feat: Remove detached signature validation

2026-05-09 18:06:29 +03:00 · 2026-04-30 17:10:34 +02:00
32 changed files with 404 additions and 289 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -41,8 +41,6 @@ jobs:
        shell: bash
      - name: Cache rust cargo artifacts
        uses: swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4
-        with:
-          save-if: ${{ github.ref == 'refs/heads/main' }}
      - name: Run rustfmt
        run: cargo fmt --all -- --check
      - name: Run clippy
@@ -94,8 +92,6 @@ jobs:
          persist-credentials: false
      - name: Cache rust cargo artifacts
        uses: swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4
-        with:
-          save-if: ${{ github.ref == 'refs/heads/main' }}
      - name: Rustdoc
        run: cargo doc --document-private-items --no-deps

@@ -139,8 +135,6 @@ jobs:

      - name: Cache rust cargo artifacts
        uses: swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4
-        with:
-          save-if: ${{ github.ref == 'refs/heads/main' }}

      - name: Install nextest
        uses: taiki-e/install-action@5f57d6cb7cd20b14a8a27f522884c4bc8a187458
@@ -175,8 +169,6 @@ jobs:

      - name: Cache rust cargo artifacts
        uses: swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4
-        with:
-          save-if: ${{ github.ref == 'refs/heads/main' }}

      - name: Build C library
        run: cargo build -p deltachat_ffi
@@ -203,8 +195,6 @@ jobs:

      - name: Cache rust cargo artifacts
        uses: swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4
-        with:
-          save-if: ${{ github.ref == 'refs/heads/main' }}

      - name: Build deltachat-rpc-server
        run: cargo build -p deltachat-rpc-server
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -36,7 +36,7 @@ checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0"
 dependencies = [
 "cfg-if",
 "cipher",
- "cpufeatures 0.2.17",
+ "cpufeatures",
 ]

 [[package]]
@@ -136,7 +136,7 @@ checksum = "3c3610892ee6e0cbce8ae2700349fcf8f98adb0dbfbee85aec3c9179d29cc072"
 dependencies = [
 "base64ct",
 "blake2",
- "cpufeatures 0.2.17",
+ "cpufeatures",
 "password-hash",
 "zeroize",
 ]
@@ -497,16 +497,16 @@ dependencies = [

 [[package]]
 name = "blake3"
-version = "1.8.5"
+version = "1.8.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0aa83c34e62843d924f905e0f5c866eb1dd6545fc4d719e803d9ba6030371fce"
+checksum = "2468ef7d57b3fb7e16b576e8377cdbde2320c60e1491e961d11da40fc4f02a2d"
 dependencies = [
 "arrayref",
 "arrayvec",
 "cc",
 "cfg-if",
 "constant_time_eq 0.4.2",
- "cpufeatures 0.3.0",
+ "cpufeatures",
 ]

 [[package]]
@@ -799,7 +799,7 @@ checksum = "c3613f74bd2eac03dad61bd53dbe620703d4371614fe0bc3b9f04dd36fe4e818"
 dependencies = [
 "cfg-if",
 "cipher",
- "cpufeatures 0.2.17",
+ "cpufeatures",
 ]

 [[package]]
@@ -934,9 +934,9 @@ checksum = "3d7b894f5411737b7867f4827955924d7c254fc9f4d91a6aad6b097804b1018b"

 [[package]]
 name = "colorutils-rs"
-version = "0.8.0"
+version = "0.7.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "69abc9a8ed011e2b7946769f460b9e76e8b659ece9ef4001b9d8bba3489f796d"
+checksum = "6e2fc25857fa523662de5cae84225b0e7bfb24a2a3f9ed8802fecf03df7252b1"
 dependencies = [
 "erydanos",
 "half",
@@ -1011,15 +1011,6 @@ dependencies = [
 "libc",
 ]

-[[package]]
-name = "cpufeatures"
-version = "0.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b2a41393f66f16b0823bb79094d54ac5fbd34ab292ddafb9a0456ac9f87d201"
-dependencies = [
- "libc",
-]
-
 [[package]]
 name = "crc"
 version = "3.2.1"
@@ -1225,7 +1216,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "97fb8b7c4503de7d6ae7b42ab72a5a59857b4c937ec27a3d4539dba95b5ab2be"
 dependencies = [
 "cfg-if",
- "cpufeatures 0.2.17",
+ "cpufeatures",
 "curve25519-dalek-derive",
 "digest",
 "fiat-crypto",
@@ -1301,9 +1292,9 @@ dependencies = [

 [[package]]
 name = "data-encoding"
-version = "2.11.0"
+version = "2.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a4ae5f15dda3c708c0ade84bfee31ccab44a3da4f88015ed22f63732abe300c8"
+checksum = "d7a1e2f27636f116493b8b860f5546edb47c8d8f8ea73e1d2a20be88e28d1fea"

 [[package]]
 name = "dbl"
@@ -2610,9 +2601,9 @@ dependencies = [

 [[package]]
 name = "hyper"
-version = "1.9.0"
+version = "1.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6299f016b246a94207e63da54dbe807655bf9e00044f73ded42c3ac5305fbcca"
+checksum = "2ab2d4f250c3d7b1c9fcdff1cece94ea4e2dfbec68614f7b87cb205f24ca9d11"
 dependencies = [
 "atomic-waker",
 "bytes",
@@ -2625,6 +2616,7 @@ dependencies = [
 "httpdate",
 "itoa",
 "pin-project-lite",
+ "pin-utils",
 "smallvec",
 "tokio",
 "want",
@@ -2662,7 +2654,7 @@ dependencies = [
 "hyper",
 "libc",
 "pin-project-lite",
- "socket2 0.6.3",
+ "socket2 0.6.0",
 "tokio",
 "tower-service",
 "tracing",
@@ -3254,7 +3246,7 @@ version = "0.1.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cb26cec98cce3a3d96cbb7bced3c4b16e3d13f27ec56dbd62cbc8f39cfb9d653"
 dependencies = [
- "cpufeatures 0.2.17",
+ "cpufeatures",
 ]

 [[package]]
@@ -3268,9 +3260,9 @@ dependencies = [

 [[package]]
 name = "libc"
-version = "0.2.186"
+version = "0.2.184"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "68ab91017fe16c622486840e4c83c9a37afeff978bd239b5293d61ece587de66"
+checksum = "48f5d2a454e16a5ea0f4ced81bd44e4cfc7bd3a507b61887c99fd3538b28e4af"

 [[package]]
 name = "libm"
@@ -3461,13 +3453,13 @@ dependencies = [

 [[package]]
 name = "mio"
-version = "1.2.0"
+version = "1.0.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "50b7e5b27aa02a74bac8c3f23f448f8d87ff11f92d3aac1a6ed369ee08cc56c1"
+checksum = "2886843bf800fba2e3377cff24abf6379b4c4d5c6681eaf9ea5b0d15090450bd"
 dependencies = [
 "libc",
 "wasi 0.11.0+wasi-snapshot-preview1",
- "windows-sys 0.61.1",
+ "windows-sys 0.52.0",
 ]

 [[package]]
@@ -3941,14 +3933,15 @@ checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381"

 [[package]]
 name = "openssl"
-version = "0.10.79"
+version = "0.10.78"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bf0b434746ee2832f4f0baf10137e1cabb18cbe6912c69e2e33263c45250f542"
+checksum = "f38c4372413cdaaf3cc79dd92d29d7d9f5ab09b51b10dded508fb90bb70b9222"
 dependencies = [
 "bitflags 2.11.0",
 "cfg-if",
 "foreign-types",
 "libc",
+ "once_cell",
 "openssl-macros",
 "openssl-sys",
 ]
@@ -3981,9 +3974,9 @@ dependencies = [

 [[package]]
 name = "openssl-sys"
-version = "0.9.115"
+version = "0.9.114"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "158fe5b292746440aa6e7a7e690e55aeb72d41505e2804c23c6973ad0e9c9781"
+checksum = "13ce1245cd07fcc4cfdb438f7507b0c7e4f3849a69fd84d52374c66d83741bb6"
 dependencies = [
 "cc",
 "libc",
@@ -4419,7 +4412,7 @@ version = "0.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8159bd90725d2df49889a078b54f4f79e87f1f8a8444194cdca81d38f5393abf"
 dependencies = [
- "cpufeatures 0.2.17",
+ "cpufeatures",
 "opaque-debug",
 "universal-hash",
 ]
@@ -4431,7 +4424,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9d1fe60d06143b2430aa532c94cfe9e29783047f06c0d7fd359a9a51b729fa25"
 dependencies = [
 "cfg-if",
- "cpufeatures 0.2.17",
+ "cpufeatures",
 "opaque-debug",
 "universal-hash",
 ]
@@ -5515,7 +5508,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f5058ada175748e33390e40e872bd0fe59a19f265d0158daa551c5a88a76009c"
 dependencies = [
 "cfg-if",
- "cpufeatures 0.2.17",
+ "cpufeatures",
 "digest",
 ]

@@ -5526,7 +5519,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba"
 dependencies = [
 "cfg-if",
- "cpufeatures 0.2.17",
+ "cpufeatures",
 "digest",
 ]

@@ -5554,7 +5547,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283"
 dependencies = [
 "cfg-if",
- "cpufeatures 0.2.17",
+ "cpufeatures",
 "digest",
 ]

@@ -5732,12 +5725,12 @@ dependencies = [

 [[package]]
 name = "socket2"
-version = "0.6.3"
+version = "0.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3a766e1110788c36f4fa1c2b71b387a7815aa65f88ce0229841826633d93723e"
+checksum = "233504af464074f9d066d7b5416c5f9b894a5862a6506e306f7b816cdd6f1807"
 dependencies = [
 "libc",
- "windows-sys 0.61.1",
+ "windows-sys 0.59.0",
 ]

 [[package]]
@@ -6151,9 +6144,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"

 [[package]]
 name = "tokio"
-version = "1.52.1"
+version = "1.50.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b67dee974fe86fd92cc45b7a95fdd2f99a36a6d7b0d431a231178d3d670bbcc6"
+checksum = "27ad5e34374e03cfffefc301becb44e9dc3c17584f414349ebe29ed26661822d"
 dependencies = [
 "bytes",
 "libc",
@@ -6161,7 +6154,7 @@ dependencies = [
 "parking_lot",
 "pin-project-lite",
 "signal-hook-registry",
- "socket2 0.6.3",
+ "socket2 0.6.0",
 "tokio-macros",
 "windows-sys 0.61.1",
 ]
@@ -6178,9 +6171,9 @@ dependencies = [

 [[package]]
 name = "tokio-macros"
-version = "2.7.0"
+version = "2.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "385a6cb71ab9ab790c5fe8d67f1645e6c450a7ce006a33de03daa956cf70a496"
+checksum = "af407857209536a95c8e56f8231ef2c2e2aff839b22e07a1ffcbc617e9db9fa5"
 dependencies = [
 "proc-macro2",
 "quote",
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -53,7 +53,7 @@ blake3 = "1.8.2"
 brotli = { version = "8", default-features=false, features = ["std"] }
 bytes = "1"
 chrono = { workspace = true, features = ["alloc", "clock", "std"] }
-colorutils-rs = { version = "0.8.0", default-features = false }
+colorutils-rs = { version = "0.7.5", default-features = false }
 data-encoding = "2.9.0"
 escaper = "0.1"
 fast-socks5 = "1"
--- a/deltachat-ffi/deltachat.h
+++ b/deltachat-ffi/deltachat.h
@@ -4003,6 +4003,8 @@ int             dc_msg_get_viewtype           (const dc_msg_t* msg);
 *   Marked as read on IMAP and MDN may be sent. Use dc_markseen_msgs() to mark messages as being seen.
 *
 * Outgoing message states:
+ * - @ref DC_STATE_OUT_PREPARING - For files which need time to be prepared before they can be sent,
+ *   the message enters this state before @ref DC_STATE_OUT_PENDING. Deprecated.
 * - @ref DC_STATE_OUT_DRAFT - Message saved as draft using dc_set_draft()
 * - @ref DC_STATE_OUT_PENDING - The user has pressed the "send" button but the
 *   message is not yet sent and is pending in some way. Maybe we're offline (no checkmark).
@@ -5587,6 +5589,13 @@ int64_t         dc_lot_get_timestamp     (const dc_lot_t* lot);
 */
 #define         DC_STATE_IN_SEEN             16

+/**
+ * Outgoing message being prepared. See dc_msg_get_state() for details.
+ *
+ * @deprecated 2024-12-07
+ */
+#define         DC_STATE_OUT_PREPARING       18
+
 /**
 * Outgoing message drafted. See dc_msg_get_state() for details.
 */
--- a/deltachat-ffi/src/lot.rs
+++ b/deltachat-ffi/src/lot.rs
@@ -230,6 +230,7 @@ pub enum LotState {
    MsgInFresh = 10,
    MsgInNoticed = 13,
    MsgInSeen = 16,
+    MsgOutPreparing = 18,
    MsgOutDraft = 19,
    MsgOutPending = 20,
    MsgOutFailed = 24,
@@ -245,6 +246,7 @@ impl From<MessageState> for LotState {
            InFresh => LotState::MsgInFresh,
            InNoticed => LotState::MsgInNoticed,
            InSeen => LotState::MsgInSeen,
+            OutPreparing => LotState::MsgOutPreparing,
            OutDraft => LotState::MsgOutDraft,
            OutPending => LotState::MsgOutPending,
            OutFailed => LotState::MsgOutFailed,
--- a/deltachat-rpc-client/src/deltachat_rpc_client/const.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/const.py
@@ -190,6 +190,7 @@ class MessageState(IntEnum):
    IN_FRESH = 10
    IN_NOTICED = 13
    IN_SEEN = 16
+    OUT_PREPARING = 18
    OUT_DRAFT = 19
    OUT_PENDING = 20
    OUT_FAILED = 24
--- a/deltachat-rpc-client/tests/test_something.py
+++ b/deltachat-rpc-client/tests/test_something.py
@@ -1091,7 +1091,6 @@ def test_rename_group(acfactory):
    bob.wait_for_event(EventType.CHATLIST_ITEM_CHANGED)

    for name in ["Baz", "Foo bar", "Xyzzy"]:
-        time.sleep(1)
        alice_group.set_name(name)
        bob.wait_for_event(EventType.CHATLIST_ITEM_CHANGED)
        bob.wait_for_event(EventType.CHATLIST_ITEM_CHANGED)
--- a/deny.toml
+++ b/deny.toml
@@ -33,17 +33,7 @@ ignore = [
    # We do not check CRL and cannot update rustls-webpki 0.102.8 
    # which is a dependency of iroh 0.35.0.
    # <https://rustsec.org/advisories/RUSTSEC-2026-0104>
-    "RUSTSEC-2026-0104",
-
-    # hickory-proto 0.25.2 unbounded loop in DNSSEC code.
-    # Dependency of iroh 0.35.0, cannot be updated as of 2026-05-02.
-    # <https://rustsec.org/advisories/RUSTSEC-2026-0118>
-    "RUSTSEC-2026-0118",
-
-    # hickory-proto 0.25.2 quadratic complexity issue.
-    # Dependency of iroh 0.35.0, cannot be updated as of 2026-05-02.
-    # <https://rustsec.org/advisories/RUSTSEC-2026-0119>
-    "RUSTSEC-2026-0119"
+    "RUSTSEC-2026-0104"
 ]

 [bans]
@@ -55,7 +45,6 @@ skip = [
     { name = "async-channel", version = "1.9.0" },
     { name = "bitflags", version = "1.3.2" },
     { name = "constant_time_eq", version = "0.3.1" },
-     { name = "cpufeatures", version = "0.2.17" },
     { name = "derive_more-impl", version = "1.0.0" },
     { name = "derive_more", version = "1.0.0" },
     { name = "event-listener", version = "2.5.3" },
--- a/python/src/deltachat/chat.py
+++ b/python/src/deltachat/chat.py
@@ -271,6 +271,15 @@ class Chat:
           sent out.  This is the same object as was passed in, which
           has been modified with the new state of the core.
        """
+        if msg.is_out_preparing():
+            assert msg.id != 0
+            # get a fresh copy of dc_msg, the core needs it
+            maybe_msg = Message.from_db(self.account, msg.id)
+            if maybe_msg is not None:
+                msg = maybe_msg
+            else:
+                raise ValueError("message does not exist")
+
        sent_id = lib.dc_send_msg(self.account._dc_context, self.id, msg._dc_msg)
        if sent_id == 0:
            raise ValueError("message could not be sent")
@@ -324,6 +333,26 @@ class Chat:
            raise ValueError("message could not be sent")
        return Message.from_db(self.account, sent_id)

+    def send_prepared(self, message):
+        """send a previously prepared message.
+
+        :param message: a :class:`Message` instance previously returned by
+                        :meth:`prepare_file`.
+        :raises ValueError: if message can not be sent.
+        :returns: a :class:`deltachat.message.Message` instance as sent out.
+        """
+        assert message.id != 0 and message.is_out_preparing()
+        # get a fresh copy of dc_msg, the core needs it
+        msg = Message.from_db(self.account, message.id)
+
+        # pass 0 as chat-id because core-docs say it's ok when out-preparing
+        sent_id = lib.dc_send_msg(self.account._dc_context, 0, msg._dc_msg)
+        if sent_id == 0:
+            raise ValueError("message could not be sent")
+        assert sent_id == msg.id
+        # modify message in place to avoid bad state for the caller
+        msg._dc_msg = Message.from_db(self.account, sent_id)._dc_msg
+
    def set_draft(self, message):
        """set message as draft.

--- a/python/src/deltachat/message.py
+++ b/python/src/deltachat/message.py
@@ -351,12 +351,17 @@ class Message:
    def is_outgoing(self):
        """Return True if Message is outgoing."""
        return lib.dc_msg_get_state(self._dc_msg) in (
+            const.DC_STATE_OUT_PREPARING,
            const.DC_STATE_OUT_PENDING,
            const.DC_STATE_OUT_FAILED,
            const.DC_STATE_OUT_MDN_RCVD,
            const.DC_STATE_OUT_DELIVERED,
        )

+    def is_out_preparing(self):
+        """Return True if Message is outgoing, but its file is being prepared."""
+        return self._msgstate == const.DC_STATE_OUT_PREPARING
+
    def is_out_pending(self):
        """Return True if Message is outgoing, but is pending (no single checkmark)."""
        return self._msgstate == const.DC_STATE_OUT_PENDING
--- a/src/chat.rs
+++ b/src/chat.rs
@@ -49,8 +49,8 @@ use crate::stock_str;
 use crate::sync::{self, Sync::*, SyncData};
 use crate::tools::{
    IsNoneOrEmpty, SystemTime, buf_compress, create_broadcast_secret, create_id,
-    create_outgoing_rfc724_mid, get_abs_path, gm2local_offset, normalize_text, time,
-    truncate_msg_text,
+    create_outgoing_rfc724_mid, create_smeared_timestamp, create_smeared_timestamps, get_abs_path,
+    gm2local_offset, normalize_text, smeared_time, time, truncate_msg_text,
 };
 use crate::webxdc::StatusUpdateSerial;

@@ -291,7 +291,7 @@ impl ChatId {
        timestamp: i64,
    ) -> Result<Self> {
        let grpname = sanitize_single_line(grpname);
-        let timestamp = cmp::min(timestamp, time());
+        let timestamp = cmp::min(timestamp, smeared_time(context));
        let row_id =
            context.sql.insert(
                "INSERT INTO chats (type, name, name_normalized, grpid, blocked, created_timestamp, protected, param) VALUES(?, ?, ?, ?, ?, ?, 0, ?)",
@@ -1255,7 +1255,7 @@ SELECT id, rfc724_mid, pre_rfc724_mid, timestamp, ?, 1 FROM msgs WHERE chat_id=?
        message_timestamp: i64,
        always_sort_to_bottom: bool,
    ) -> Result<i64> {
-        let mut sort_timestamp = cmp::min(message_timestamp, time());
+        let mut sort_timestamp = cmp::min(message_timestamp, smeared_time(context));

        let last_msg_time: Option<i64> = if always_sort_to_bottom {
            // get newest message for this chat
@@ -2405,7 +2405,7 @@ impl ChatIdBlocked {
            _ => (),
        }

-        let now = time();
+        let smeared_time = create_smeared_timestamp(context);

        let chat_id = context
            .sql
@@ -2420,7 +2420,7 @@ impl ChatIdBlocked {
                        normalize_text(&chat_name),
                        params.to_string(),
                        create_blocked as u8,
-                        now,
+                        smeared_time,
                    ),
                )?;
                let chat_id = ChatId::new(
@@ -2446,7 +2446,7 @@ impl ChatIdBlocked {
            && !chat.param.exists(Param::Devicetalk)
            && !chat.param.exists(Param::Selftalk)
        {
-            chat_id.add_e2ee_notice(context, now).await?;
+            chat_id.add_e2ee_notice(context, smeared_time).await?;
        }

        Ok(Self {
@@ -2613,7 +2613,7 @@ pub async fn send_msg(context: &Context, chat_id: ChatId, msg: &mut Message) ->
        "chat_id cannot be a special chat: {chat_id}"
    );

-    if msg.state != MessageState::Undefined {
+    if msg.state != MessageState::Undefined && msg.state != MessageState::OutPreparing {
        msg.param.remove(Param::GuaranteeE2ee);
        msg.param.remove(Param::ForcePlaintext);
        // create_send_msg_jobs() will update `param` in the db.
@@ -2721,7 +2721,10 @@ async fn prepare_send_msg(
        None
    };

-    if msg.state == MessageState::Undefined
+    if matches!(
+        msg.state,
+        MessageState::Undefined | MessageState::OutPreparing
+    )
        // Legacy SecureJoin "v*-request" messages are unencrypted.
        && msg.param.get_cmd() != SystemMessage::SecurejoinMessage
        && chat.is_encrypted(context).await?
@@ -2733,7 +2736,7 @@ async fn prepare_send_msg(
    }
    msg.state = MessageState::OutPending;

-    msg.timestamp_sort = time();
+    msg.timestamp_sort = create_smeared_timestamp(context);
    prepare_msg_blob(context, msg).await?;
    if !msg.hidden {
        chat_id.unarchive_if_not_muted(context, msg.state).await?;
@@ -2907,7 +2910,7 @@ pub(crate) async fn create_send_msg_jobs(context: &Context, msg: &mut Message) -
        );
    }

-    let now = time();
+    let now = smeared_time(context);

    if rendered_msg.last_added_location_id.is_some()
        && let Err(err) = location::set_kml_sent_timestamp(context, msg.chat_id, now).await
@@ -2934,8 +2937,8 @@ pub(crate) async fn create_send_msg_jobs(context: &Context, msg: &mut Message) -
 UPDATE msgs SET
    timestamp=(
        SELECT MAX(timestamp) FROM msgs INDEXED BY msgs_index7 WHERE
-            -- From `InFresh` to `OutDelivered` inclusive, except `OutDraft`.
-            state IN(10,13,16,18,20,24,26) AND
+            -- From `InFresh` to `OutMdnRcvd` inclusive except `OutDraft`.
+            state IN(10,13,16,18,20,24,26,28) AND
            hidden IN(0,1) AND
            chat_id=? AND
            id<=?
@@ -3549,7 +3552,7 @@ pub(crate) async fn create_group_ex(
        chat_name = "…".to_string();
    }

-    let timestamp = time();
+    let timestamp = create_smeared_timestamp(context);
    let row_id = context
        .sql
        .insert(
@@ -3635,7 +3638,7 @@ pub(crate) async fn create_out_broadcast_ex(
        bail!("Invalid broadcast channel name: {chat_name}.");
    }

-    let timestamp = time();
+    let timestamp = create_smeared_timestamp(context);
    let trans_fn = |t: &mut rusqlite::Transaction| -> Result<ChatId> {
        let cnt: u32 = t.query_row(
            "SELECT COUNT(*) FROM chats WHERE grpid=?",
@@ -3885,11 +3888,11 @@ pub(crate) async fn add_contact_to_chat_ex(
        return Ok(false);
    }
    if from_handshake && chat.param.get_int(Param::Unpromoted).unwrap_or_default() == 1 {
-        let now = time();
+        let smeared_time = smeared_time(context);
        chat.param
            .remove(Param::Unpromoted)
-            .set_i64(Param::GroupNameTimestamp, now)
-            .set_i64(Param::GroupDescriptionTimestamp, now);
+            .set_i64(Param::GroupNameTimestamp, smeared_time)
+            .set_i64(Param::GroupDescriptionTimestamp, smeared_time);
        chat.update_param(context).await?;
    }
    if context.is_self_addr(contact.get_addr()).await? {
@@ -4452,6 +4455,7 @@ pub async fn forward_msgs(context: &Context, msg_ids: &[MsgId], chat_id: ChatId)
 }

 /// Forwards multiple messages to a chat in another context.
+#[expect(clippy::arithmetic_side_effects)]
 pub async fn forward_msgs_2ctx(
    ctx_src: &Context,
    msg_ids: &[MsgId],
@@ -4462,6 +4466,7 @@ pub async fn forward_msgs_2ctx(
    ensure!(!chat_id.is_special(), "can not forward to special chat");

    let mut created_msgs: Vec<MsgId> = Vec::new();
+    let mut curr_timestamp: i64;

    chat_id
        .unarchive_if_not_muted(ctx_dst, MessageState::Undefined)
@@ -4470,7 +4475,7 @@ pub async fn forward_msgs_2ctx(
    if let Some(reason) = chat.why_cant_send(ctx_dst).await? {
        bail!("cannot send to {chat_id}: {reason}");
    }
-    let now = time();
+    curr_timestamp = create_smeared_timestamps(ctx_dst, msg_ids.len());
    let mut msgs = Vec::with_capacity(msg_ids.len());
    for id in msg_ids {
        let ts: i64 = ctx_src
@@ -4534,10 +4539,10 @@ pub async fn forward_msgs_2ctx(

        msg.state = MessageState::OutPending;
        msg.rfc724_mid = create_outgoing_rfc724_mid();
-        msg.pre_rfc724_mid.clear();
-        msg.timestamp_sort = now;
+        msg.timestamp_sort = curr_timestamp;
        chat.prepare_msg_raw(ctx_dst, &mut msg, None).await?;

+        curr_timestamp += 1;
        if !create_send_msg_jobs(ctx_dst, &mut msg).await?.is_empty() {
            ctx_dst.scheduler.interrupt_smtp().await;
        }
@@ -4630,7 +4635,7 @@ pub(crate) async fn save_copy_in_self_talk(
                } else {
                    MessageState::InSeen
                },
-                time(),
+                create_smeared_timestamp(context),
                msg.param.to_string(),
                src_msg_id,
                src_msg_id,
@@ -4807,7 +4812,7 @@ pub async fn add_device_msg_with_importance(
        chat_id = ChatId::get_for_contact(context, ContactId::DEVICE).await?;

        let rfc724_mid = create_outgoing_rfc724_mid();
-        let timestamp_sent = time();
+        let timestamp_sent = create_smeared_timestamp(context);

        // makes sure, the added message is the last one,
        // even if the date is wrong (useful esp. when warning about bad dates)
@@ -4954,7 +4959,7 @@ pub(crate) async fn add_info_msg_with_cmd(
    } else {
        let sort_to_bottom = true;
        chat_id
-            .calc_sort_timestamp(context, time(), sort_to_bottom)
+            .calc_sort_timestamp(context, smeared_time(context), sort_to_bottom)
            .await?
    };

@@ -5117,7 +5122,7 @@ async fn set_contacts_by_fingerprints(
            Ok(broadcast_contacts_added)
        })
        .await?;
-    let timestamp = time();
+    let timestamp = smeared_time(context);
    for added_id in broadcast_contacts_added {
        let msg = stock_str::msg_add_member_local(context, added_id, ContactId::UNDEFINED).await;
        add_info_msg_with_cmd(
--- a/src/chat/chat_tests.rs
+++ b/src/chat/chat_tests.rs
@@ -1625,7 +1625,6 @@ async fn test_set_chat_name() {
        "another name",
        "something different",
    ] {
-        SystemTime::shift(Duration::from_secs(1));
        set_chat_name(alice, chat_id, new_name).await.unwrap();
        let sent_msg = alice.pop_sent_msg().await;
        let received_msg = bob.recv_msg(&sent_msg).await;
@@ -3438,9 +3437,8 @@ async fn test_chat_description(
        "",
        "ä ẟ 😂",
    ] {
-        SystemTime::shift(Duration::from_secs(1));
        tcm.section(&format!(
-            "Alice sets the chat description to {description:?}"
+            "Alice sets the chat description to '{description}'"
        ));
        set_chat_description(alice, alice_chat_id, description).await?;
        let sent = alice.pop_sent_msg().await;
@@ -4461,9 +4459,7 @@ async fn test_get_chat_media_webxdc_order() -> Result<()> {
    assert_eq!(media.first().unwrap(), &instance1_id);
    assert_eq!(media.get(1).unwrap(), &instance2_id);

-    SystemTime::shift(Duration::from_secs(1));
-
-    // add a status update for the other instance; that resorts the list
+    // add a status update for the oder instance; that resorts the list
    alice
        .send_webxdc_status_update(instance1_id, r#"{"payload": {"foo": "bar"}}"#)
        .await?;
@@ -4877,6 +4873,10 @@ async fn test_sync_broadcast_and_send_message() -> Result<()> {
        vec![a2b_contact_id]
    );

+    // alice2's smeared clock may be behind alice1's one, so we need to work around "hi" appearing
+    // before "You joined the channel." for bob. alice1 makes 3 more calls of
+    // create_smeared_timestamp() than alice2 does as of 2026-03-10.
+    SystemTime::shift(Duration::from_secs(3));
    tcm.section("Alice's second device sends a message to the channel");
    let sent_msg = alice2.send_text(a2_broadcast_id, "hi").await;
    let msg = bob.recv_msg(&sent_msg).await;
--- a/src/context.rs
+++ b/src/context.rs
@@ -32,6 +32,7 @@ use crate::quota::QuotaInfo;
 use crate::scheduler::{ConnectivityStore, SchedulerState};
 use crate::sql::Sql;
 use crate::stock_str::StockStrings;
+use crate::timesmearing::SmearedTimestamp;
 use crate::tools::{self, duration_to_str, time, time_elapsed};
 use crate::transport::ConfiguredLoginParam;
 use crate::{chatlist_events, stats};
@@ -227,6 +228,7 @@ pub struct InnerContext {
    /// Blob directory path
    pub(crate) blobdir: PathBuf,
    pub(crate) sql: Sql,
+    pub(crate) smeared_timestamp: SmearedTimestamp,
    /// The global "ongoing" process state.
    ///
    /// This is a global mutex-like state for operations which should be modal in the
@@ -496,6 +498,7 @@ impl Context {
            blobdir,
            running_state: RwLock::new(Default::default()),
            sql: Sql::new(dbfile),
+            smeared_timestamp: SmearedTimestamp::new(),
            oauth2_mutex: Mutex::new(()),
            wrong_pw_warning_mutex: Mutex::new(()),
            housekeeping_mutex: Mutex::new(()),
--- a/src/decrypt.rs
+++ b/src/decrypt.rs
@@ -1,7 +1,6 @@
 //! Helper functions for decryption.
 //! The actual decryption is done in the [`crate::pgp`] module.

-use std::collections::HashSet;
 use std::io::Cursor;

 use anyhow::{Context as _, Result, bail};
@@ -19,8 +18,8 @@ use crate::chat::ChatId;
 use crate::constants::Chattype;
 use crate::contact::ContactId;
 use crate::context::Context;
+use crate::key::load_self_secret_keyring;
 use crate::key::self_fingerprint;
-use crate::key::{Fingerprint, SignedPublicKey, load_self_secret_keyring};
 use crate::token::Namespace;

 /// Tries to decrypt the message,
@@ -335,36 +334,6 @@ fn get_autocrypt_mime<'a, 'b>(mail: &'a ParsedMail<'b>) -> Option<&'a ParsedMail
    }
 }

-/// Validates signatures of Multipart/Signed message part, as defined in RFC 1847.
-///
-/// Returns the signed part and the set of key
-/// fingerprints for which there is a valid signature.
-///
-/// Returns None if the message is not Multipart/Signed or doesn't contain necessary parts.
-pub(crate) fn validate_detached_signature<'a, 'b>(
-    mail: &'a ParsedMail<'b>,
-    public_keyring_for_validate: &[SignedPublicKey],
-) -> Option<(&'a ParsedMail<'b>, HashSet<Fingerprint>)> {
-    if mail.ctype.mimetype != "multipart/signed" {
-        return None;
-    }
-
-    if let [first_part, second_part] = &mail.subparts[..] {
-        // First part is the content, second part is the signature.
-        let content = first_part.raw_bytes;
-        let ret_valid_signatures = match second_part.get_body_raw() {
-            Ok(signature) => {
-                crate::pgp::pk_validate(content, &signature, public_keyring_for_validate)
-                    .unwrap_or_default()
-            }
-            Err(_) => Default::default(),
-        };
-        Some((first_part, ret_valid_signatures))
-    } else {
-        None
-    }
-}
-
 #[cfg(test)]
 mod tests {
    use super::*;
--- a/src/ephemeral/ephemeral_tests.rs
+++ b/src/ephemeral/ephemeral_tests.rs
@@ -10,6 +10,7 @@ use crate::location;
 use crate::message::markseen_msgs;
 use crate::receive_imf::receive_imf;
 use crate::test_utils::{TestContext, TestContextManager};
+use crate::timesmearing::MAX_SECONDS_TO_LEND_FROM_FUTURE;
 use crate::{
    chat::{self, Chat, ChatItem, create_group, send_text_msg},
    tools::IsNoneOrEmpty,
@@ -351,9 +352,17 @@ async fn test_ephemeral_delete_msgs() -> Result<()> {
    let now = time();
    let msg = t.send_text(bob_chat.id, "Message text").await;

-    check_msg_will_be_deleted(&t, msg.sender_msg_id, &bob_chat, now + 1799, time() + 1801)
-        .await
-        .unwrap();
+    check_msg_will_be_deleted(
+        &t,
+        msg.sender_msg_id,
+        &bob_chat,
+        now + 1799,
+        // The message may appear to be sent MAX_SECONDS_TO_LEND_FROM_FUTURE later and
+        // therefore be deleted MAX_SECONDS_TO_LEND_FROM_FUTURE later.
+        time() + 1801 + MAX_SECONDS_TO_LEND_FROM_FUTURE,
+    )
+    .await
+    .unwrap();

    // Enable ephemeral messages with Bob -> message will be deleted after 60s.
    // This tests that the message is deleted at min(ephemeral deletion time, DeleteDeviceAfter deletion time).
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -94,6 +94,7 @@ mod smtp;
 pub mod stock_str;
 pub mod storage_usage;
 mod sync;
+mod timesmearing;
 mod token;
 mod transport;
 mod update_helper;
--- a/src/location.rs
+++ b/src/location.rs
@@ -871,7 +871,7 @@ mod tests {
    use crate::config::Config;
    use crate::message::MessageState;
    use crate::receive_imf::receive_imf;
-    use crate::test_utils::{ExpectedEvents, TestContext, TestContextManager};
+    use crate::test_utils::{TestContext, TestContextManager};
    use crate::tools::SystemTime;

    #[test]
@@ -1103,9 +1103,6 @@ Content-Disposition: attachment; filename="location.kml"
            .await?;

        let alice_chat = alice.create_chat(bob).await;
-        // Bob needs the chat accepted so that "normal" messages from Alice trigger `IncomingMsg`.
-        // Location-only messages still must trigger `MsgsChanged`.
-        bob.create_chat(alice).await;

        // Alice enables location streaming.
        // Bob receives a message saying that Alice enabled location streaming.
@@ -1120,18 +1117,7 @@ Content-Disposition: attachment; filename="location.kml"
        SystemTime::shift(Duration::from_secs(10));
        delete_expired(alice, time()).await?;
        maybe_send(alice).await?;
-        bob.evtracker.clear_events();
        bob.recv_msg_opt(&alice.pop_sent_msg().await).await;
-        bob.evtracker
-            .get_matching_ex(
-                bob,
-                ExpectedEvents {
-                    expected: |e| matches!(e, EventType::MsgsChanged { .. }),
-                    unexpected: |e| matches!(e, EventType::IncomingMsg { .. }),
-                },
-            )
-            .await
-            .unwrap();
        assert_eq!(get_range(alice, None, None, 0, 0).await?.len(), 1);
        assert_eq!(get_range(bob, None, None, 0, 0).await?.len(), 1);

--- a/src/message.rs
+++ b/src/message.rs
@@ -1381,8 +1381,13 @@ pub enum MessageState {
    /// IMAP and MDN may be sent.
    InSeen = 16,

-    // Deprecated 2024-12-07. Removed 2026-04.
-    // OutPreparing = 18,
+    /// For files which need time to be prepared before they can be
+    /// sent, the message enters this state before
+    /// OutPending.
+    ///
+    /// Deprecated 2024-12-07.
+    OutPreparing = 18,
+
    /// Message saved as draft.
    OutDraft = 19,

@@ -1415,6 +1420,7 @@ impl std::fmt::Display for MessageState {
                Self::InFresh => "Fresh",
                Self::InNoticed => "Noticed",
                Self::InSeen => "Seen",
+                Self::OutPreparing => "Preparing",
                Self::OutDraft => "Draft",
                Self::OutPending => "Pending",
                Self::OutFailed => "Failed",
@@ -1431,7 +1437,7 @@ impl MessageState {
        use MessageState::*;
        matches!(
            self,
-            OutPending | OutDelivered | OutMdnRcvd // OutMdnRcvd can still fail because it could be a group message and only some recipients failed.
+            OutPreparing | OutPending | OutDelivered | OutMdnRcvd // OutMdnRcvd can still fail because it could be a group message and only some recipients failed.
        )
    }

@@ -1440,7 +1446,7 @@ impl MessageState {
        use MessageState::*;
        matches!(
            self,
-            OutDraft | OutPending | OutFailed | OutDelivered | OutMdnRcvd
+            OutPreparing | OutDraft | OutPending | OutFailed | OutDelivered | OutMdnRcvd
        )
    }

--- a/src/mimefactory.rs
+++ b/src/mimefactory.rs
@@ -35,7 +35,10 @@ use crate::peer_channels::{create_iroh_header, get_iroh_topic_for_msg};
 use crate::pgp::{SeipdVersion, addresses_from_public_key, pubkey_supports_seipdv2};
 use crate::simplify::escape_message_footer_marks;
 use crate::stock_str;
-use crate::tools::{IsNoneOrEmpty, create_outgoing_rfc724_mid, remove_subject_prefix, time};
+use crate::tools::{
+    IsNoneOrEmpty, create_outgoing_rfc724_mid, create_smeared_timestamp, remove_subject_prefix,
+    time,
+};
 use crate::webxdc::StatusUpdateSerial;

 // attachments of 25 mb brutto should work on the majority of providers
@@ -577,7 +580,7 @@ impl MimeFactory {
    ) -> Result<MimeFactory> {
        let contact = Contact::get_by_id(context, from_id).await?;
        let from_addr = context.get_primary_self_addr().await?;
-        let timestamp = time();
+        let timestamp = create_smeared_timestamp(context);

        let addr = contact.get_addr().to_string();
        let encryption_pubkeys = if from_id == ContactId::SELF {
@@ -2298,7 +2301,7 @@ pub(crate) async fn render_symm_encrypted_securejoin_message(
        mail_builder::headers::text::Text::new("Secure-Join".to_string()).into(),
    ));

-    let timestamp = time();
+    let timestamp = create_smeared_timestamp(context);
    let date = chrono::DateTime::<chrono::Utc>::from_timestamp(timestamp, 0)
        .unwrap()
        .to_rfc2822();
--- a/src/mimeparser.rs
+++ b/src/mimeparser.rs
@@ -20,7 +20,7 @@ use crate::config::Config;
 use crate::constants;
 use crate::contact::{ContactId, import_public_key};
 use crate::context::Context;
-use crate::decrypt::{self, validate_detached_signature};
+use crate::decrypt::{self};
 use crate::dehtml::dehtml;
 use crate::download::PostMsgMetadata;
 use crate::events::EventType;
@@ -31,7 +31,9 @@ use crate::message::{self, Message, MsgId, Viewtype, get_vcard_summary, set_msg_
 use crate::param::{Param, Params};
 use crate::simplify::{SimplifiedText, simplify};
 use crate::sync::SyncItems;
-use crate::tools::{get_filemeta, parse_receive_headers, time, truncate_msg_text, validate_id};
+use crate::tools::{
+    get_filemeta, parse_receive_headers, smeared_time, time, truncate_msg_text, validate_id,
+};
 use crate::{chatlist_events, location, tools};

 /// Public key extracted from `Autocrypt-Gossip`
@@ -269,7 +271,7 @@ impl MimeMessage {
    pub(crate) async fn from_bytes(context: &Context, body: &[u8]) -> Result<Self> {
        let mail = mailparse::parse_mail(body)?;

-        let timestamp_rcvd = time();
+        let timestamp_rcvd = smeared_time(context);
        let mut timestamp_sent =
            Self::get_timestamp_sent(&mail.headers, timestamp_rcvd, timestamp_rcvd);
        let hop_info = parse_receive_headers(&mail.get_headers());
@@ -485,19 +487,6 @@ impl MimeMessage {
            HashMap::new()
        };

-        let mail = mail.as_ref().map(|mail| {
-            let (content, signatures_detached) = validate_detached_signature(mail, &public_keyring)
-                .unwrap_or((mail, Default::default()));
-            if is_encrypted {
-                let signatures_detached = signatures_detached
-                    .into_iter()
-                    .map(|fp| (fp, Vec::new()))
-                    .collect::<HashMap<_, _>>();
-                signatures.extend(signatures_detached);
-            }
-            content
-        });
-
        if let Some(expected_sender_fingerprint) = expected_sender_fingerprint {
            ensure!(
                !signatures.is_empty(),
@@ -513,7 +502,7 @@ impl MimeMessage {
            );
        }

-        if let (Ok(mail), true) = (mail, is_encrypted) {
+        if let (Ok(mail), true) = (&mail, is_encrypted) {
            if !signatures.is_empty() {
                // Unsigned "Subject" mustn't be prepended to messages shown as encrypted
                // (<https://github.com/deltachat/deltachat-core-rust/issues/1790>).
@@ -538,7 +527,7 @@ impl MimeMessage {
                &mut inner_from,
                &mut list_post,
                &mut chat_disposition_notification_to,
-                mail,
+                &mail,
            );

            if !signatures.is_empty() {
@@ -582,7 +571,7 @@ impl MimeMessage {
            signatures.clear();
        }

-        if let (Ok(mail), true) = (mail, is_encrypted)
+        if let (Ok(mail), true) = (&mail, is_encrypted)
            && let Some(post_msg_rfc724_mid) =
                mail.headers.get_header_value(HeaderDef::ChatPostMessageId)
        {
@@ -640,7 +629,7 @@ impl MimeMessage {
            from,
            incoming,
            chat_disposition_notification_to,
-            decryption_error: mail.err().map(|err| format!("{err:#}")),
+            decryption_error: mail.as_ref().err().map(|err| format!("{err:#}")),

            // only non-empty if it was a valid autocrypt message
            signature,
@@ -666,9 +655,9 @@ impl MimeMessage {
            pre_message,
        };

-        match mail {
+        match &mail {
            Ok(mail) => {
-                parser.parse_mime_recursive(context, mail, false).await?;
+                parser.parse_mime_recursive(context, &mail, false).await?;
            }
            Err(err) => {
                let txt = "[This message cannot be decrypted.\n\n• It might already help to simply reply to this message and ask the sender to send the message again.\n\n• If you just re-installed Delta Chat then it is best if you re-setup Delta Chat now and choose \"Add as second device\" or import a backup.]";
--- a/src/quota.rs
+++ b/src/quota.rs
@@ -66,6 +66,12 @@ impl Context {

    /// Updates `quota.recent`, sets `quota.modified` to the current time
    /// and emits an event to let the UIs update connectivity view.
+    ///
+    /// Moreover, once each time quota gets larger than `QUOTA_WARN_THRESHOLD_PERCENTAGE`,
+    /// a device message is added.
+    /// As the message is added only once, the user is not spammed
+    /// in case for some providers the quota is always at ~100%
+    /// and new space is allocated as needed.
    pub(crate) async fn update_recent_quota(
        &self,
        session: &mut ImapSession,
--- a/src/receive_imf.rs
+++ b/src/receive_imf.rs
@@ -806,6 +806,8 @@ UPDATE config SET value=? WHERE keyname='configured_addr' AND value!=?1
                if transport_changed {
                    info!(context, "Primary transport changed to {from_addr:?}.");
                    context.sql.uncache_raw_config("configured_addr").await;
+
+                    // Regenerate User ID in V4 keys.
                    context.self_public_key.lock().await.take();

                    context.emit_event(EventType::TransportsModified);
@@ -1017,15 +1019,8 @@ UPDATE msgs SET state=? WHERE
        let is_bot = context.get_config_bool(Config::Bot).await?;
        let is_pre_message = matches!(mime_parser.pre_message, PreMessageMode::Pre { .. });
        let skip_bot_notify = is_bot && is_pre_message;
-        let is_empty = !is_pre_message
-            && mime_parser.parts.first().is_none_or(|p| {
-                p.typ == Viewtype::Text && p.msg.is_empty() && p.param.get(Param::Quote).is_none()
-            });
-        let important = mime_parser.incoming
-            && !is_empty
-            && fresh
-            && !is_old_contact_request
-            && !skip_bot_notify;
+        let important =
+            mime_parser.incoming && fresh && !is_old_contact_request && !skip_bot_notify;

        for msg_id in &received_msg.msg_ids {
            chat_id.emit_msg_event(context, *msg_id, important);
--- a/src/receive_imf/receive_imf_tests.rs
+++ b/src/receive_imf/receive_imf_tests.rs
@@ -3975,8 +3975,6 @@ async fn test_delayed_removal_is_ignored() -> Result<()> {
    remove_contact_from_chat(bob, bob_chat_id, bob_contact_fiona).await?;
    let remove_msg = bob.pop_sent_msg().await;

-    SystemTime::shift(Duration::from_secs(1));
-
    // Bob adds new members Dom and Elena, but first addition message is lost.
    let dom = &tcm.dom().await;
    let elena = &tcm.elena().await;
@@ -3993,8 +3991,6 @@ async fn test_delayed_removal_is_ignored() -> Result<()> {
    alice.recv_msg(&add_msg).await;
    assert_eq!(get_chat_contacts(alice, chat_id).await?.len(), 4);

-    SystemTime::shift(Duration::from_secs(1));
-
    // Alice re-adds Fiona.
    add_contact_to_chat(alice, chat_id, alice_fiona).await?;
    assert_eq!(get_chat_contacts(alice, chat_id).await?.len(), 5);
--- a/src/securejoin/bob.rs
+++ b/src/securejoin/bob.rs
@@ -19,7 +19,7 @@ use crate::securejoin::{
 };
 use crate::stock_str;
 use crate::sync::Sync::*;
-use crate::tools::{create_outgoing_rfc724_mid, time};
+use crate::tools::{create_outgoing_rfc724_mid, smeared_time, time};
 use crate::{chatlist_events, mimefactory};

 /// Starts the securejoin protocol with the QR `invite`.
@@ -465,7 +465,7 @@ async fn joining_chat_id(
                        name,
                        Blocked::Not,
                        None,
-                        time(),
+                        smeared_time(context),
                    )
                    .await?
                }
--- a/src/sql/migrations.rs
+++ b/src/sql/migrations.rs
@@ -2373,18 +2373,6 @@ ALTER TABLE contacts ADD COLUMN name_normalized TEXT;
        .await?;
    }

-    inc_and_check(&mut migration_version, 152)?;
-    if dbversion < migration_version {
-        sql.execute_migration(
-            "
-UPDATE msgs SET state=26 WHERE state=28; -- Change OutMdnRcvd to OutDelivered.
-UPDATE msgs SET state=19 WHERE state=24; -- Change OutPreparing to OutFailed.
-            ",
-            migration_version,
-        )
-        .await?;
-    }
-
    let new_version = sql
        .get_raw_config_int(VERSION_CFG)
        .await?
--- a/src/test_utils.rs
+++ b/src/test_utils.rs
@@ -1431,12 +1431,6 @@ pub fn fiona_keypair() -> SignedSecretKey {
 #[derive(Debug)]
 pub struct EventTracker(EventEmitter);

-/// See [`super::EventTracker::get_matching_ex`].
-pub struct ExpectedEvents<E: Fn(&EventType) -> bool, U: Fn(&EventType) -> bool> {
-    pub expected: E,
-    pub unexpected: U,
-}
-
 impl Deref for EventTracker {
    type Target = EventEmitter;

@@ -1473,39 +1467,21 @@ impl EventTracker {
        .expect("timeout waiting for event match")
    }

-    /// Consumes all emitted events returning the first matching one if any.
+    /// Consumes emitted events returning the first matching one if any.
    pub async fn get_matching_opt<F: Fn(&EventType) -> bool>(
        &self,
        ctx: &Context,
        event_matcher: F,
-    ) -> Option<EventType> {
-        self.get_matching_ex(
-            ctx,
-            ExpectedEvents {
-                expected: event_matcher,
-                unexpected: |_| false,
-            },
-        )
-        .await
-    }
-
-    /// Consumes all emitted events returning the first matching one if any. Panics on unexpected
-    /// events.
-    pub async fn get_matching_ex<E: Fn(&EventType) -> bool, U: Fn(&EventType) -> bool>(
-        &self,
-        ctx: &Context,
-        args: ExpectedEvents<E, U>,
    ) -> Option<EventType> {
        ctx.emit_event(EventType::Test);
        let mut found_event = None;
        loop {
            let event = self.recv().await.unwrap();
-            assert!(!(args.unexpected)(&event.typ));
            if let EventType::Test = event.typ {
                return found_event;
            }
-            if (args.expected)(&event.typ) {
-                found_event.get_or_insert(event.typ);
+            if event_matcher(&event.typ) {
+                found_event = Some(event.typ);
            }
        }
    }
--- a/src/tests/pre_messages/forward_and_save.rs
+++ b/src/tests/pre_messages/forward_and_save.rs
@@ -1,6 +1,4 @@
 //! Tests about forwarding and saving Pre-Messages
-use std::time::Duration;
-
 use anyhow::Result;
 use pretty_assertions::assert_eq;

@@ -10,7 +8,6 @@ use crate::chatlist::get_last_message_for_chat;
 use crate::download::{DownloadState, PRE_MSG_ATTACHMENT_SIZE_THRESHOLD};
 use crate::message::{Message, Viewtype};
 use crate::test_utils::TestContextManager;
-use crate::tests::pre_messages::util::send_large_file_message;

 /// Test that forwarding Pre-Message should forward additional text to not be empty
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
@@ -89,43 +86,6 @@ async fn test_forwarding_pre_message_empty_text() -> Result<()> {
    Ok(())
 }

-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_receive_both() -> Result<()> {
-    let mut tcm = TestContextManager::new();
-    let alice = &tcm.alice().await;
-    let bob = &tcm.bob().await;
-    let alice_chat_id = alice.create_group_with_members("", &[bob]).await;
-
-    let (pre_message, post_message, alice_msg_id) =
-        send_large_file_message(alice, alice_chat_id, Viewtype::File, &vec![0u8; 200_000]).await?;
-
-    let msg = bob.recv_msg(&pre_message).await;
-    let _ = bob.recv_msg_trash(&post_message).await;
-    let msg = Message::load_from_db(bob, msg.id).await?;
-    assert_eq!(msg.download_state(), DownloadState::Done);
-    assert_eq!(msg.text, "test".to_owned());
-
-    forward_msgs(alice, &[alice_msg_id], alice_chat_id).await?;
-    let rev_order = false;
-    let msg = bob
-        .recv_msg(
-            &alice
-                .pop_sent_msg_ex(rev_order, Duration::ZERO)
-                .await
-                .unwrap(),
-        )
-        .await;
-    assert_eq!(msg.download_state(), DownloadState::Available);
-    assert_eq!(msg.is_forwarded(), true);
-    assert_eq!(msg.text, "test".to_owned());
-    let _ = bob.recv_msg_trash(&alice.pop_sent_msg().await).await;
-    let msg = Message::load_from_db(bob, msg.id).await?;
-    assert_eq!(msg.download_state(), DownloadState::Done);
-    assert_eq!(msg.is_forwarded(), true);
-    assert_eq!(msg.text, "test".to_owned());
-    Ok(())
-}
-
 /// Test that forwarding Pre-Message should forward additional text to not be empty
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_saving_pre_message_empty_text() -> Result<()> {
--- a/src/timesmearing.rs
+++ b/src/timesmearing.rs
@@ -0,0 +1,194 @@
+//! # Time smearing.
+//!
+//! As e-mails typically only use a second-based-resolution for timestamps,
+//! the order of two mails sent within one second is unclear.
+//! This is bad e.g. when forwarding some messages from a chat -
+//! these messages will appear at the recipient easily out of order.
+//!
+//! We work around this issue by not sending out two mails with the same timestamp.
+//! For this purpose, in short, we track the last timestamp used in `last_smeared_timestamp`
+//! when another timestamp is needed in the same second, we use `last_smeared_timestamp+1`
+//! after some moments without messages sent out,
+//! `last_smeared_timestamp` is again in sync with the normal time.
+//!
+//! However, we do not do all this for the far future,
+//! but at max `MAX_SECONDS_TO_LEND_FROM_FUTURE`
+
+use std::cmp::{max, min};
+use std::sync::atomic::{AtomicI64, Ordering};
+
+pub(crate) const MAX_SECONDS_TO_LEND_FROM_FUTURE: i64 = 30;
+
+/// Smeared timestamp generator.
+#[derive(Debug)]
+pub struct SmearedTimestamp {
+    /// Next timestamp available for allocation.
+    smeared_timestamp: AtomicI64,
+}
+
+impl SmearedTimestamp {
+    /// Creates a new smeared timestamp generator.
+    pub fn new() -> Self {
+        Self {
+            smeared_timestamp: AtomicI64::new(0),
+        }
+    }
+
+    /// Allocates `count` unique timestamps.
+    ///
+    /// Returns the first allocated timestamp.
+    #[expect(clippy::arithmetic_side_effects)]
+    pub fn create_n(&self, now: i64, count: i64) -> i64 {
+        let mut prev = self.smeared_timestamp.load(Ordering::Relaxed);
+        loop {
+            // Advance the timestamp if it is in the past,
+            // but keep `count - 1` timestamps from the past if possible.
+            let t = max(prev, now - count + 1);
+
+            // Rewind the time back if there is no room
+            // to allocate `count` timestamps without going too far into the future.
+            // Not going too far into the future
+            // is more important than generating unique timestamps.
+            let first = min(t, now + MAX_SECONDS_TO_LEND_FROM_FUTURE - count + 1);
+
+            // Allocate `count` timestamps by advancing the current timestamp.
+            let next = first + count;
+
+            if let Err(x) = self.smeared_timestamp.compare_exchange_weak(
+                prev,
+                next,
+                Ordering::Relaxed,
+                Ordering::Relaxed,
+            ) {
+                prev = x;
+            } else {
+                return first;
+            }
+        }
+    }
+
+    /// Creates a single timestamp.
+    pub fn create(&self, now: i64) -> i64 {
+        self.create_n(now, 1)
+    }
+
+    /// Returns the current smeared timestamp.
+    pub fn current(&self) -> i64 {
+        self.smeared_timestamp.load(Ordering::Relaxed)
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::test_utils::TestContext;
+    use crate::tools::{
+        SystemTime, create_smeared_timestamp, create_smeared_timestamps, smeared_time, time,
+    };
+
+    #[test]
+    fn test_smeared_timestamp() {
+        let smeared_timestamp = SmearedTimestamp::new();
+        let now = time();
+
+        assert_eq!(smeared_timestamp.current(), 0);
+
+        for i in 0..MAX_SECONDS_TO_LEND_FROM_FUTURE {
+            assert_eq!(smeared_timestamp.create(now), now + i);
+        }
+        assert_eq!(
+            smeared_timestamp.create(now),
+            now + MAX_SECONDS_TO_LEND_FROM_FUTURE
+        );
+        assert_eq!(
+            smeared_timestamp.create(now),
+            now + MAX_SECONDS_TO_LEND_FROM_FUTURE
+        );
+
+        // System time rewinds back by 1000 seconds.
+        let now = now - 1000;
+        assert_eq!(
+            smeared_timestamp.create(now),
+            now + MAX_SECONDS_TO_LEND_FROM_FUTURE
+        );
+        assert_eq!(
+            smeared_timestamp.create(now),
+            now + MAX_SECONDS_TO_LEND_FROM_FUTURE
+        );
+        assert_eq!(
+            smeared_timestamp.create(now + 1),
+            now + MAX_SECONDS_TO_LEND_FROM_FUTURE + 1
+        );
+        assert_eq!(smeared_timestamp.create(now + 100), now + 100);
+        assert_eq!(smeared_timestamp.create(now + 100), now + 101);
+        assert_eq!(smeared_timestamp.create(now + 100), now + 102);
+    }
+
+    #[test]
+    fn test_create_n_smeared_timestamps() {
+        let smeared_timestamp = SmearedTimestamp::new();
+        let now = time();
+
+        // Create a single timestamp to initialize the generator.
+        assert_eq!(smeared_timestamp.create(now), now);
+
+        // Wait a minute.
+        let now = now + 60;
+
+        // Simulate forwarding 7 messages.
+        let forwarded_messages = 7;
+
+        // We have not sent anything for a minute,
+        // so we can take the current timestamp and take 6 timestamps from the past.
+        assert_eq!(smeared_timestamp.create_n(now, forwarded_messages), now - 6);
+
+        assert_eq!(smeared_timestamp.current(), now + 1);
+
+        // Wait 4 seconds.
+        // Now we have 3 free timestamps in the past.
+        let now = now + 4;
+
+        assert_eq!(smeared_timestamp.current(), now - 3);
+
+        // Forward another 7 messages.
+        // We can only lend 3 timestamps from the past.
+        assert_eq!(smeared_timestamp.create_n(now, forwarded_messages), now - 3);
+
+        // We had to borrow 3 timestamps from the future
+        // because there were not enough timestamps in the past.
+        assert_eq!(smeared_timestamp.current(), now + 4);
+
+        // Forward another 32 messages.
+        // We cannot use more than 30 timestamps from the future,
+        // so we use 30 timestamps from the future,
+        // the current timestamp and one timestamp from the past.
+        assert_eq!(smeared_timestamp.create_n(now, 32), now - 1);
+    }
+
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_create_smeared_timestamp() {
+        let t = TestContext::new().await;
+        assert_ne!(create_smeared_timestamp(&t), create_smeared_timestamp(&t));
+        assert!(
+            create_smeared_timestamp(&t)
+                >= SystemTime::now()
+                    .duration_since(SystemTime::UNIX_EPOCH)
+                    .unwrap()
+                    .as_secs() as i64
+        );
+    }
+
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_create_smeared_timestamps() {
+        let t = TestContext::new().await;
+        let count = MAX_SECONDS_TO_LEND_FROM_FUTURE - 1;
+        let start = create_smeared_timestamps(&t, count as usize);
+        let next = smeared_time(&t);
+        assert!((start + count - 1) < next);
+
+        let count = MAX_SECONDS_TO_LEND_FROM_FUTURE + 30;
+        let start = create_smeared_timestamps(&t, count as usize);
+        let next = smeared_time(&t);
+        assert!((start + count - 1) < next);
+    }
+}
--- a/src/tools.rs
+++ b/src/tools.rs
@@ -180,6 +180,29 @@ pub(crate) fn gm2local_offset() -> i64 {
    i64::from(lt.offset().local_minus_utc())
 }

+/// Returns the current smeared timestamp,
+///
+/// The returned timestamp MAY NOT be unique and MUST NOT go to "Date" header.
+pub(crate) fn smeared_time(context: &Context) -> i64 {
+    let now = time();
+    let ts = context.smeared_timestamp.current();
+    std::cmp::max(ts, now)
+}
+
+/// Returns a timestamp that is guaranteed to be unique.
+pub(crate) fn create_smeared_timestamp(context: &Context) -> i64 {
+    let now = time();
+    context.smeared_timestamp.create(now)
+}
+
+// creates `count` timestamps that are guaranteed to be unique.
+// the first created timestamps is returned directly,
+// get the other timestamps just by adding 1..count-1
+pub(crate) fn create_smeared_timestamps(context: &Context, count: usize) -> i64 {
+    let now = time();
+    context.smeared_timestamp.create_n(now, count as i64)
+}
+
 /// Returns the last release timestamp as a unix timestamp compatible for comparison with time() and
 /// database times.
 pub fn get_release_timestamp() -> i64 {
--- a/src/transport.rs
+++ b/src/transport.rs
@@ -791,18 +791,7 @@ pub(crate) async fn sync_transports(
    context
        .sql
        .transaction(|transaction| {
-            let configured_addr = transaction.query_row(
-                "SELECT value FROM config WHERE keyname='configured_addr'",
-                (),
-                |row| {
-                    let addr: String = row.get(0)?;
-                    Ok(addr)
-                },
-            )?;
            for RemovedTransportData { addr, timestamp } in removed_transports {
-                if *addr == configured_addr {
-                    continue;
-                }
                modified |= transaction.execute(
                    "DELETE FROM transports
                     WHERE addr=? AND add_timestamp<=?",
--- a/src/webxdc.rs
+++ b/src/webxdc.rs
@@ -46,7 +46,7 @@ use crate::mimefactory::RECOMMENDED_FILE_SIZE;
 use crate::mimeparser::SystemMessage;
 use crate::param::Param;
 use crate::param::Params;
-use crate::tools::{create_id, get_abs_path, time};
+use crate::tools::{create_id, create_smeared_timestamp, get_abs_path};

 /// The current API version.
 /// If `min_api` in manifest.toml is set to a larger value,
@@ -550,7 +550,7 @@ impl Context {

        let send_now = !matches!(
            instance.state,
-            MessageState::Undefined | MessageState::OutDraft
+            MessageState::Undefined | MessageState::OutPreparing | MessageState::OutDraft
        );

        status_update.uid = Some(create_id());
@@ -558,7 +558,7 @@ impl Context {
            .create_status_update_record(
                &instance,
                status_update,
-                time(),
+                create_smeared_timestamp(self),
                send_now,
                ContactId::SELF,
            )
--- a/test-data/golden/test_sync_broadcast_alice1
+++ b/test-data/golden/test_sync_broadcast_alice1
@@ -1,7 +1,7 @@
 OutBroadcast#Chat#1001: Channel [0 member(s)]
 --------------------------------------------------------------------------------
 Msg#1001: info (Contact#Contact#Info): Messages are end-to-end encrypted. [NOTICED][INFO]
-Msg#1006🔒: Me (Contact#Contact#Self): Member bob@example.net added. [INFO] √
 Msg#1008🔒: Me (Contact#Contact#Self): hi  √
+Msg#1006🔒: Me (Contact#Contact#Self): Member bob@example.net added. [INFO] √
 Msg#1009🔒: Me (Contact#Contact#Self): You removed member bob@example.net. [INFO] √
 --------------------------------------------------------------------------------