time, SystemTime};

@@ -3276,46 +3275,6 @@ async fn test_auto_accept_group_for_bots() -> Result<()> {
    Ok(())
 }

-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_auto_accept_protected_group_for_bots() -> Result<()> {
-    let mut tcm = TestContextManager::new();
-    let alice = &tcm.alice().await;
-    let bob = &tcm.bob().await;
-    bob.set_config(Config::Bot, Some("1")).await.unwrap();
-    mark_as_verified(alice, bob).await;
-    mark_as_verified(bob, alice).await;
-    let group_id = alice
-        .create_group_with_members(ProtectionStatus::Protected, "Group", &[bob])
-        .await;
-    let sent = alice.send_text(group_id, "Hello!").await;
-    let msg = bob.recv_msg(&sent).await;
-    let chat = chat::Chat::load_from_db(bob, msg.chat_id).await?;
-    assert!(!chat.is_contact_request());
-    Ok(())
-}
-
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_bot_accepts_another_group_after_qr_scan() -> Result<()> {
-    let mut tcm = TestContextManager::new();
-    let alice = &tcm.alice().await;
-    let bob = &tcm.bob().await;
-    bob.set_config(Config::Bot, Some("1")).await?;
-
-    let group_id = chat::create_group_chat(alice, ProtectionStatus::Protected, "Group").await?;
-    let qr = get_securejoin_qr(alice, Some(group_id)).await?;
-    tcm.exec_securejoin_qr(bob, alice, &qr).await;
-
-    let group_id = alice
-        .create_group_with_members(ProtectionStatus::Protected, "Group", &[bob])
-        .await;
-    let sent = alice.send_text(group_id, "Hello!").await;
-    let msg = bob.recv_msg(&sent).await;
-    let chat = chat::Chat::load_from_db(bob, msg.chat_id).await?;
-    assert!(!chat.is_contact_request());
-
-    Ok(())
-}
-
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_send_as_bot() -> Result<()> {
    let mut tcm = TestContextManager::new();
--- a/src/scheduler.rs
+++ b/src/scheduler.rs
@@ -110,14 +110,13 @@ impl SchedulerState {
        // to allow for clean shutdown.
        context.new_msgs_notify.notify_one();

-        let debug_logging = context
+        if let Some(debug_logging) = context
            .debug_logging
-            .write()
+            .read()
            .expect("RwLock is poisoned")
-            .take();
-        if let Some(debug_logging) = debug_logging {
+            .as_ref()
+        {
            debug_logging.loop_handle.abort();
-            debug_logging.loop_handle.await.ok();
        }
        let prev_state = std::mem::replace(&mut *inner, new_state);
        context.emit_event(EventType::ConnectivityChanged);
@@ -466,13 +465,11 @@ pub async fn convert_folder_meaning(
 }

 async fn inbox_fetch_idle(ctx: &Context, imap: &mut Imap, mut session: Session) -> Result<Session> {
-    if !ctx.get_config_bool(Config::FixIsChatmail).await? {
-        ctx.set_config_internal(
-            Config::IsChatmail,
-            crate::config::from_bool(session.is_chatmail()),
-        )
-        .await?;
-    }
+    ctx.set_config_internal(
+        Config::IsChatmail,
+        crate::config::from_bool(session.is_chatmail()),
+    )
+    .await?;

    // Update quota no more than once a minute.
    if ctx.quota_needs_update(60).await {
@@ -977,16 +974,9 @@ impl Scheduler {
            .await
            .log_err(context)
            .ok();
-
-        // Abort tasks, then await them to ensure the `Future` is dropped.
-        // Just aborting the task may keep resources such as `Context` clone
-        // moved into it indefinitely, resulting in database not being
-        // closed etc.
        self.ephemeral_handle.abort();
-        self.ephemeral_handle.await.ok();
        self.location_handle.abort();
-        self.location_handle.await.ok();
-        self.recently_seen_loop.abort().await;
+        self.recently_seen_loop.abort();
    }
 }

--- a/src/smtp.rs
+++ b/src/smtp.rs
@@ -13,7 +13,7 @@ use crate::config::Config;
 use crate::contact::{Contact, ContactId};
 use crate::context::Context;
 use crate::events::EventType;
-use crate::login_param::{LoginParam, ServerLoginParam};
+use crate::login_param::{CertificateChecks, LoginParam, ServerLoginParam};
 use crate::message::Message;
 use crate::message::{self, MsgId};
 use crate::mimefactory::MimeFactory;
@@ -94,7 +94,9 @@ impl Smtp {
            &lp.smtp,
            &lp.socks5_config,
            &lp.addr,
-            lp.strict_tls(),
+            lp.provider.map_or(lp.socks5_config.is_some(), |provider| {
+                provider.opt.strict_tls
+            }),
        )
        .await
    }
@@ -106,7 +108,7 @@ impl Smtp {
        lp: &ServerLoginParam,
        socks5_config: &Option<Socks5Config>,
        addr: &str,
-        strict_tls: bool,
+        provider_strict_tls: bool,
    ) -> Result<()> {
        if self.is_connected() {
            warn!(context, "SMTP already connected.");
@@ -125,6 +127,13 @@ impl Smtp {
        let domain = &lp.server;
        let port = lp.port;

+        let strict_tls = match lp.certificate_checks {
+            CertificateChecks::Automatic => provider_strict_tls,
+            CertificateChecks::Strict => true,
+            CertificateChecks::AcceptInvalidCertificates
+            | CertificateChecks::AcceptInvalidCertificates2 => false,
+        };
+
        let session_stream = connect::connect_stream(
            context,
            domain,
@@ -631,7 +640,9 @@ async fn send_mdn_rfc724_mid(

 /// Tries to send a single MDN. Returns true if more MDNs should be sent.
 async fn send_mdn(context: &Context, smtp: &mut Smtp) -> Result<bool> {
-    if !context.should_send_mdns().await? {
+    let mdns_enabled = context.get_config_bool(Config::MdnsEnabled).await?;
+    if !mdns_enabled {
+        // User has disabled MDNs.
        context.sql.execute("DELETE FROM smtp_mdns", []).await?;
        return Ok(false);
    }
--- a/src/smtp/connect.rs
+++ b/src/smtp/connect.rs
@@ -1,20 +1,15 @@
 //! SMTP connection establishment.

-use std::net::SocketAddr;
-
-use anyhow::{bail, format_err, Context as _, Result};
+use anyhow::{bail, Context as _, Result};
 use async_smtp::{SmtpClient, SmtpTransport};
 use tokio::io::BufStream;

 use crate::context::Context;
-use crate::net::dns::{lookup_host_with_cache, update_connect_timestamp};
 use crate::net::session::SessionBufStream;
 use crate::net::tls::wrap_tls;
-use crate::net::update_connection_history;
-use crate::net::{connect_tcp_inner, connect_tls_inner};
+use crate::net::{connect_starttls_smtp, connect_tcp, connect_tls};
 use crate::provider::Socket;
 use crate::socks::Socks5Config;
-use crate::tools::time;

 /// Returns TLS, STARTTLS or plaintext connection
 /// using SOCKS5 or direct connection depending on the given configuration.
@@ -26,58 +21,36 @@ use crate::tools::time;
 /// to unify the result regardless of whether TLS or STARTTLS is used.
 pub(crate) async fn connect_stream(
    context: &Context,
-    host: &str,
+    domain: &str,
    port: u16,
    strict_tls: bool,
    socks5_config: Option<Socks5Config>,
    security: Socket,
 ) -> Result<Box<dyn SessionBufStream>> {
-    if let Some(socks5_config) = socks5_config {
-        let stream = match security {
+    let stream = if let Some(socks5_config) = socks5_config {
+        match security {
            Socket::Automatic => bail!("SMTP port security is not configured"),
            Socket::Ssl => {
-                connect_secure_socks5(context, host, port, strict_tls, socks5_config.clone())
+                connect_secure_socks5(context, domain, port, strict_tls, socks5_config.clone())
                    .await?
            }
            Socket::Starttls => {
-                connect_starttls_socks5(context, host, port, strict_tls, socks5_config.clone())
+                connect_starttls_socks5(context, domain, port, strict_tls, socks5_config.clone())
                    .await?
            }
            Socket::Plain => {
-                connect_insecure_socks5(context, host, port, socks5_config.clone()).await?
-            }
-        };
-        Ok(stream)
-    } else {
-        let mut first_error = None;
-        let load_cache = strict_tls && (security == Socket::Ssl || security == Socket::Starttls);
-
-        for resolved_addr in lookup_host_with_cache(context, host, port, "smtp", load_cache).await?
-        {
-            let res = match security {
-                Socket::Automatic => bail!("SMTP port security is not configured"),
-                Socket::Ssl => connect_secure(resolved_addr, host, strict_tls).await,
-                Socket::Starttls => connect_starttls(resolved_addr, host, strict_tls).await,
-                Socket::Plain => connect_insecure(resolved_addr).await,
-            };
-            match res {
-                Ok(stream) => {
-                    let ip_addr = resolved_addr.ip().to_string();
-                    if load_cache {
-                        update_connect_timestamp(context, host, &ip_addr).await?;
-                    }
-                    update_connection_history(context, "smtp", host, port, &ip_addr, time())
-                        .await?;
-                    return Ok(stream);
-                }
-                Err(err) => {
-                    warn!(context, "Failed to connect to {resolved_addr}: {err:#}.");
-                    first_error.get_or_insert(err);
-                }
+                connect_insecure_socks5(context, domain, port, socks5_config.clone()).await?
            }
        }
-        Err(first_error.unwrap_or_else(|| format_err!("no DNS resolution results for {host}")))
-    }
+    } else {
+        match security {
+            Socket::Automatic => bail!("SMTP port security is not configured"),
+            Socket::Ssl => connect_secure(context, domain, port, strict_tls).await?,
+            Socket::Starttls => connect_starttls(context, domain, port, strict_tls).await?,
+            Socket::Plain => connect_insecure(context, domain, port).await?,
+        }
+    };
+    Ok(stream)
 }

 /// Reads and ignores SMTP greeting.
@@ -159,11 +132,12 @@ async fn connect_insecure_socks5(
 }

 async fn connect_secure(
-    addr: SocketAddr,
+    context: &Context,
    hostname: &str,
+    port: u16,
    strict_tls: bool,
 ) -> Result<Box<dyn SessionBufStream>> {
-    let tls_stream = connect_tls_inner(addr, hostname, strict_tls, "smtp").await?;
+    let tls_stream = connect_tls(context, hostname, port, strict_tls, "smtp").await?;
    let mut buffered_stream = BufStream::new(tls_stream);
    skip_smtp_greeting(&mut buffered_stream).await?;
    let session_stream: Box<dyn SessionBufStream> = Box::new(buffered_stream);
@@ -171,27 +145,24 @@ async fn connect_secure(
 }

 async fn connect_starttls(
-    addr: SocketAddr,
-    host: &str,
+    context: &Context,
+    hostname: &str,
+    port: u16,
    strict_tls: bool,
 ) -> Result<Box<dyn SessionBufStream>> {
-    let tcp_stream = connect_tcp_inner(addr).await?;
-
-    // Run STARTTLS command and convert the client back into a stream.
-    let client = async_smtp::SmtpClient::new().smtp_utf8(true);
-    let transport = async_smtp::SmtpTransport::new(client, BufStream::new(tcp_stream)).await?;
-    let tcp_stream = transport.starttls().await?.into_inner();
-    let tls_stream = wrap_tls(strict_tls, host, "smtp", tcp_stream)
-        .await
-        .context("STARTTLS upgrade failed")?;
+    let tls_stream = connect_starttls_smtp(context, hostname, port, strict_tls).await?;

    let buffered_stream = BufStream::new(tls_stream);
    let session_stream: Box<dyn SessionBufStream> = Box::new(buffered_stream);
    Ok(session_stream)
 }

-async fn connect_insecure(addr: SocketAddr) -> Result<Box<dyn SessionBufStream>> {
-    let tcp_stream = connect_tcp_inner(addr).await?;
+async fn connect_insecure(
+    context: &Context,
+    hostname: &str,
+    port: u16,
+) -> Result<Box<dyn SessionBufStream>> {
+    let tcp_stream = connect_tcp(context, hostname, port, false).await?;
    let mut buffered_stream = BufStream::new(tcp_stream);
    skip_smtp_greeting(&mut buffered_stream).await?;
    let session_stream: Box<dyn SessionBufStream> = Box::new(buffered_stream);
--- a/src/sql.rs
+++ b/src/sql.rs
@@ -18,8 +18,6 @@ use crate::imex::BLOBS_BACKUP_NAME;
 use crate::location::delete_orphaned_poi_locations;
 use crate::log::LogExt;
 use crate::message::{Message, MsgId, Viewtype};
-use crate::net::dns::prune_dns_cache;
-use crate::net::prune_connection_history;
 use crate::param::{Param, Params};
 use crate::peerstate::Peerstate;
 use crate::stock_str;
@@ -105,11 +103,9 @@ impl Sql {

        // Test that the key is correct using a single connection.
        let connection = Connection::open(&self.dbfile)?;
-        if !passphrase.is_empty() {
-            connection
-                .pragma_update(None, "key", &passphrase)
-                .context("Failed to set PRAGMA key")?;
-        }
+        connection
+            .pragma_update(None, "key", &passphrase)
+            .context("failed to set PRAGMA key")?;
        let key_is_correct = connection
            .query_row("SELECT count(*) FROM sqlite_master", [], |_row| Ok(()))
            .is_ok();
@@ -326,10 +322,8 @@ impl Sql {

        let pool = lock.take().context("SQL connection pool is not open")?;
        let conn = pool.get().await?;
-        if !passphrase.is_empty() {
-            conn.pragma_update(None, "rekey", passphrase.clone())
-                .context("Failed to set PRAGMA rekey")?;
-        }
+        conn.pragma_update(None, "rekey", passphrase.clone())
+            .context("failed to set PRAGMA rekey")?;
        drop(pool);

        *lock = Some(Self::new_pool(&self.dbfile, passphrase.to_string())?);
@@ -701,9 +695,7 @@ fn new_connection(path: &Path, passphrase: &str) -> Result<Connection> {
        conn.pragma_update(None, "temp_store", "memory")?;
    }

-    if !passphrase.is_empty() {
-        conn.pragma_update(None, "key", passphrase)?;
-    }
+    conn.pragma_update(None, "key", passphrase)?;
    // Try to enable auto_vacuum. This will only be
    // applied if the database is new or after successful
    // VACUUM, which usually happens before backup export.
@@ -795,17 +787,6 @@ pub async fn housekeeping(context: &Context) -> Result<()> {
        .log_err(context)
        .ok();

-    prune_connection_history(context)
-        .await
-        .context("Failed to prune connection history")
-        .log_err(context)
-        .ok();
-    prune_dns_cache(context)
-        .await
-        .context("Failed to prune DNS cache")
-        .log_err(context)
-        .ok();
-
    // Delete POI locations
    // which don't have corresponding message.
    delete_orphaned_poi_locations(context)
--- a/src/sql/migrations.rs
+++ b/src/sql/migrations.rs
@@ -955,22 +955,6 @@ CREATE INDEX msgs_status_updates_index2 ON msgs_status_updates (uid);
        .await?;
    }

-    inc_and_check(&mut migration_version, 117)?;
-    if dbversion < migration_version {
-        sql.execute_migration(
-            "CREATE TABLE connection_history (
-                host TEXT NOT NULL, -- server hostname
-                port INTEGER NOT NULL, -- server port
-                alpn TEXT NOT NULL, -- ALPN such as smtp or imap
-                addr TEXT NOT NULL, -- IP address
-                timestamp INTEGER NOT NULL, -- timestamp of the most recent successful connection
-                UNIQUE (host, port, alpn, addr)
-            ) STRICT",
-            migration_version,
-        )
-        .await?;
-    }
-
    let new_version = sql
        .get_raw_config_int(VERSION_CFG)
        .await?
--- a/src/test_utils.rs
+++ b/src/test_utils.rs
@@ -175,12 +175,7 @@ impl TestContextManager {
        ));

        let qr = get_securejoin_qr(&scanned.ctx, None).await.unwrap();
-        self.exec_securejoin_qr(scanner, scanned, &qr).await;
-    }
-
-    /// Executes SecureJoin initiated by `scanner` scanning `qr` generated by `scanned`.
-    pub async fn exec_securejoin_qr(&self, scanner: &TestContext, scanned: &TestContext, qr: &str) {
-        join_securejoin(&scanner.ctx, qr).await.unwrap();
+        join_securejoin(&scanner.ctx, &qr).await.unwrap();

        loop {
            if let Some(sent) = scanner.pop_sent_msg_opt(Duration::ZERO).await {
--- a/standards.md
+++ b/standards.md
@@ -19,7 +19,7 @@ Authorization                    | OAuth2 ([RFC 6749][])
 End-to-end encryption            | [Autocrypt Level 1][], OpenPGP ([RFC 4880][]), Security Multiparts for MIME ([RFC 1847][]) and [“Mixed Up” Encryption repairing](https://tools.ietf.org/id/draft-dkg-openpgp-pgpmime-message-mangling-00.html)
 Detect/prevent active attacks    | [securejoin][] protocols
 Compare public keys              | [openpgp4fpr][] URI Scheme
-Header encryption                | [Header Protection for Cryptographically Protected E-mail](https://datatracker.ietf.org/doc/draft-ietf-lamps-header-protection/)
+Header encryption                | [Protected Headers for Cryptographic E-mail](https://datatracker.ietf.org/doc/draft-autocrypt-lamps-protected-headers/)
 Configuration assistance         | [Autoconfigure](https://web.archive.org/web/20210402044801/https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration) and [Autodiscover][]
 Messenger functions              | [Chat-over-Email](https://github.com/deltachat/deltachat-core-rust/blob/master/spec.md#chat-mail-specification)
 Detect mailing list              | List-Id ([RFC 2919][]) and Precedence ([RFC 3834][])
Author	SHA1	Message	Date
link2xt	6dd2f16df1	fix: explicitly close the database on account removal	2024-07-29 22:42:39 +00:00
link2xt	0cdf9b8f9c	debug: remove try_many_times Attempt to reproduce <https://github.com/deltachat/deltachat-core-rust/issues/5809> in CI.	2024-07-29 20:34:22 +00:00
@@ -1 +1 @@
 -08-15
 -07-23