Add some information about mailing list managers.

Add draft/mailing_list_current_state.rst
Add Self and mailing list id as contacts; unfortunately I had to remove the may_be_valid_addr test because a listId is not a vaild email address
2026-04-08 16:42:10 +03:00 · 2020-04-17 18:38:34 +02:00 · 2020-04-17 18:19:32 +02:00 · 2020-04-17 12:45:22 +02:00 · 2020-04-17 11:12:19 +02:00 · 2020-04-17 10:18:10 +02:00
105 changed files with 6390 additions and 3549 deletions
--- a/.github/workflows/code-quality.yml
+++ b/.github/workflows/code-quality.yml
@@ -10,7 +10,7 @@ jobs:
      - uses: actions-rs/toolchain@v1
        with:
          profile: minimal
-          toolchain: nightly-2019-11-06
+          toolchain: nightly-2020-03-12
          override: true
      - uses: actions-rs/cargo@v1
        with:
@@ -25,7 +25,7 @@ jobs:
      - uses: actions-rs/toolchain@v1
        with:
          profile: minimal
-          toolchain: nightly-2019-11-06
+          toolchain: nightly-2020-03-12
          override: true
      - run: rustup component add rustfmt
      - uses: actions-rs/cargo@v1
@@ -39,10 +39,10 @@ jobs:
      - uses: actions/checkout@v1
      - uses: actions-rs/toolchain@v1
        with:
-            toolchain: nightly-2019-11-06
+            toolchain: nightly-2020-03-12
            components: clippy
            override: true
      - uses: actions-rs/clippy-check@v1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
-          args: --all-features
+          args: --all-features
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,80 @@
 # Changelog 

+## 1.28.0
+
+- new flag DC_GCL_FOR_FORWARDING for dc_get_chatlist()
+  that will sort the "saved messages" chat to the top of the chatlist #1336
+- mark mails as being deleted from server in dc_empty_server() #1333
+- fix interaction with servers that do not allow folder creation on root-level;
+  use path separator as defined by the email server #1359
+- fix group creation if group was created by non-delta clients #1357
+- fix showing replies from non-delta clients #1353
+- fix member list on rejoining left groups #1343
+- fix crash when using empty groups #1354
+- fix potential crash on special names #1350
+
+
+## 1.27.0
+
+- handle keys reliably on armv7 #1327
+
+
+## 1.26.0
+
+- change generated key type back to RSA as shipped versions
+  have problems to encrypt to Ed25519 keys
+
+- update rPGP to encrypt reliably to Ed25519 keys;
+  one of the next versions can finally use Ed25519 keys then
+
+
+## 1.25.0
+
+- save traffic by downloading only messages that are really displayed #1236
+
+- change generated key type to Ed25519, these keys are much shorter
+  than RSA keys, which results in saving traffic and speed improvements #1287
+
+- improve key handling #1237 #1240 #1242 #1247
+
+- mute handling, apis are dc_set_chat_mute_duration()
+  dc_chat_is_muted() and dc_chat_get_remaining_mute_duration() #1143
+
+- pinning chats, new apis are dc_set_chat_visibility() and
+  dc_chat_get_visibility() #1248
+
+- add dc_provider_new_from_email() api that queries the new, integrated
+  provider-database #1207
+
+- account creation by scanning a qr code
+  in the DCACCOUNT scheme (https://mailadm.readthedocs.io),
+  new api is dc_set_config_from_qr() #1249
+
+- if possible, dc_join_securejoin(), returns the new chat-id immediately
+  and does the handshake in background #1225
+
+- update imap and smtp dependencies #1115
+
+- check for MOVE capability before using MOVE command #1263
+
+- allow inline attachments from RFC 2183 #1280
+
+- fix updating names from incoming mails #1298
+
+- fix error messages shown on import #1234
+
+- directly attempt to re-connect if the smtp connection is maybe stale #1296
+
+- improve adding group members #1291
+
+- improve rust-api #1261
+
+- cleanup #1302 #1283 #1282 #1276 #1270-#1274 #1267 #1258-#1260
+  #1257 #1239 #1231 #1224
+
+- update spec #1286 #1291
+
+
 ## 1.0.0-beta.24

 - fix oauth2/gmail bug introduced in beta23 (not used in releases) #1219
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat"
-version = "1.0.0-beta.24"
+version = "1.28.0"
 authors = ["Delta Chat Developers (ML) <delta@codespeak.net>"]
 edition = "2018"
 license = "MPL-2.0"
@@ -12,7 +12,7 @@ lto = true
 deltachat_derive = { path = "./deltachat_derive" }

 libc = "0.2.51"
-pgp = { version = "0.4.0", default-features = false }
+pgp = { version = "0.5.1", default-features = false } 
 hex = "0.4.0"
 sha2 = "0.8.0"
 rand = "0.7.0"
@@ -32,8 +32,6 @@ percent-encoding = "2.0"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 chrono = "0.4.6"
-failure = "0.1.5"
-failure_derive = "0.1.5"
 indexmap = "1.3.0"
 lazy_static = "1.4.0"
 regex = "1.1.6"
@@ -53,13 +51,15 @@ bitflags = "1.1.0"
 debug_stub_derive = "0.3.0"
 sanitize-filename = "0.2.1"
 stop-token = { version = "0.1.1", features = ["unstable"] }
-mailparse = { git = "https://github.com/link2xt/mailparse", branch="address-comma" }
+mailparse = "0.12.0"
 encoded-words = { git = "https://github.com/async-email/encoded-words", branch="master" }
 native-tls = "0.2.3"
 image = { version = "0.22.4", default-features=false, features = ["gif_codec", "jpeg", "ico", "png_codec", "pnm", "webp", "bmp"] }
 pretty_env_logger = "0.3.1"

 rustyline = { version = "4.1.0", optional = true }
+thiserror = "1.0.14"
+anyhow = "1.0.28"

 [dev-dependencies]
 tempfile = "3.0"
@@ -84,7 +84,7 @@ required-features = ["rustyline"]


 [features]
-default = ["nightly", "ringbuf"]
+default = ["nightly"]
 vendored = ["async-native-tls/vendored", "reqwest/native-tls-vendored", "async-smtp/native-tls-vendored"]
 nightly = ["pgp/nightly"]
-ringbuf = ["pgp/ringbuf"]
+
--- a/README.md
+++ b/README.md
@@ -108,7 +108,6 @@ $ cargo test -- --ignored

 - `vendored`: When using Openssl for TLS, this bundles a vendored version.
 - `nightly`: Enable nightly only performance and security related features.
- `ringbuf`: Enable the use of [`slice_deque`](https://github.com/gnzlbg/slice_deque) in pgp.

 [circle-shield]: https://img.shields.io/circleci/project/github/deltachat/deltachat-core-rust/master.svg?style=flat-square
 [circle]: https://circleci.com/gh/deltachat/deltachat-core-rust/
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -4,7 +4,7 @@ environment:

 install:
  - appveyor DownloadFile https://win.rustup.rs/ -FileName rustup-init.exe
-  - rustup-init -yv --default-toolchain nightly-2019-07-10
+  - rustup-init -yv --default-toolchain nightly-2020-03-12
  - set PATH=%PATH%;%USERPROFILE%\.cargo\bin
  - rustc -vV
  - cargo -vV
--- a/ci_scripts/docker-coredeps/deps/build_rust.sh
+++ b/ci_scripts/docker-coredeps/deps/build_rust.sh
@@ -3,9 +3,9 @@
 set -e -x

 # Install Rust
-curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain nightly-2019-11-06 -y
+curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain nightly-2020-03-12 -y
 export PATH=/root/.cargo/bin:$PATH
 rustc --version

 # remove some 300-400 MB that we don't need for automated builds
-rm -rf /root/.rustup/toolchains/nightly-2019-11-06-x86_64-unknown-linux-gnu/share/
+rm -rf /root/.rustup/toolchains/nightly-2020-03-12-x86_64-unknown-linux-gnu/share/
--- a/ci_scripts/old/run-python.sh
+++ b/ci_scripts/old/run-python.sh
@@ -46,6 +46,7 @@ if [ -n "$TESTS" ]; then
    tox --workdir "$TOXWORKDIR" -e py37 -- --reruns 3 -k "not qr"
    tox --workdir "$TOXWORKDIR" -e py37 -- --reruns 3 -k "qr"
    unset DCC_PY_LIVECONFIG
+    unset DCC_NEW_TMP_EMAIL
    tox --workdir "$TOXWORKDIR" -p4 -e lint,py35,py36,doc
    tox --workdir "$TOXWORKDIR" -e auditwheels
    popd
--- a/ci_scripts/remote_python_packaging.sh
+++ b/ci_scripts/remote_python_packaging.sh
@@ -32,11 +32,11 @@ ssh $SSHTARGET bash -c "cat >$BUILDDIR/exec_docker_run" <<_HERE
    set +x -e
    cd $BUILDDIR
    export DCC_PY_LIVECONFIG=$DCC_PY_LIVECONFIG
-
+    export DCC_NEW_TMP_EMAIL=$DCC_NEW_TMP_EMAIL
    set -x

    # run everything else inside docker 
-    docker run -e DCC_PY_LIVECONFIG \
+    docker run -e DCC_NEW_TMP_EMAIL -e DCC_PY_LIVECONFIG \
       --rm -it -v \$(pwd):/mnt -w /mnt \
       deltachat/coredeps ci_scripts/run_all.sh

--- a/ci_scripts/remote_tests_python.sh
+++ b/ci_scripts/remote_tests_python.sh
@@ -30,6 +30,7 @@ ssh $SSHTARGET <<_HERE
    export CARGO_TARGET_DIR=\`pwd\`/../target
    export TARGET=release
    export DCC_PY_LIVECONFIG=$DCC_PY_LIVECONFIG
+    export DCC_NEW_TMP_EMAIL=$DCC_NEW_TMP_EMAIL

    #we rely on tox/virtualenv being available in the host
    #rm -rf virtualenv venv
--- a/ci_scripts/run_all.sh
+++ b/ci_scripts/run_all.sh
@@ -37,7 +37,8 @@ mkdir -p $TOXWORKDIR
 # XXX we may switch on some live-tests on for better ensurances 
 # Note that the independent remote_tests_python step does all kinds of
 # live-testing already. 
-unset DCC_PY_LIVECONFIG 
+unset DCC_PY_LIVECONFIG
+unset DCC_NEW_TMP_EMAIL
 tox --workdir "$TOXWORKDIR" -e py35,py36,py37,py38,auditwheels
 popd

--- a/deltachat-ffi/Cargo.toml
+++ b/deltachat-ffi/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat_ffi"
-version = "1.0.0-beta.24"
+version = "1.28.0"
 description = "Deltachat FFI"
 authors = ["Delta Chat Developers (ML) <delta@codespeak.net>"]
 edition = "2018"
@@ -19,11 +19,11 @@ deltachat = { path = "../", default-features = false }
 libc = "0.2"
 human-panic = "1.0.1"
 num-traits = "0.2.6"
-failure = "0.1.6"
 serde_json = "1.0"
+anyhow = "1.0.28"
+thiserror = "1.0.14"

 [features]
-default = ["vendored", "nightly", "ringbuf"]
+default = ["vendored", "nightly"]
 vendored = ["deltachat/vendored"]
 nightly = ["deltachat/nightly"]
-ringbuf = ["deltachat/ringbuf"]
--- a/deltachat-ffi/deltachat.h
+++ b/deltachat-ffi/deltachat.h
@@ -364,9 +364,23 @@ char*           dc_get_blobdir               (const dc_context_t* context);
 *                    also show all mails of confirmed contacts,
 *                    DC_SHOW_EMAILS_ALL (2)=
 *                    also show mails of unconfirmed contacts in the deaddrop.
+ * - `key_gen_type` = DC_KEY_GEN_DEFAULT (0)=
+ *                    generate recommended key type (default),
+ *                    DC_KEY_GEN_RSA2048 (1)=
+ *                    generate RSA 2048 keypair
+ *                    DC_KEY_GEN_ED25519 (2)=
+ *                    generate Ed25519 keypair
 * - `save_mime_headers` = 1=save mime headers
 *                    and make dc_get_mime_headers() work for subsequent calls,
 *                    0=do not save mime headers (default)
+ * - `delete_device_after` = 0=do not delete messages from device automatically (default),
+ *                    >=1=seconds, after which messages are deleted automatically from the device.
+ *                    Messages in the "saved messages" chat (see dc_chat_is_self_talk()) are skipped.
+ *                    Messages are deleted whether they were seen or not, the UI should clearly point that out.
+ * - `delete_server_after` = 0=do not delete messages from server automatically (default),
+ *                    >=1=seconds, after which messages are deleted automatically from the server.
+ *                    "Saved messages" are deleted from the server as well as
+ *                    emails matching the `show_emails` settings above, the UI should clearly point that out.
 *
 * If you want to retrieve a value, use dc_get_config().
 *
@@ -895,6 +909,7 @@ int             dc_preconfigure_keypair        (dc_context_t* context, const cha
 #define         DC_GCL_ARCHIVED_ONLY         0x01
 #define         DC_GCL_NO_SPECIALS           0x02
 #define         DC_GCL_ADD_ALLDONE_HINT      0x04
+#define         DC_GCL_FOR_FORWARDING        0x08


 /**
@@ -918,7 +933,7 @@ int             dc_preconfigure_keypair        (dc_context_t* context, const cha
 *   or "Not now".
 *   The UI can also offer a "Close" button that calls dc_marknoticed_contact() then.
 * - DC_CHAT_ID_ARCHIVED_LINK (6) - this special chat is present if the user has
- *   archived _any_ chat using dc_archive_chat(). The UI should show a link as
+ *   archived _any_ chat using dc_set_chat_visibility(). The UI should show a link as
 *   "Show archived chats", if the user clicks this item, the UI should show a
 *   list of all archived chats that can be created by this function hen using
 *   the DC_GCL_ARCHIVED_ONLY flag.
@@ -933,6 +948,8 @@ int             dc_preconfigure_keypair        (dc_context_t* context, const cha
 *       if DC_GCL_ARCHIVED_ONLY is not set, only unarchived chats are returned and
 *       the pseudo-chat DC_CHAT_ID_ARCHIVED_LINK is added if there are _any_ archived
 *       chats
+ *     - the flag DC_GCL_FOR_FORWARDING sorts "Saved messages" to the top of the chatlist,
+ *       typically used on forwarding, may be combined with DC_GCL_NO_SPECIALS
 *     - if the flag DC_GCL_NO_SPECIALS is set, deaddrop and archive link are not added
 *       to the list (may be used eg. for selecting chats on forwarding, the flag is
 *       not needed when DC_GCL_ARCHIVED_ONLY is already set)
@@ -1286,6 +1303,21 @@ int             dc_get_msg_cnt               (dc_context_t* context, uint32_t ch
 int             dc_get_fresh_msg_cnt         (dc_context_t* context, uint32_t chat_id);


+
+/**
+ * Estimate the number of messages that will be deleted
+ * by the dc_set_config()-options `delete_device_after` or `delete_server_after`.
+ * This is typically used to show the estimated impact to the user before actually enabling ephemeral messages.
+ *
+ * @param context The context object as returned from dc_context_new().
+ * @param from_server 1=Estimate deletion count for server, 0=Estimate deletion count for device
+ * @param seconds Count messages older than the given number of seconds.
+ * @return Number of messages that are older than the given number of seconds.
+ *     This includes emails downloaded due to the `show_emails` option.
+ *     Messages in the "saved messages" folder are not counted as they will not be deleted automatically.
+ */
+int             dc_estimate_deletion_cnt    (dc_context_t* context, int from_server, int64_t seconds);
+
 /**
 * Returns the message IDs of all _fresh_ messages of any chat.
 * Typically used for implementing notification summaries.
@@ -1372,25 +1404,18 @@ uint32_t        dc_get_next_media            (dc_context_t* context, uint32_t ms


 /**
- * Archive or unarchive a chat.
+ * Set chat visibility to pinned, archived or normal.
 *
- * Archived chats are not included in the default chatlist returned
- * by dc_get_chatlist().  Instead, if there are _any_ archived chats,
- * the pseudo-chat with the chat_id DC_CHAT_ID_ARCHIVED_LINK will be added the the
- * end of the chatlist.
- *
- * - To get a list of archived chats, use dc_get_chatlist() with the flag DC_GCL_ARCHIVED_ONLY.
- * - To find out the archived state of a given chat, use dc_chat_get_archived()
- * - Messages in archived chats are marked as being noticed, so they do not count as "fresh"
- * - Calling this function usually results in the event #DC_EVENT_MSGS_CHANGED
+ * Calling this function usually results in the event #DC_EVENT_MSGS_CHANGED
+ * See @ref DC_CHAT_VISIBILITY for detailed information about the visibilities.
 *
 * @memberof dc_context_t
 * @param context The context object as returned from dc_context_new().
- * @param chat_id The ID of the chat to archive or unarchive.
- * @param archive 1=archive chat, 0=unarchive chat, all other values are reserved for future use
+ * @param chat_id The ID of the chat to change the visibility for.
+ * @param visibility one of @ref DC_CHAT_VISIBILITY
 * @return None.
 */
-void            dc_archive_chat              (dc_context_t* context, uint32_t chat_id, int archive);
+void            dc_set_chat_visibility       (dc_context_t* context, uint32_t chat_id, int visibility);


 /**
@@ -1656,8 +1681,9 @@ char*           dc_get_mime_headers          (dc_context_t* context, uint32_t ms
 */
 void            dc_delete_msgs               (dc_context_t* context, const uint32_t* msg_ids, int msg_cnt);

-/**
+/*
 * Empty IMAP server folder: delete all messages.
+ * Deprecated, use dc_set_config() with the key "delete_server_after" instead.
 *
 * @memberof dc_context_t
 * @param context The context object as created by dc_context_new()
@@ -2846,21 +2872,14 @@ uint32_t        dc_chat_get_color            (const dc_chat_t* chat);


 /**
- * Get archived state.
- *
- * - 0 = normal chat, not archived, not sticky.
- * - 1 = chat archived
- * - 2 = chat sticky (reserved for future use, if you do not support this value, just treat the chat as a normal one)
- *
- * To archive or unarchive chats, use dc_archive_chat().
- * If chats are archived, this should be shown in the UI by a little icon or text,
- * eg. the search will also return archived chats.
+ * Get visibility of chat.
+ * See @ref DC_CHAT_VISIBILITY for detailed information about the visibilities.
 *
 * @memberof dc_chat_t
 * @param chat The chat object.
- * @return Archived state.
+ * @return One of @ref DC_CHAT_VISIBILITY
 */
-int             dc_chat_get_archived         (const dc_chat_t* chat);
+int             dc_chat_get_visibility       (const dc_chat_t* chat);


 /**
@@ -3773,7 +3792,7 @@ int             dc_contact_is_verified       (dc_contact_t* contact);
 *     accessor functions.  If no provider info is found, NULL will be
 *     returned.
 */
-dc_provider_t*  dc_provider_new_from_email            (const dc_context_t*, const char* email);
+dc_provider_t*  dc_provider_new_from_email            (const dc_context_t* context, const char* email);


 /**
@@ -4132,28 +4151,8 @@ int64_t          dc_lot_get_timestamp     (const dc_lot_t* lot);
 */


-/**
- * @defgroup DC_EMPTY DC_EMPTY
- *
- * These constants configure emptying imap folders with dc_empty_server()
- *
- * @addtogroup DC_EMPTY
- * @{
- */
-
-/**
- * Clear all mvbox messages.
- */
-#define DC_EMPTY_MVBOX 0x01
-
-/**
- * Clear all INBOX messages.
- */
-#define DC_EMPTY_INBOX 0x02
-
-/**
- * @}
- */
+#define DC_EMPTY_MVBOX 0x01 // Deprecated, flag for dc_empty_server(): Clear all mvbox messages
+#define DC_EMPTY_INBOX 0x02 // Deprecated, flag for dc_empty_server(): Clear all INBOX messages


 /**
@@ -4506,14 +4505,22 @@ int64_t          dc_lot_get_timestamp     (const dc_lot_t* lot);


 /**
- * This event is sent out to the inviter when a joiner successfully joined a group.
+ * This event is sent for each member that gets added to a (verified or unverified) chat. 
 *
 * @param data1 (int) chat_id
 * @param data2 (int) contact_id
 * @return 0
 */
-#define DC_EVENT_SECUREJOIN_MEMBER_ADDED 2062
+#define DC_EVENT_MEMBER_ADDED 2062

+/**
+ * This event is sent for each member that gets removed from a (verified or unverified) chat. 
+ *
+ * @param data1 (int) chat_id
+ * @param data2 (int) contact_id
+ * @return 0
+ */
+#define DC_EVENT_MEMBER_REMOVED 2063

 /**
 * @}
@@ -4532,6 +4539,8 @@ int64_t          dc_lot_get_timestamp     (const dc_lot_t* lot);
 #define DC_EVENT_RETURNS_STRING(e)   ((e)==DC_EVENT_GET_STRING) // not used anymore
 char*           dc_get_version_str           (void); // deprecated
 void            dc_array_add_id              (dc_array_t*, uint32_t); // deprecated
+#define dc_archive_chat(a,b,c)  dc_set_chat_visibility((a), (b), (c)? 1 : 0) // not used anymore
+#define dc_chat_get_archived(a) (dc_chat_get_visibility((a))==1? 1 : 0)      // not used anymore


 /*
@@ -4541,6 +4550,13 @@ void            dc_array_add_id              (dc_array_t*, uint32_t); // depreca
 #define DC_SHOW_EMAILS_ACCEPTED_CONTACTS 1
 #define DC_SHOW_EMAILS_ALL               2

+/*
+ * Values for dc_get|set_config("key_gen_type")
+ */
+#define DC_KEY_GEN_DEFAULT 0
+#define DC_KEY_GEN_RSA2048 1
+#define DC_KEY_GEN_ED25519 2
+

 /**
 * @defgroup DC_PROVIDER_STATUS DC_PROVIDER_STATUS
@@ -4597,6 +4613,48 @@ void            dc_array_add_id              (dc_array_t*, uint32_t); // depreca
 */


+/**
+ * @defgroup DC_CHAT_VISIBILITY DC_CHAT_VISIBILITY
+ *
+ * These constants describe the visibility of a chat.
+ * The chat visibiliry can be get using dc_chat_get_visibility()
+ * and set using dc_set_chat_visibility().
+ *
+ * @addtogroup DC_CHAT_VISIBILITY
+ * @{
+ */
+
+/**
+ * Chats with normal visibility are not archived and are shown below all pinned chats.
+ * Archived chats, that receive new messages automatically become normal chats.
+ */
+#define         DC_CHAT_VISIBILITY_NORMAL      0
+
+/**
+ * Archived chats are not included in the default chatlist returned by dc_get_chatlist().
+ * Instead, if there are _any_ archived chats, the pseudo-chat
+ * with the chat_id DC_CHAT_ID_ARCHIVED_LINK will be added the the end of the chatlist.
+ *
+ * The UI typically shows a little icon or chats beside archived chats in the chatlist,
+ * this is needed as eg. the search will also return archived chats.
+ *
+ * If archived chats receive new messages, they become normal chats again.
+ *
+ * To get a list of archived chats, use dc_get_chatlist() with the flag DC_GCL_ARCHIVED_ONLY.
+ */
+#define         DC_CHAT_VISIBILITY_ARCHIVED    1
+
+/**
+ * Pinned chats are included in the default chatlist. moreover,
+ * they are always the first items, whether they have fresh messages or not.
+ */
+#define         DC_CHAT_VISIBILITY_PINNED      2
+
+/**
+ * @}
+ */
+
+
 /*
 * TODO: Strings need some doumentation about used placeholders.
 *
--- a/deltachat-ffi/src/lib.rs
+++ b/deltachat-ffi/src/lib.rs
@@ -25,10 +25,9 @@ use std::time::{Duration, SystemTime};
 use libc::uintptr_t;
 use num_traits::{FromPrimitive, ToPrimitive};

-use deltachat::chat::ChatId;
-use deltachat::chat::MuteDuration;
+use deltachat::chat::{ChatId, ChatVisibility, MuteDuration};
 use deltachat::constants::DC_MSG_ID_LAST_SPECIAL;
-use deltachat::contact::Contact;
+use deltachat::contact::{Contact, Origin};
 use deltachat::context::Context;
 use deltachat::key::DcKey;
 use deltachat::message::MsgId;
@@ -86,17 +85,6 @@ pub type dc_callback_t =
 pub type dc_context_t = ContextWrapper;

 impl ContextWrapper {
-    /// Log an error on the FFI context.
-    ///
-    /// As soon as a [ContextWrapper] exist it can be used to log an
-    /// error using the callback, even before [dc_context_open] is
-    /// called and an actual [Context] exists.
-    ///
-    /// This function makes it easy to log an error.
-    unsafe fn error(&self, msg: &str) {
-        self.translate_cb(Event::Error(msg.to_string()));
-    }
-
    /// Log a warning on the FFI context.
    ///
    /// Like [error] but logs as a warning which only goes to the
@@ -120,10 +108,6 @@ impl ContextWrapper {
    /// the appropriate return value for an error return since this
    /// differs for various functions on the FFI API: sometimes 0,
    /// NULL, an empty string etc.
-    ///
-    /// Prefer to use [ContextWrapper::try_inner], we might want to
-    /// remove this function at some point to reduce the cognitive
-    /// overload of having two functions which are too similar.
    unsafe fn with_inner<T, F>(&self, ctxfn: F) -> Result<T, ()>
    where
        F: FnOnce(&Context) -> T,
@@ -136,17 +120,17 @@ impl ContextWrapper {
    /// Unlock the context and execute a closure with it.
    ///
    /// This is like [ContextWrapper::with_inner] but uses
-    /// [failure::Error] as error type.  This allows you to write a
+    /// [anyhow::Error] as error type.  This allows you to write a
    /// closure which could produce many errors, use the `?` operator
    /// to return them and handle them all as the return of this call.
-    fn try_inner<T, F>(&self, ctxfn: F) -> Result<T, failure::Error>
+    fn try_inner<T, F>(&self, ctxfn: F) -> Result<T, anyhow::Error>
    where
-        F: FnOnce(&Context) -> Result<T, failure::Error>,
+        F: FnOnce(&Context) -> Result<T, anyhow::Error>,
    {
        let guard = self.inner.read().unwrap();
        match guard.as_ref() {
            Some(ref ctx) => ctxfn(ctx),
-            None => Err(failure::err_msg("context not open")),
+            None => Err(anyhow::format_err!("context not open")),
        }
    }

@@ -215,6 +199,14 @@ impl ContextWrapper {
                Event::SecurejoinMemberAdded {
                    chat_id,
                    contact_id,
+                }
+                | Event::MemberAdded {
+                    chat_id,
+                    contact_id,
+                }
+                | Event::MemberRemoved {
+                    chat_id,
+                    contact_id,
                } => {
                    ffi_cb(
                        self,
@@ -367,7 +359,7 @@ pub unsafe extern "C" fn dc_set_config(
            })
            .unwrap_or(0),
        Err(_) => {
-            ffi_context.error("dc_set_config(): invalid key");
+            ffi_context.warning("dc_set_config(): invalid key");
            0
        }
    }
@@ -388,7 +380,7 @@ pub unsafe extern "C" fn dc_get_config(
            .with_inner(|ctx| ctx.get_config(key).unwrap_or_default().strdup())
            .unwrap_or_else(|_| "".strdup()),
        Err(_) => {
-            ffi_context.error("dc_get_config(): invalid key");
+            ffi_context.warning("dc_get_config(): invalid key");
            "".strdup()
        }
    }
@@ -449,7 +441,7 @@ pub unsafe extern "C" fn dc_set_config_from_qr(
 pub unsafe extern "C" fn dc_get_info(context: *mut dc_context_t) -> *mut libc::c_char {
    if context.is_null() {
        eprintln!("ignoring careless call to dc_get_info()");
-        return dc_strdup(ptr::null());
+        return "".strdup();
    }
    let ffi_context = &*context;
    let guard = ffi_context.inner.read().unwrap();
@@ -504,9 +496,7 @@ pub unsafe extern "C" fn dc_configure(context: *mut dc_context_t) {
        return;
    }
    let ffi_context = &*context;
-    ffi_context
-        .with_inner(|ctx| configure::configure(ctx))
-        .unwrap_or(())
+    ffi_context.with_inner(|ctx| ctx.configure()).unwrap_or(())
 }

 #[no_mangle]
@@ -517,7 +507,7 @@ pub unsafe extern "C" fn dc_is_configured(context: *mut dc_context_t) -> libc::c
    }
    let ffi_context = &*context;
    ffi_context
-        .with_inner(|ctx| configure::dc_is_configured(ctx) as libc::c_int)
+        .with_inner(|ctx| ctx.is_configured() as libc::c_int)
        .unwrap_or(0)
 }

@@ -739,7 +729,7 @@ pub unsafe extern "C" fn dc_preconfigure_keypair(
            key::store_self_keypair(ctx, &keypair, key::KeyPairUse::Default)?;
            Ok(1)
        })
-        .log_warn(ffi_context, "Failed to save keypair")
+        .log_err(ffi_context, "Failed to save keypair")
        .unwrap_or(0)
 }

@@ -786,7 +776,7 @@ pub unsafe extern "C" fn dc_create_chat_by_msg_id(context: *mut dc_context_t, ms
    ffi_context
        .with_inner(|ctx| {
            chat::create_by_msg_id(ctx, MsgId::new(msg_id))
-                .log_err(ctx, "Failed to create chat from msg_id")
+                .log_err(ffi_context, "Failed to create chat from msg_id")
                .map(|id| id.to_u32())
                .unwrap_or(0)
        })
@@ -806,7 +796,7 @@ pub unsafe extern "C" fn dc_create_chat_by_contact_id(
    ffi_context
        .with_inner(|ctx| {
            chat::create_by_contact_id(ctx, contact_id)
-                .log_err(ctx, "Failed to create chat from contact_id")
+                .log_err(ffi_context, "Failed to create chat from contact_id")
                .map(|id| id.to_u32())
                .unwrap_or(0)
        })
@@ -826,7 +816,7 @@ pub unsafe extern "C" fn dc_get_chat_id_by_contact_id(
    ffi_context
        .with_inner(|ctx| {
            chat::get_by_contact_id(ctx, contact_id)
-                .log_err(ctx, "Failed to get chat for contact_id")
+                .log_err(ffi_context, "Failed to get chat for contact_id")
                .map(|id| id.to_u32())
                .unwrap_or(0)
        })
@@ -1063,6 +1053,25 @@ pub unsafe extern "C" fn dc_get_fresh_msg_cnt(
        .unwrap_or(0)
 }

+#[no_mangle]
+pub unsafe extern "C" fn dc_estimate_deletion_cnt(
+    context: *mut dc_context_t,
+    from_server: libc::c_int,
+    seconds: i64,
+) -> libc::c_int {
+    if context.is_null() || seconds < 0 {
+        eprintln!("ignoring careless call to dc_estimate_deletion_cnt()");
+        return 0;
+    }
+    let ffi_context = &*context;
+    ffi_context
+        .with_inner(|ctx| {
+            message::estimate_deletion_cnt(ctx, from_server != 0, seconds).unwrap_or(0)
+                as libc::c_int
+        })
+        .unwrap_or(0)
+}
+
 #[no_mangle]
 pub unsafe extern "C" fn dc_get_fresh_msgs(
    context: *mut dc_context_t,
@@ -1095,7 +1104,7 @@ pub unsafe extern "C" fn dc_marknoticed_chat(context: *mut dc_context_t, chat_id
    ffi_context
        .with_inner(|ctx| {
            chat::marknoticed_chat(ctx, ChatId::new(chat_id))
-                .log_err(ctx, "Failed marknoticed chat")
+                .log_err(ffi_context, "Failed marknoticed chat")
                .unwrap_or(())
        })
        .unwrap_or(())
@@ -1111,7 +1120,7 @@ pub unsafe extern "C" fn dc_marknoticed_all_chats(context: *mut dc_context_t) {
    ffi_context
        .with_inner(|ctx| {
            chat::marknoticed_all_chats(ctx)
-                .log_err(ctx, "Failed marknoticed all chats")
+                .log_err(ffi_context, "Failed marknoticed all chats")
                .unwrap_or(())
        })
        .unwrap_or(())
@@ -1204,28 +1213,32 @@ pub unsafe extern "C" fn dc_get_next_media(
 }

 #[no_mangle]
-pub unsafe extern "C" fn dc_archive_chat(
+pub unsafe extern "C" fn dc_set_chat_visibility(
    context: *mut dc_context_t,
    chat_id: u32,
    archive: libc::c_int,
 ) {
    if context.is_null() {
-        eprintln!("ignoring careless call to dc_archive_chat()");
+        eprintln!("ignoring careless call to dc_set_chat_visibility()");
        return;
    }
    let ffi_context = &*context;
-    let archive = if archive == 0 {
-        false
-    } else if archive == 1 {
-        true
-    } else {
-        return;
+    let visibility = match archive {
+        0 => ChatVisibility::Normal,
+        1 => ChatVisibility::Archived,
+        2 => ChatVisibility::Pinned,
+        _ => {
+            ffi_context.warning(
+                "ignoring careless call to dc_set_chat_visibility(): unknown archived state",
+            );
+            return;
+        }
    };
    ffi_context
        .with_inner(|ctx| {
            ChatId::new(chat_id)
-                .set_archived(ctx, archive)
-                .log_err(ctx, "Failed archive chat")
+                .set_visibility(ctx, visibility)
+                .log_err(ffi_context, "Failed setting chat visibility")
                .unwrap_or(())
        })
        .unwrap_or(())
@@ -1242,7 +1255,7 @@ pub unsafe extern "C" fn dc_delete_chat(context: *mut dc_context_t, chat_id: u32
        .with_inner(|ctx| {
            ChatId::new(chat_id)
                .delete(ctx)
-                .log_err(ctx, "Failed chat delete")
+                .log_err(ffi_context, "Failed chat delete")
                .unwrap_or(())
        })
        .unwrap_or(())
@@ -1329,7 +1342,7 @@ pub unsafe extern "C" fn dc_create_group_chat(
    ffi_context
        .with_inner(|ctx| {
            chat::create_group_chat(ctx, verified, to_string_lossy(name))
-                .log_err(ctx, "Failed to create group chat")
+                .log_err(ffi_context, "Failed to create group chat")
                .map(|id| id.to_u32())
                .unwrap_or(0)
        })
@@ -1469,7 +1482,7 @@ pub unsafe extern "C" fn dc_get_msg_info(
 ) -> *mut libc::c_char {
    if context.is_null() {
        eprintln!("ignoring careless call to dc_get_msg_info()");
-        return dc_strdup(ptr::null());
+        return "".strdup();
    }
    let ffi_context = &*context;
    ffi_context
@@ -1652,7 +1665,9 @@ pub unsafe extern "C" fn dc_lookup_contact_id_by_addr(
    }
    let ffi_context = &*context;
    ffi_context
-        .with_inner(|ctx| Contact::lookup_id_by_addr(ctx, to_string_lossy(addr)))
+        .with_inner(|ctx| {
+            Contact::lookup_id_by_addr(ctx, to_string_lossy(addr), Origin::IncomingReplyTo)
+        })
        .unwrap_or(0)
 }

@@ -2068,7 +2083,9 @@ pub unsafe extern "C" fn dc_delete_all_locations(context: *mut dc_context_t) {
    }
    let ffi_context = &*context;
    ffi_context
-        .with_inner(|ctx| location::delete_all(ctx).log_err(ctx, "Failed to delete locations"))
+        .with_inner(|ctx| {
+            location::delete_all(ctx).log_err(ffi_context, "Failed to delete locations")
+        })
        .ok();
 }

@@ -2418,7 +2435,7 @@ pub unsafe extern "C" fn dc_chat_get_type(chat: *mut dc_chat_t) -> libc::c_int {
 pub unsafe extern "C" fn dc_chat_get_name(chat: *mut dc_chat_t) -> *mut libc::c_char {
    if chat.is_null() {
        eprintln!("ignoring careless call to dc_chat_get_name()");
-        return dc_strdup(ptr::null());
+        return "".strdup();
    }
    let ffi_chat = &*chat;
    ffi_chat.chat.get_name().strdup()
@@ -2467,13 +2484,17 @@ pub unsafe extern "C" fn dc_chat_get_color(chat: *mut dc_chat_t) -> u32 {
 }

 #[no_mangle]
-pub unsafe extern "C" fn dc_chat_get_archived(chat: *mut dc_chat_t) -> libc::c_int {
+pub unsafe extern "C" fn dc_chat_get_visibility(chat: *mut dc_chat_t) -> libc::c_int {
    if chat.is_null() {
-        eprintln!("ignoring careless call to dc_chat_get_archived()");
+        eprintln!("ignoring careless call to dc_chat_get_visibility()");
        return 0;
    }
    let ffi_chat = &*chat;
-    ffi_chat.chat.is_archived() as libc::c_int
+    match ffi_chat.chat.visibility {
+        ChatVisibility::Normal => 0,
+        ChatVisibility::Archived => 1,
+        ChatVisibility::Pinned => 2,
+    }
 }

 #[no_mangle]
@@ -2736,7 +2757,7 @@ pub unsafe extern "C" fn dc_msg_get_sort_timestamp(msg: *mut dc_msg_t) -> i64 {
 pub unsafe extern "C" fn dc_msg_get_text(msg: *mut dc_msg_t) -> *mut libc::c_char {
    if msg.is_null() {
        eprintln!("ignoring careless call to dc_msg_get_text()");
-        return dc_strdup(ptr::null());
+        return "".strdup();
    }
    let ffi_msg = &*msg;
    ffi_msg.message.get_text().unwrap_or_default().strdup()
@@ -2755,8 +2776,7 @@ pub unsafe extern "C" fn dc_msg_get_file(msg: *mut dc_msg_t) -> *mut libc::c_cha
            ffi_msg
                .message
                .get_file(ctx)
-                .and_then(|p| p.to_c_string().ok())
-                .map(|cs| dc_strdup(cs.as_ptr()))
+                .map(|p| p.strdup())
                .unwrap_or_else(|| "".strdup())
        })
        .unwrap_or_else(|_| "".strdup())
@@ -2766,7 +2786,7 @@ pub unsafe extern "C" fn dc_msg_get_file(msg: *mut dc_msg_t) -> *mut libc::c_cha
 pub unsafe extern "C" fn dc_msg_get_filename(msg: *mut dc_msg_t) -> *mut libc::c_char {
    if msg.is_null() {
        eprintln!("ignoring careless call to dc_msg_get_filename()");
-        return dc_strdup(ptr::null());
+        return "".strdup();
    }
    let ffi_msg = &*msg;
    ffi_msg.message.get_filename().unwrap_or_default().strdup()
@@ -2776,13 +2796,13 @@ pub unsafe extern "C" fn dc_msg_get_filename(msg: *mut dc_msg_t) -> *mut libc::c
 pub unsafe extern "C" fn dc_msg_get_filemime(msg: *mut dc_msg_t) -> *mut libc::c_char {
    if msg.is_null() {
        eprintln!("ignoring careless call to dc_msg_get_filemime()");
-        return dc_strdup(ptr::null());
+        return "".strdup();
    }
    let ffi_msg = &*msg;
    if let Some(x) = ffi_msg.message.get_filemime() {
        x.strdup()
    } else {
-        dc_strdup(ptr::null())
+        "".strdup()
    }
 }

@@ -3106,7 +3126,7 @@ pub unsafe extern "C" fn dc_contact_get_id(contact: *mut dc_contact_t) -> u32 {
 pub unsafe extern "C" fn dc_contact_get_addr(contact: *mut dc_contact_t) -> *mut libc::c_char {
    if contact.is_null() {
        eprintln!("ignoring careless call to dc_contact_get_addr()");
-        return dc_strdup(ptr::null());
+        return "".strdup();
    }
    let ffi_contact = &*contact;
    ffi_contact.contact.get_addr().strdup()
@@ -3116,7 +3136,7 @@ pub unsafe extern "C" fn dc_contact_get_addr(contact: *mut dc_contact_t) -> *mut
 pub unsafe extern "C" fn dc_contact_get_name(contact: *mut dc_contact_t) -> *mut libc::c_char {
    if contact.is_null() {
        eprintln!("ignoring careless call to dc_contact_get_name()");
-        return dc_strdup(ptr::null());
+        return "".strdup();
    }
    let ffi_contact = &*contact;
    ffi_contact.contact.get_name().strdup()
@@ -3128,7 +3148,7 @@ pub unsafe extern "C" fn dc_contact_get_display_name(
 ) -> *mut libc::c_char {
    if contact.is_null() {
        eprintln!("ignoring careless call to dc_contact_get_display_name()");
-        return dc_strdup(ptr::null());
+        return "".strdup();
    }
    let ffi_contact = &*contact;
    ffi_contact.contact.get_display_name().strdup()
@@ -3140,7 +3160,7 @@ pub unsafe extern "C" fn dc_contact_get_name_n_addr(
 ) -> *mut libc::c_char {
    if contact.is_null() {
        eprintln!("ignoring careless call to dc_contact_get_name_n_addr()");
-        return dc_strdup(ptr::null());
+        return "".strdup();
    }
    let ffi_contact = &*contact;
    ffi_contact.contact.get_name_n_addr().strdup()
@@ -3152,7 +3172,7 @@ pub unsafe extern "C" fn dc_contact_get_first_name(
 ) -> *mut libc::c_char {
    if contact.is_null() {
        eprintln!("ignoring careless call to dc_contact_get_first_name()");
-        return dc_strdup(ptr::null());
+        return "".strdup();
    }
    let ffi_contact = &*contact;
    ffi_contact.contact.get_first_name().strdup()
@@ -3235,7 +3255,7 @@ pub unsafe extern "C" fn dc_lot_get_text1(lot: *mut dc_lot_t) -> *mut libc::c_ch
    }

    let lot = &*lot;
-    strdup_opt(lot.get_text1())
+    lot.get_text1().strdup()
 }

 #[no_mangle]
@@ -3246,7 +3266,7 @@ pub unsafe extern "C" fn dc_lot_get_text2(lot: *mut dc_lot_t) -> *mut libc::c_ch
    }

    let lot = &*lot;
-    strdup_opt(lot.get_text2())
+    lot.get_text2().strdup()
 }

 #[no_mangle]
@@ -3298,21 +3318,16 @@ pub unsafe extern "C" fn dc_str_unref(s: *mut libc::c_char) {
    libc::free(s as *mut _)
 }

-pub trait ResultExt<T, E> {
+trait ResultExt<T, E> {
    fn unwrap_or_log_default(self, context: &context::Context, message: &str) -> T;
-    fn log_err(self, context: &context::Context, message: &str) -> Result<T, E>;

    /// Log a warning to a [ContextWrapper] for an [Err] result.
    ///
-    /// Does nothing for an [Ok].  This is usually preferable over
-    /// [ResultExt::log_err] because warnings go to the logfile and
-    /// errors are displayed directly to the user.  Usually problems
-    /// on the FFI layer are coding errors and not errors which need
-    /// to be displayed to the user.
+    /// Does nothing for an [Ok].
    ///
    /// You can do this as soon as the wrapper exists, it does not
    /// have to be open (which is required for the `warn!()` macro).
-    fn log_warn(self, wrapper: &ContextWrapper, message: &str) -> Result<T, E>;
+    fn log_err(self, wrapper: &ContextWrapper, message: &str) -> Result<T, E>;
 }

 impl<T: Default, E: std::fmt::Display> ResultExt<T, E> for Result<T, E> {
@@ -3326,14 +3341,7 @@ impl<T: Default, E: std::fmt::Display> ResultExt<T, E> for Result<T, E> {
        }
    }

-    fn log_err(self, context: &context::Context, message: &str) -> Result<T, E> {
-        self.map_err(|err| {
-            warn!(context, "{}: {}", message, err);
-            err
-        })
-    }
-
-    fn log_warn(self, wrapper: &ContextWrapper, message: &str) -> Result<T, E> {
+    fn log_err(self, wrapper: &ContextWrapper, message: &str) -> Result<T, E> {
        self.map_err(|err| {
            unsafe {
                wrapper.warning(&format!("{}: {}", message, err));
@@ -3343,14 +3351,7 @@ impl<T: Default, E: std::fmt::Display> ResultExt<T, E> for Result<T, E> {
    }
 }

-unsafe fn strdup_opt(s: Option<impl AsRef<str>>) -> *mut libc::c_char {
-    match s {
-        Some(s) => s.as_ref().strdup(),
-        None => ptr::null_mut(),
-    }
-}
-
-pub trait ResultNullableExt<T> {
+trait ResultNullableExt<T> {
    fn into_raw(self) -> *mut T;
 }

--- a/deltachat-ffi/src/string.rs
+++ b/deltachat-ffi/src/string.rs
@@ -1,5 +1,5 @@
-use failure::Fail;
 use std::ffi::{CStr, CString};
+use std::ptr;

 /// Duplicates a string
 ///
@@ -8,7 +8,7 @@ use std::ffi::{CStr, CString};
 /// # Examples
 ///
 /// ```rust,norun
-/// use deltachat::dc_tools::{dc_strdup, to_string_lossy};
+/// use crate::string::{dc_strdup, to_string_lossy};
 /// unsafe {
 ///     let str_a = b"foobar\x00" as *const u8 as *const libc::c_char;
 ///     let str_a_copy = dc_strdup(str_a);
@@ -16,7 +16,7 @@ use std::ffi::{CStr, CString};
 ///     assert_ne!(str_a, str_a_copy);
 /// }
 /// ```
-pub unsafe fn dc_strdup(s: *const libc::c_char) -> *mut libc::c_char {
+unsafe fn dc_strdup(s: *const libc::c_char) -> *mut libc::c_char {
    let ret: *mut libc::c_char;
    if !s.is_null() {
        ret = libc::strdup(s);
@@ -30,13 +30,13 @@ pub unsafe fn dc_strdup(s: *const libc::c_char) -> *mut libc::c_char {
 }

 /// Error type for the [OsStrExt] trait
-#[derive(Debug, Fail, PartialEq)]
-pub enum CStringError {
+#[derive(Debug, PartialEq, thiserror::Error)]
+pub(crate) enum CStringError {
    /// The string contains an interior null byte
-    #[fail(display = "String contains an interior null byte")]
+    #[error("String contains an interior null byte")]
    InteriorNullByte,
    /// The string is not valid Unicode
-    #[fail(display = "String is not valid unicode")]
+    #[error("String is not valid unicode")]
    NotUnicode,
 }

@@ -65,7 +65,7 @@ pub enum CStringError {
 ///     let mut c_ptr: *mut libc::c_char = dc_strdup(path_c.as_ptr());
 /// }
 /// ```
-pub trait OsStrExt {
+pub(crate) trait OsStrExt {
    /// Convert a  [std::ffi::OsStr] to an [std::ffi::CString]
    ///
    /// This is useful to convert e.g. a [std::path::Path] to
@@ -130,27 +130,28 @@ fn os_str_to_c_string_unicode(
 }

 /// Convenience methods/associated functions for working with [CString]
-///
-/// This is helps transitioning from unsafe code.
-pub trait CStringExt {
-    /// Create a new [CString], yolo style
+trait CStringExt {
+    /// Create a new [CString], best effort
    ///
-    /// This unwrap the result, panicking when there are embedded NULL
-    /// bytes.
-    fn yolo<T: Into<Vec<u8>>>(t: T) -> CString {
-        CString::new(t).expect("String contains null byte, can not be CString")
+    /// Like the [to_string_lossy] this doesn't give up in the face of
+    /// bad input (embedded null bytes in this case) instead it does
+    /// the best it can by stripping the embedded null bytes.
+    fn new_lossy<T: Into<Vec<u8>>>(t: T) -> CString {
+        let mut s = t.into();
+        s.retain(|&c| c != 0);
+        CString::new(s).unwrap_or_default()
    }
 }

 impl CStringExt for CString {}

-/// Convenience methods to make transitioning from raw C strings easier.
+/// Convenience methods to turn strings into C strings.
 ///
 /// To interact with (legacy) C APIs we often need to convert from
 /// Rust strings to raw C strings.  This can be clumsy to do correctly
 /// and the compiler sometimes allows it in an unsafe way.  These
 /// methods make it more succinct and help you get it right.
-pub trait StrExt {
+pub(crate) trait Strdup {
    /// Allocate a new raw C `*char` version of this string.
    ///
    /// This allocates a new raw C string which must be freed using
@@ -167,14 +168,52 @@ pub trait StrExt {
    unsafe fn strdup(&self) -> *mut libc::c_char;
 }

-impl<T: AsRef<str>> StrExt for T {
+impl<T: AsRef<str>> Strdup for T {
    unsafe fn strdup(&self) -> *mut libc::c_char {
-        let tmp = CString::yolo(self.as_ref());
+        let tmp = CString::new_lossy(self.as_ref());
        dc_strdup(tmp.as_ptr())
    }
 }

-pub fn to_string_lossy(s: *const libc::c_char) -> String {
+// We can not implement for AsRef<OsStr> because we already implement
+// AsRev<str> and this conflicts.  So implement for Path directly.
+impl Strdup for std::path::Path {
+    unsafe fn strdup(&self) -> *mut libc::c_char {
+        let tmp = self.to_c_string().unwrap_or_else(|_| CString::default());
+        dc_strdup(tmp.as_ptr())
+    }
+}
+
+/// Convenience methods to turn optional strings into C strings.
+///
+/// This is the same as the [Strdup] trait but a different trait name
+/// to work around the type system not allowing to implement [Strdup]
+/// for `Option<impl Strdup>` When we already have an [Strdup] impl
+/// for `AsRef<&str>`.
+///
+/// When the [Option] is [Option::Some] this behaves just like
+/// [Strdup::strdup], when it is [Option::None] a null pointer is
+/// returned.
+pub(crate) trait OptStrdup {
+    /// Allocate a new raw C `*char` version of this string, or NULL.
+    ///
+    /// See [Strdup::strdup] for details.
+    unsafe fn strdup(&self) -> *mut libc::c_char;
+}
+
+impl<T: AsRef<str>> OptStrdup for Option<T> {
+    unsafe fn strdup(&self) -> *mut libc::c_char {
+        match self {
+            Some(s) => {
+                let tmp = CString::new_lossy(s.as_ref());
+                dc_strdup(tmp.as_ptr())
+            }
+            None => ptr::null_mut(),
+        }
+    }
+}
+
+pub(crate) fn to_string_lossy(s: *const libc::c_char) -> String {
    if s.is_null() {
        return "".into();
    }
@@ -184,7 +223,7 @@ pub fn to_string_lossy(s: *const libc::c_char) -> String {
    cstr.to_string_lossy().to_string()
 }

-pub fn to_opt_string_lossy(s: *const libc::c_char) -> Option<String> {
+pub(crate) fn to_opt_string_lossy(s: *const libc::c_char) -> Option<String> {
    if s.is_null() {
        return None;
    }
@@ -205,7 +244,7 @@ pub fn to_opt_string_lossy(s: *const libc::c_char) -> Option<String> {
 ///
 /// [Path]: std::path::Path
 #[cfg(not(target_os = "windows"))]
-pub fn as_path<'a>(s: *const libc::c_char) -> &'a std::path::Path {
+pub(crate) fn as_path<'a>(s: *const libc::c_char) -> &'a std::path::Path {
    assert!(!s.is_null(), "cannot be used on null pointers");
    use std::os::unix::ffi::OsStrExt;
    unsafe {
@@ -217,7 +256,7 @@ pub fn as_path<'a>(s: *const libc::c_char) -> &'a std::path::Path {

 // as_path() implementation for windows, documented above.
 #[cfg(target_os = "windows")]
-pub fn as_path<'a>(s: *const libc::c_char) -> &'a std::path::Path {
+pub(crate) fn as_path<'a>(s: *const libc::c_char) -> &'a std::path::Path {
    as_path_unicode(s)
 }

@@ -324,8 +363,14 @@ mod tests {
    }

    #[test]
-    fn test_cstring_yolo() {
-        assert_eq!(CString::new("hello").unwrap(), CString::yolo("hello"));
+    fn test_cstring_new_lossy() {
+        assert!(CString::new("hel\x00lo").is_err());
+        assert!(CString::new(String::from("hel\x00o")).is_err());
+        let r = CString::new("hello").unwrap();
+        assert_eq!(CString::new_lossy("hello"), r);
+        assert_eq!(CString::new_lossy("hel\x00lo"), r);
+        assert_eq!(CString::new_lossy(String::from("hello")), r);
+        assert_eq!(CString::new_lossy(String::from("hel\x00lo")), r);
    }

    #[test]
@@ -347,4 +392,19 @@ mod tests {
            assert_eq!(cmp, 0);
        }
    }
+
+    #[test]
+    fn test_strdup_opt_string() {
+        unsafe {
+            let s = Some("hello");
+            let c = s.strdup();
+            let cmp = strcmp(c, b"hello\x00" as *const u8 as *const libc::c_char);
+            free(c as *mut libc::c_void);
+            assert_eq!(cmp, 0);
+
+            let s: Option<&str> = None;
+            let c = s.strdup();
+            assert_eq!(c, ptr::null_mut());
+        }
+    }
 }
--- a/deltachat_derive/src/lib.rs
+++ b/deltachat_derive/src/lib.rs
@@ -3,7 +3,6 @@ extern crate proc_macro;

 use crate::proc_macro::TokenStream;
 use quote::quote;
-use syn;

 // For now, assume (not check) that these macroses are applied to enum without
 // data.  If this assumption is violated, compiler error will point to
--- a/draft/group-sync.rst
+++ b/draft/group-sync.rst
@@ -0,0 +1,126 @@
+
+Problem: missing eventual group consistency
+--------------------------------------------
+
+If group members are concurrently adding new members,
+the new members will miss each other's additions, example:
+
+- Alice and Bob are in a two-member group
+
+- Alice adds Carol, concurrently Bob adds Doris
+
+- Carol will see a three-member group (Alice, Bob, Carol),
+  Doris will see a different three-member group (Alice, Bob, Doris),
+  and only Alice and Bob will have all four members.
+
+Note that for verified groups any mitigation mechanism likely
+needs to make all clients to know who originally added a member.
+
+
+solution: memorize+attach (possible encrypted) chat-meta mime messages
+----------------------------------------------------------------------
+
+For reference, please see https://github.com/deltachat/deltachat-core-rust/blob/master/spec.md#add-and-remove-members how MemberAdded/Removed messages are shaped.
+
+
+- All Chat-Group-Member-Added/Removed messages are recorded in their
+  full raw (signed and encrypted) mime-format in the DB
+
+- If an incoming member-add/member-delete messages has a member list
+  which is, apart from the added/removed member, not consistent
+  with our own view, broadcast a "Chat-Group-Member-Correction" message to
+  all members, attaching the original added/removed mime-message for all mismatching
+  contacts.  If we have no relevant add/del information, don't send a
+  correction message out.
+
+- Upong receiving added/removed attachments we don't do the
+  check_consistency+correction message dance.
+  This avoids recursion problems and hard-to-reason-about chatter.
+
+Notes:
+
+- mechanism works for both encrypted and unencrypted add/del messages
+
+- we already have a "mime_headers" column in the DB for each incoming message.
+  We could extend it to also include the payload and store mime unconditionally
+  for member-added/removed messages.
+
+- multiple member-added/removed messages can be attached in a single
+  correction message
+
+- it is minimal on the number of overall messages to reach group consistency
+  (best-case: no extra messages, the ABCD case above: max two extra messages)
+
+- somewhat backward compatible: older clients will probably ignore
+  messages which are signed by someone who is not the outer From-address.
+
+- the correction-protocol also helps with dropped messages.  If a member
+  did not see a member-added/removed message, the next member add/removed
+  message in the group will likely heal group consistency for this member.
+
+- we can quite easily extend the mechanism to also provide the group-avatar or
+  other meta-information.
+
+Discussions of variants
++++++++++++++++++++++++
+
+- instead of acting on MemberAdded/Removed message we could send
+  corrections for any received message that addresses inconsistent group members but
+  a) this would delay group-membership healing
+  b) could lead to a lot of members sending corrections
+
+- instead of broadcasting correction messages we could only send it to
+  the sender of the inconsistent member-added/removed message.
+  A receiver of such a correction message would then need to forward
+  the message to the members it thinks also have an inconsistent view.
+  This sounds complicated and error-prone.  Concretely, if Alice
+  receives Bob's "Member-added: Doris" message, then Alice
+  broadcasting the correction message with "Member-added: Carol"
+  would reach all four members, healing group consistency in one step.
+  If Bob meanwhile receives Alice's "Member-Added: Carol" message,
+  Bob would broadcast a correction message to all four members as well.
+  (Imagine a situation where Alice/Bob added Carol/Doris
+  while both being in an offline or bad-connection situation).
+
+
+solution2: repeat member-added/removed messages
+---------------------------------------------------
+
+Introduce a new Chat-Group-Member-Changed header and deprecate Chat-Group-Member-Added/Removed
+but keep sending out the old headers until the new protocol is sufficiently deployed.
+
+The new Chat-Group-Member-Changed header contains a Time-to-Live number (TTL)
+which controls repetition of the signed "add/del e-mail address" payload.
+
+Example::
+
+    Chat-Group-Member-Changed: TTL add "somedisplayname" someone@example.org
+        owEBYQGe/pANAwACAY47A6J5t3LWAcsxYgBeTQypYWRkICJzb21lZGlzcGxheW5h
+        bWUiIHNvbWVvbmVAZXhhbXBsZS5vcmcgCokBHAQAAQIABgUCXk0MqQAKCRCOOwOi
+        ebdy1hfRB/wJ74tgFQulicthcv9n+ZsqzwOtBKMEVIHqJCzzDB/Hg/2z8ogYoZNR
+        iUKKrv3Y1XuFvdKyOC+wC/unXAWKFHYzY6Tv6qDp6r+amt+ad+8Z02q53h9E55IP
+        FUBdq2rbS8hLGjQB+mVRowYrUACrOqGgNbXMZjQfuV7fSc7y813OsCQgi3tjstup
+        b+uduVzxCp3PChGhcZPs3iOGCnQvSB8VAaLGMWE2d7nTo/yMQ0Jx69x5qwfXogTk
+        mTt5rOJyrosbtf09TMKFzGgtqBcEqHLp3+mQpZQ+WHUKAbsRa8Jc9DOUOSKJ8SNM
+        clKdskprY+4LY0EBwLD3SQ7dPkTITCRD
+        =P6GG
+
+TTL is set to "2" on an initial Chat-Group-Member-Changed add/del message.
+Receivers will apply the add/del change to the group-membership,
+decrease the TTL by 1, and if TTL>0 re-sent the header.
+
+The "add|del e-mail address" payload is pgp-signed and repeated verbatim.
+This allows to propagate, in a cryptographically secured way,
+who added a member. This is particularly important for allowing
+to show in verified groups who added a member (planned).
+
+Disadvantage to solution 1:
+
+- requires to specify encoding and precise rules for what/how is signed.
+
+- causes O(N^2) extra messages
+
+- Not easily extendable for other things (without introducing a new
+  header / encoding)
+
+
--- a/draft/mailing_list.rst
+++ b/draft/mailing_list.rst
@@ -0,0 +1,19 @@
+2. Mailing lists are now only detected by the ListId header, because how should DC sort mailing lists if the ListId header is unset and only the precedence header says it's a mailing list (?). We could just hide these emails (with "junk" or "list" precedence), as we did before, if there is a reason to do so. 
+
+   I do not actually understand why such emails were hidden in the first place, though; if there is an automatic answer stating that someone is out of office or if an email could not be delivered (these are the usual reasons why such emails are sent), I would want to know about this as a user.
+   
+  Björn: to the ListId-header: it is already an improvement to use only that and to keep ignoring mails with Precedence-header. historically, i ignored all these mails to reduce noise that is created from them (eg. contacts should not be added to the suggestion list...) and to be able to concentrate on other things first.
+   
+   
+3. for `List-Id: foo <bla>`, bla now is the id and foo is the name. For GitHub and GitLab notifications this is bad because all notifications will go into one chat. Maybe we should instead take the "in-reply-to" header to find out what messages belong together. For normal mailing lists, of course, this will create a second chat if someone does not use the "Reply" button to write to that mailing list.
+
+  Björn: well, having all notifications in one chat is not that bad. i would just follow the guidelines for now, use the ID and not the Name.
+
+
+4. Currently a mailing list is shown as an empty group (ChatType `Group`) ("0 members"). 
+
+   Maybe we should change the ChatType to `Single` because this way, the UI would fit better. Disadvantage: We can't show the different senders of the messages. 
+   
+   Or we introduce a `ChatType` `MailingList`. Very big disadvantage: We would have to adapt all UI project and it would be nice if we could keep the changes within the core.
+
+5. Contacts from mailings lists stay "unknown" now and are not shown in the contacts suggestion list..
--- a/draft/mailing_list_current_state.rst
+++ b/draft/mailing_list_current_state.rst
@@ -0,0 +1,13 @@
+1. Mailing lists with Precedence-header and without List-Id are shown as normal messages.
+   
+2. for `List-Id: foo <bla>`, bla now is the id and foo is the name. If foo is not present, bla is taken as the name as well. For GitHub and GitLab notifications all notifications will go into one chat. To distinguish, all subjects are shown in mailing lists.
+
+3. Currently a mailing list is shown as a group with SELF and the List-Id. I could not find any stable way to get a mail address that could be called the "mailing list address". To get this to work, I disabled the may_be_valid_addr check. (to be discussed...)
+
+4. Contacts from mailings lists stay "unknown" and are not shown in the contacts suggestion list.
+
+5. In general, only the From: address is taken as the author. If the domain matches with the List-Id domain (like `deltachat.github.com` and `Hocuri <notifications@notification.github.com>`) then the display name is added to the email address -> `Hocuri - notifications@notification.github.com`. This is not really nice, but as the UIs distinguish bettween contacts only based on the address this was the only way I could find without changing the API. 
+
+   TODO: Prevent the user from sending emails to such contacts (like Hocuri - notifications@notification.github.com)
+
+6. You can't send to mailing lists.
--- a/draft/mailing_list_managers.md
+++ b/draft/mailing_list_managers.md
@@ -0,0 +1,71 @@
+# Mailing list integration of Delta Chat
+
+A collection of information to help with the integration of mailing lists into Delta Chat.
+
+## Chat name
+
+How should the chat be titled?
+
+It could be taken from the email header `List-Id`:
+
+### Mailman 
+
+* Schema: `${list-description} <${list-local-part}.${list-domain}>`
+* $list-description could be many words, should be truncated. Could also be empty, though.
+
+### Schleuder
+* Schema: `<${list-local-part}.${list-domain}>`
+* No name available.
+* Could be absent: <https://0xacab.org/schleuder/schleuder/-/blob/master/lib/schleuder/mail/message.rb#L357-358>.
+
+
+### Sympa
+* Schema: `<${list-local-part}.${list-domain}>`
+* No name available.
+* Always present <https://github.com/sympa-community/sympa/blob/sympa-6.2/src/lib/Sympa/Spindle/TransformOutgoing.pm#L110-L118>, <https://github.com/sympa-community/sympa/blob/sympa-6.2/src/lib/Sympa/List.pm#L6832-L6833>.
+
+
+## Sender name
+
+What's the name of the person that actually sent the message?
+
+Some MLM change the sender information to avoid problems with DMARC.
+
+### Mailman
+
+* Since v2.1.16 the `From` depends on the list's configuration and possibly on the sender-domain's DMARC-configuration — i.e. messages from the same list can arrive one of the Variants A-D!
+* Documentation of config options:
+ * <https://wiki.list.org/DOC/Mailman%202.1%20List%20Administrators%20Manual#line-544>,
+ * <https://wiki.list.org/DOC/Mailman%202.1%20List%20Administrators%20Manual#line-163>,
+ * <https://wiki.list.org/DEV/DMARC>
+* Variant A: `From` is unchanged.
+* Variant B. `From` is mangled like this: `${sender-name} via ${list-name} <${list-addr-spec}>`. The original sender is put into `Reply-To`.
+* Variant C. `From` is mangled like this: `${sender-name} <${encoded-sender-addr-spec}@${list-domain}>`. The original sender is put into `Reply-To`.
+* Variant D: `From` is set to ${list-name-addr}, the originally sent message is included as mime-part.
+* Variant E: `From` is set to ${list-name-addr}, original sender information is removed.
+
+### Schleuder
+
+* Visible only in mime-body (which is possibly encrypted), or not at all.
+* The first `text/plain` mime-part may include the information, as taken from the original message: `From: ${sender-name-addr}`.
+
+### Sympa
+* Depends on the list's configuration.
+* Documentation:
+ * <https://sympa-community.github.io/manual/customize/dmarc-protection.html>,
+ * <https://sympa-community.github.io/gpldoc/man/sympa.conf.5.html#dmarc-protection>.
+* Variant A: `From` is unchanged.
+* Variant B: `From` is mangled like Mailman Variant B, but the original sender information is put into `X-Original-From`.
+
+
+## Autocrypt
+
+### Mailman
+* Not supported.
+
+### Schleuder
+* A list's key is included in sent messages (as of version 3.5.0) (optional, by default active): <https://0xacab.org/schleuder/schleuder/-/blob/master/lib/schleuder/mail/message.rb#L349-355>.
+* Incoming keys are not yet looked at (that feature is planned: <https://0xacab.org/schleuder/schleuder/issues/435>).
+
+### Sympa
+* Not supported.
--- a/examples/repl/cmdline.rs
+++ b/examples/repl/cmdline.rs
@@ -1,7 +1,8 @@
 use std::path::Path;
 use std::str::FromStr;

-use deltachat::chat::{self, Chat, ChatId};
+use anyhow::{bail, ensure};
+use deltachat::chat::{self, Chat, ChatId, ChatVisibility};
 use deltachat::chatlist::*;
 use deltachat::constants::*;
 use deltachat::contact::*;
@@ -91,10 +92,10 @@ fn dc_reset_tables(context: &Context, bits: i32) -> i32 {
    1
 }

-fn dc_poke_eml_file(context: &Context, filename: impl AsRef<Path>) -> Result<(), Error> {
+fn dc_poke_eml_file(context: &Context, filename: impl AsRef<Path>) -> Result<(), anyhow::Error> {
    let data = dc_read_file(context, filename)?;

-    if let Err(err) = dc_receive_imf(context, &data, "import", 0, 0) {
+    if let Err(err) = dc_receive_imf(context, &data, "import", 0, false) {
        println!("dc_receive_imf errored: {:?}", err);
    }
    Ok(())
@@ -297,7 +298,7 @@ fn chat_prefix(chat: &Chat) -> &'static str {
    chat.typ.into()
 }

-pub fn dc_cmdline(context: &Context, line: &str) -> Result<(), failure::Error> {
+pub fn dc_cmdline(context: &Context, line: &str) -> Result<(), Error> {
    let chat_id = *context.cmdline_sel_chat_id.read().unwrap();
    let mut sel_chat = if !chat_id.is_unset() {
        Chat::load_from_db(context, chat_id).ok()
@@ -371,6 +372,8 @@ pub fn dc_cmdline(context: &Context, line: &str) -> Result<(), failure::Error> {
                 listmedia\n\
                 archive <chat-id>\n\
                 unarchive <chat-id>\n\
+                 pin <chat-id>\n\
+                 unpin <chat-id>\n\
                 delchat <chat-id>\n\
                 ===========================Message commands==\n\
                 listmsgs <query>\n\
@@ -395,6 +398,7 @@ pub fn dc_cmdline(context: &Context, line: &str) -> Result<(), failure::Error> {
                 providerinfo <addr>\n\
                 event <event-id to test>\n\
                 fileinfo <file>\n\
+                 estimatedeletion <seconds>\n\
                 emptyserver <flags> (1=MVBOX 2=INBOX)\n\
                 clear -- clear screen\n\
                 exit or quit\n\
@@ -511,14 +515,19 @@ pub fn dc_cmdline(context: &Context, line: &str) -> Result<(), failure::Error> {
                for i in (0..cnt).rev() {
                    let chat = Chat::load_from_db(context, chatlist.get_chat_id(i))?;
                    println!(
-                        "{}#{}: {} [{} fresh]",
+                        "{}#{}: {} [{} fresh] {}",
                        chat_prefix(&chat),
                        chat.get_id(),
                        chat.get_name(),
                        chat.get_id().get_fresh_msg_cnt(context),
+                        match chat.visibility {
+                            ChatVisibility::Normal => "",
+                            ChatVisibility::Archived => "📦",
+                            ChatVisibility::Pinned => "📌",
+                        },
                    );
                    let lot = chatlist.get_summary(context, i, Some(&chat));
-                    let statestr = if chat.is_archived() {
+                    let statestr = if chat.visibility == ChatVisibility::Archived {
                        " [Archived]"
                    } else {
                        match lot.get_state() {
@@ -842,10 +851,18 @@ pub fn dc_cmdline(context: &Context, line: &str) -> Result<(), failure::Error> {
            }
            print!("\n");
        }
-        "archive" | "unarchive" => {
+        "archive" | "unarchive" | "pin" | "unpin" => {
            ensure!(!arg1.is_empty(), "Argument <chat-id> missing.");
            let chat_id = ChatId::new(arg1.parse()?);
-            chat_id.set_archived(context, arg0 == "archive")?;
+            chat_id.set_visibility(
+                context,
+                match arg0 {
+                    "archive" => ChatVisibility::Archived,
+                    "unarchive" | "unpin" => ChatVisibility::Normal,
+                    "pin" => ChatVisibility::Pinned,
+                    _ => panic!("Unexpected command (This should never happen)"),
+                },
+            )?;
        }
        "delchat" => {
            ensure!(!arg1.is_empty(), "Argument <chat-id> missing.");
@@ -969,7 +986,10 @@ pub fn dc_cmdline(context: &Context, line: &str) -> Result<(), failure::Error> {
        }
        "setqr" => {
            ensure!(!arg1.is_empty(), "Argument <qr-content> missing.");
-            set_config_from_qr(context, arg1);
+            match set_config_from_qr(context, arg1) {
+                Ok(()) => println!("Config set from QR code, you can now call 'configure'"),
+                Err(err) => println!("Cannot set config from QR code: {:?}", err),
+            }
        }
        "providerinfo" => {
            ensure!(!arg1.is_empty(), "Argument <addr> missing.");
@@ -1010,6 +1030,16 @@ pub fn dc_cmdline(context: &Context, line: &str) -> Result<(), failure::Error> {
                bail!("Command failed.");
            }
        }
+        "estimatedeletion" => {
+            ensure!(!arg1.is_empty(), "Argument <seconds> missing");
+            let seconds = arg1.parse()?;
+            let device_cnt = message::estimate_deletion_cnt(context, false, seconds)?;
+            let server_cnt = message::estimate_deletion_cnt(context, true, seconds)?;
+            println!(
+                "estimated count of messages older than {} seconds:\non device: {}\non server: {}",
+                seconds, device_cnt, server_cnt
+            );
+        }
        "emptyserver" => {
            ensure!(!arg1.is_empty(), "Argument <flags> missing");

--- a/examples/repl/main.rs
+++ b/examples/repl/main.rs
@@ -7,8 +7,6 @@
 #[macro_use]
 extern crate deltachat;
 #[macro_use]
-extern crate failure;
-#[macro_use]
 extern crate lazy_static;
 #[macro_use]
 extern crate rusqlite;
@@ -20,9 +18,9 @@ use std::process::Command;
 use std::sync::atomic::{AtomicBool, Ordering};
 use std::sync::{Arc, Mutex, RwLock};

+use anyhow::{bail, Error};
 use deltachat::chat::ChatId;
 use deltachat::config;
-use deltachat::configure::*;
 use deltachat::context::*;
 use deltachat::job::*;
 use deltachat::oauth2::*;
@@ -263,7 +261,7 @@ const DB_COMMANDS: [&str; 11] = [
    "housekeeping",
 ];

-const CHAT_COMMANDS: [&str; 24] = [
+const CHAT_COMMANDS: [&str; 26] = [
    "listchats",
    "listarchived",
    "chat",
@@ -287,6 +285,8 @@ const CHAT_COMMANDS: [&str; 24] = [
    "listmedia",
    "archive",
    "unarchive",
+    "pin",
+    "unpin",
    "delchat",
 ];
 const MESSAGE_COMMANDS: [&str; 8] = [
@@ -307,8 +307,17 @@ const CONTACT_COMMANDS: [&str; 6] = [
    "delcontact",
    "cleanupcontacts",
 ];
-const MISC_COMMANDS: [&str; 9] = [
-    "getqr", "getbadqr", "checkqr", "event", "fileinfo", "clear", "exit", "quit", "help",
+const MISC_COMMANDS: [&str; 10] = [
+    "getqr",
+    "getbadqr",
+    "checkqr",
+    "event",
+    "fileinfo",
+    "clear",
+    "exit",
+    "quit",
+    "help",
+    "estimatedeletion",
 ];

 impl Hinter for DcHelper {
@@ -360,10 +369,10 @@ impl Highlighter for DcHelper {

 impl Helper for DcHelper {}

-fn main_0(args: Vec<String>) -> Result<(), failure::Error> {
+fn main_0(args: Vec<String>) -> Result<(), Error> {
    if args.len() < 2 {
        println!("Error: Bad arguments, expected [db-name].");
-        return Err(format_err!("No db-name specified"));
+        bail!("No db-name specified");
    }
    let context = Context::new(
        Box::new(receive_event),
@@ -433,7 +442,7 @@ enum ExitResult {
    Exit,
 }

-fn handle_cmd(line: &str, ctx: Arc<RwLock<Context>>) -> Result<ExitResult, failure::Error> {
+fn handle_cmd(line: &str, ctx: Arc<RwLock<Context>>) -> Result<ExitResult, Error> {
    let mut args = line.splitn(2, ' ');
    let arg0 = args.next().unwrap_or_default();
    let arg1 = args.next().unwrap_or_default();
@@ -461,7 +470,7 @@ fn handle_cmd(line: &str, ctx: Arc<RwLock<Context>>) -> Result<ExitResult, failu
        }
        "configure" => {
            start_threads(ctx.clone());
-            configure(&ctx.read().unwrap());
+            ctx.read().unwrap().configure();
        }
        "oauth2" => {
            if let Some(addr) = ctx.read().unwrap().get_config(config::Config::Addr) {
@@ -516,7 +525,7 @@ fn handle_cmd(line: &str, ctx: Arc<RwLock<Context>>) -> Result<ExitResult, failu
    Ok(ExitResult::Continue)
 }

-pub fn main() -> Result<(), failure::Error> {
+pub fn main() -> Result<(), Error> {
    let _ = pretty_env_logger::try_init();

    let args: Vec<String> = std::env::args().collect();
--- a/examples/simple.rs
+++ b/examples/simple.rs
@@ -7,7 +7,6 @@ use tempfile::tempdir;
 use deltachat::chat;
 use deltachat::chatlist::*;
 use deltachat::config;
-use deltachat::configure::*;
 use deltachat::contact::*;
 use deltachat::context::*;
 use deltachat::job::{
@@ -77,7 +76,7 @@ fn main() {
    ctx.set_config(config::Config::Addr, Some("d@testrun.org"))
        .unwrap();
    ctx.set_config(config::Config::MailPw, Some(&pw)).unwrap();
-    configure(&ctx);
+    ctx.configure();

    thread::sleep(duration);

--- a/python/CHANGELOG
+++ b/python/CHANGELOG
@@ -1,3 +1,22 @@
+0.900.0 (DRAFT)
+---------------
+
+- refactored internals to use plugin-approach 
+
+- introduced PerAccount and Global hooks that plugins can implement 
+
+- introduced `ac_member_added()` and `ac_member_removed()` plugin events. 
+
+- introduced two documented examples for an echo and a group-membership
+  tracking plugin. 
+
+0.800.0
+-------
+
+- use latest core 1.25.0 
+
+- refine tests and some internal changes to core bindings
+
 0.700.0
 ---------

--- a/python/doc/_static/custom.css
+++ b/python/doc/_static/custom.css
@@ -15,3 +15,7 @@ div.globaltoc {
 img.logo {
    height: 120px;
 }
+
+div.footer {
+    display: none;
+}
--- a/python/doc/api.rst
+++ b/python/doc/api.rst
@@ -2,10 +2,6 @@
 high level API reference
 ========================

-.. note::
-
-    This API is work in progress and may change in versions prior to 1.0.
-
 - :class:`deltachat.account.Account` (your main entry point, creates the
  other classes)
 - :class:`deltachat.contact.Contact`
--- a/python/doc/capi.rst
+++ b/python/doc/capi.rst
@@ -1,7 +0,0 @@
-
-C deltachat interface
-=====================
-
-See :doc:`lapi` for accessing many of the below functions
-through the ``deltachat.capi.lib`` namespace.
-
--- a/python/doc/conf.py
+++ b/python/doc/conf.py
@@ -55,7 +55,7 @@ master_doc = 'index'

 # General information about the project.
 project = u'deltachat'
-copyright = u'2018, holger krekel and contributors'
+copyright = u'2020, holger krekel and contributors'


 # The language for content autogenerated by Sphinx. Refer to documentation
--- a/python/doc/examples.rst
+++ b/python/doc/examples.rst
@@ -1,37 +1,60 @@

-
 examples
 ========

-
-Playing around on the commandline
----------------------------------
-
 Once you have :doc:`installed deltachat bindings <install>`
-you can start playing from the python interpreter commandline.
-For example you can type ``python`` and then::
+you need email/password credentials for an IMAP/SMTP account.
+Delta Chat developers and the CI system use a special URL to create
+temporary e-mail accounts on [testrun.org](https://testrun.org) for testing.

-    # instantiate and configure deltachat account
-    import deltachat
-    ac = deltachat.Account("/tmp/db")
+Receiving a Chat message from the command line
+----------------------------------------------

-    # start configuration activity and smtp/imap threads
-    ac.start_threads()
-    ac.configure(addr="test2@hq5.merlinux.eu", mail_pw="********")
+Here is a simple bot that:

-    # create a contact and send a message
-    contact = ac.create_contact("someother@email.address")
-    chat = ac.create_chat_by_contact(contact)
-    chat.send_text("hi from the python interpreter command line")
+- receives a message and sends back ("echoes") a message

-Checkout our :doc:`api` for the various high-level things you can do
-to send/receive messages, create contacts and chats.
+- terminates the bot if the message `/quit` is sent

+.. include:: ../examples/echo_and_quit.py
+    :literal:

-Looking at a real example
+With this file in your working directory you can run the bot
+by specifying a database path, an e-mail address and password of
+a SMTP-IMAP account::
+
+    $ cd examples
+    $ python echo_and_quit.py /tmp/db --email ADDRESS --password PASSWORD
+
+While this process is running you can start sending chat messages
+to `ADDRESS`.
+
+Track member additions and removals in a group
+----------------------------------------------
+
+Here is a simple bot that:
+
+- echoes messages sent to it
+
+- tracks if configuration completed
+
+- tracks member additions and removals for all chat groups
+
+.. include:: ../examples/group_tracking.py
+    :literal:
+
+With this file in your working directory you can run the bot
+by specifying a database path, an e-mail address and password of
+a SMTP-IMAP account::
+
+    python group_tracking.py --email ADDRESS --password PASSWORD /tmp/db
+
+When this process is running you can start sending chat messages
+to `ADDRESS`.
+
+Writing bots for real
 -------------------------

 The `deltabot repository <https://github.com/deltachat/deltabot#deltachat-example-bot>`_
-contains a real-life example of Python bindings usage.
-
+contains a little framework for writing deltachat bots in Python.

--- a/python/doc/index.rst
+++ b/python/doc/index.rst
@@ -1,15 +1,15 @@
 deltachat python bindings
 =========================

-The ``deltachat`` Python package provides two bindings for the core Rust-library
-of the https://delta.chat messaging ecosystem:
+The ``deltachat`` Python package provides two layers of bindings for the
+core Rust-library of the https://delta.chat messaging ecosystem:

- :doc:`api` is a high level interface to deltachat-core which aims
-  to be memory safe and thoroughly tested through continous tox/pytest runs.
+- :doc:`api` is a high level interface to deltachat-core.

- :doc:`capi` is a lowlevel CFFI-binding to the previous
-  `deltachat-core C-API <https://c.delta.chat>`_ (so far the Rust library
-  replicates exactly the same C-level API).
+- :doc:`plugins` is a brief introduction into implementing plugin hooks.
+
+- :doc:`lapi` is a lowlevel CFFI-binding to the `Rust Core
+  <https://github.com/deltachat/deltachat-core-rust>`_.



@@ -28,8 +28,8 @@ getting started
   links
   changelog
   api
-   capi
   lapi
+   plugins

 ..
    Indices and tables
--- a/python/doc/plugins.rst
+++ b/python/doc/plugins.rst
@@ -0,0 +1,38 @@
+
+Implementing Plugin Hooks
+==========================
+
+The Delta Chat Python bindings use `pluggy <https://pluggy.readthedocs.io>`_
+for managing global and per-account plugin registration, and performing
+hook calls. There are two kinds of plugins:
+
+- Global plugins that are active for all accounts; they can implement
+  hooks at account-creation and account-shutdown time.
+
+- Account plugins that are only active during the lifetime of a
+  single Account instance.
+
+
+Registering a plugin
+--------------------
+
+.. autofunction:: deltachat.register_global_plugin
+    :noindex:
+
+.. automethod:: deltachat.account.Account.add_account_plugin
+    :noindex:
+
+
+Per-Account Hook specifications
+-------------------------------
+
+.. autoclass:: deltachat.hookspec.PerAccount
+    :members:
+
+
+Global Hook specifications
+--------------------------
+
+.. autoclass:: deltachat.hookspec.Global
+    :members:
+
--- a/python/examples/echo_and_quit.py
+++ b/python/examples/echo_and_quit.py
@@ -0,0 +1,30 @@
+
+# content of echo_and_quit.py
+
+from deltachat import account_hookimpl, run_cmdline
+
+
+class EchoPlugin:
+    @account_hookimpl
+    def ac_incoming_message(self, message):
+        print("process_incoming message", message)
+        if message.text.strip() == "/quit":
+            message.account.shutdown()
+        else:
+            # unconditionally accept the chat
+            message.accept_sender_contact()
+            addr = message.get_sender_contact().addr
+            text = message.text
+            message.chat.send_text("echoing from {}:\n{}".format(addr, text))
+
+    @account_hookimpl
+    def ac_message_delivered(self, message):
+        print("ac_message_delivered", message)
+
+
+def main(argv=None):
+    run_cmdline(argv=argv, account_plugins=[EchoPlugin()])
+
+
+if __name__ == "__main__":
+    main()
--- a/python/examples/group_tracking.py
+++ b/python/examples/group_tracking.py
@@ -0,0 +1,40 @@
+
+# content of group_tracking.py
+
+from deltachat import account_hookimpl, run_cmdline
+
+
+class GroupTrackingPlugin:
+    @account_hookimpl
+    def ac_incoming_message(self, message):
+        print("process_incoming message", message)
+        if message.text.strip() == "/quit":
+            message.account.shutdown()
+        else:
+            # unconditionally accept the chat
+            message.accept_sender_contact()
+            addr = message.get_sender_contact().addr
+            text = message.text
+            message.chat.send_text("echoing from {}:\n{}".format(addr, text))
+
+    @account_hookimpl
+    def ac_configure_completed(self, success):
+        print("*** ac_configure_completed:", success)
+
+    @account_hookimpl
+    def ac_member_added(self, chat, contact):
+        print("*** ac_member_added", contact.addr, "from", chat)
+        for member in chat.get_contacts():
+            print("chat member: {}".format(member.addr))
+
+    @account_hookimpl
+    def ac_member_removed(self, chat, contact):
+        print("*** ac_member_removed", contact.addr, "from", chat)
+
+
+def main(argv=None):
+    run_cmdline(argv=argv, account_plugins=[GroupTrackingPlugin()])
+
+
+if __name__ == "__main__":
+    main()
--- a/python/examples/test_examples.py
+++ b/python/examples/test_examples.py
@@ -0,0 +1,72 @@
+
+import pytest
+import py
+import echo_and_quit
+import group_tracking
+from deltachat.eventlogger import FFIEventLogger
+
+
+@pytest.fixture(scope='session')
+def datadir():
+    """The py.path.local object of the test-data/ directory."""
+    for path in reversed(py.path.local(__file__).parts()):
+        datadir = path.join('test-data')
+        if datadir.isdir():
+            return datadir
+    else:
+        pytest.skip('test-data directory not found')
+
+
+def test_echo_quit_plugin(acfactory):
+    botproc = acfactory.run_bot_process(echo_and_quit)
+
+    ac1 = acfactory.get_one_online_account()
+    bot_contact = ac1.create_contact(botproc.addr)
+    ch1 = ac1.create_chat_by_contact(bot_contact)
+    ch1.send_text("hello")
+    reply = ac1._evtracker.wait_next_incoming_message()
+    assert "hello" in reply.text
+    assert reply.chat == ch1
+    ch1.send_text("/quit")
+    botproc.wait()
+
+
+def test_group_tracking_plugin(acfactory, lp):
+    lp.sec("creating one group-tracking bot and two temp accounts")
+    botproc = acfactory.run_bot_process(group_tracking)
+
+    ac1, ac2 = acfactory.get_two_online_accounts(quiet=True)
+
+    botproc.fnmatch_lines("""
+        *ac_configure_completed: True*
+    """)
+    ac1.add_account_plugin(FFIEventLogger(ac1, "ac1"))
+    ac2.add_account_plugin(FFIEventLogger(ac2, "ac2"))
+
+    lp.sec("creating bot test group with all three")
+    bot_contact = ac1.create_contact(botproc.addr)
+    ch = ac1.create_group_chat("bot test group")
+    ch.add_contact(bot_contact)
+    ch.send_text("hello")
+
+    botproc.fnmatch_lines("""
+        *ac_member_added {}*
+    """.format(ac1.get_config("addr")))
+
+    lp.sec("adding third member {}".format(ac2.get_config("addr")))
+    contact3 = ac1.create_contact(ac2.get_config("addr"))
+    ch.add_contact(contact3)
+
+    reply = ac1._evtracker.wait_next_incoming_message()
+    assert "hello" in reply.text
+
+    lp.sec("now looking at what the bot received")
+    botproc.fnmatch_lines("""
+        *ac_member_added {}*
+    """.format(contact3.addr))
+
+    lp.sec("contact successfully added, now removing")
+    ch.remove_contact(contact3)
+    botproc.fnmatch_lines("""
+        *ac_member_removed {}*
+    """.format(contact3.addr))
--- a/python/setup.py
+++ b/python/setup.py
@@ -18,10 +18,15 @@ def main():
        description='Python bindings for the Delta Chat Core library using CFFI against the Rust-implemented libdeltachat',
        long_description=long_description,
        author='holger krekel, Floris Bruynooghe, Bjoern Petersen and contributors',
-        install_requires=['cffi>=1.0.0', 'six'],
+        install_requires=['cffi>=1.0.0', 'pluggy'],
        packages=setuptools.find_packages('src'),
        package_dir={'': 'src'},
        cffi_modules=['src/deltachat/_build.py:ffibuilder'],
+        entry_points = {
+            'pytest11': [
+                'deltachat.testplugin = deltachat.testplugin',
+            ],
+        },
        classifiers=[
            'Development Status :: 4 - Beta',
            'Intended Audience :: Developers',
--- a/python/src/deltachat/init.py
+++ b/python/src/deltachat/init.py
@@ -1,6 +1,13 @@
-from deltachat import capi, const
-from deltachat.capi import ffi
-from deltachat.account import Account  # noqa
+import sys
+
+from . import capi, const, hookspec
+from .capi import ffi
+from .account import Account  # noqa
+from .message import Message  # noqa
+from .contact import Contact  # noqa
+from .chat import Chat        # noqa
+from .hookspec import account_hookimpl, global_hookimpl  # noqa
+from . import eventlogger

 from pkg_resources import get_distribution, DistributionNotFound
 try:
@@ -74,3 +81,62 @@ def get_dc_event_name(integer, _DC_EVENTNAME_MAP={}):
            if name.startswith("DC_EVENT_"):
                _DC_EVENTNAME_MAP[val] = name
    return _DC_EVENTNAME_MAP[integer]
+
+
+def register_global_plugin(plugin):
+    """ Register a global plugin which implements one or more
+    of the :class:`deltachat.hookspec.Global` hooks.
+    """
+    gm = hookspec.Global._get_plugin_manager()
+    gm.register(plugin)
+    gm.check_pending()
+
+
+def unregister_global_plugin(plugin):
+    gm = hookspec.Global._get_plugin_manager()
+    gm.unregister(plugin)
+
+
+register_global_plugin(eventlogger)
+
+
+def run_cmdline(argv=None, account_plugins=None):
+    """ Run a simple default command line app, registering the specified
+    account plugins. """
+    import argparse
+    if argv is None:
+        argv = sys.argv
+
+    parser = argparse.ArgumentParser(prog=argv[0] if argv else None)
+    parser.add_argument("db", action="store", help="database file")
+    parser.add_argument("--show-ffi", action="store_true", help="show low level ffi events")
+    parser.add_argument("--email", action="store", help="email address")
+    parser.add_argument("--password", action="store", help="password")
+
+    args = parser.parse_args(argv[1:])
+
+    ac = Account(args.db)
+
+    if args.show_ffi:
+        log = eventlogger.FFIEventLogger(ac, "bot")
+        ac.add_account_plugin(log)
+
+    if not ac.is_configured():
+        assert args.email and args.password, (
+            "you must specify --email and --password once to configure this database/account"
+        )
+        ac.set_config("addr", args.email)
+        ac.set_config("mail_pw", args.password)
+        ac.set_config("mvbox_move", "0")
+        ac.set_config("mvbox_watch", "0")
+        ac.set_config("sentbox_watch", "0")
+
+    for plugin in account_plugins or []:
+        ac.add_account_plugin(plugin)
+
+    # start IO threads and configure if neccessary
+    ac.start()
+
+    print("{}: waiting for message".format(ac.get_config("addr")))
+
+    ac.wait_shutdown()
--- a/python/src/deltachat/account.py
+++ b/python/src/deltachat/account.py
@@ -2,16 +2,12 @@

 from __future__ import print_function
 import atexit
-import threading
+from contextlib import contextmanager
+from email.utils import parseaddr
+import queue
+from threading import Event
 import os
-import re
-import time
 from array import array
-try:
-    from queue import Queue, Empty
-except ImportError:
-    from Queue import Queue, Empty
-
 import deltachat
 from . import const
 from .capi import ffi, lib
@@ -19,6 +15,12 @@ from .cutil import as_dc_charpointer, from_dc_charpointer, iter_array, DCLot
 from .chat import Chat
 from .message import Message
 from .contact import Contact
+from .tracker import ImexTracker
+from . import hookspec, iothreads
+
+
+class MissingCredentials(ValueError):
+    """ Account is missing `addr` and `mail_pw` config values. """


 class Account(object):
@@ -26,39 +28,54 @@ class Account(object):
    by the underlying deltachat core library.  All public Account methods are
    meant to be memory-safe and return memory-safe objects.
    """
-    def __init__(self, db_path, logid=None, eventlogging=True, os_name=None, debug=True):
+    MissingCredentials = MissingCredentials
+
+    def __init__(self, db_path, os_name=None):
        """ initialize account object.

        :param db_path: a path to the account database. The database
                        will be created if it doesn't exist.
-        :param logid: an optional logging prefix that should be used with
-                      the default internal logging.
-        :param eventlogging: if False no eventlogging and no context callback will be configured
        :param os_name: this will be put to the X-Mailer header in outgoing messages
-        :param debug: turn on debug logging for events.
        """
+        # initialize per-account plugin system
+        self._pm = hookspec.PerAccount._make_plugin_manager()
+        self.add_account_plugin(self)
+
        self._dc_context = ffi.gc(
            lib.dc_context_new(lib.py_dc_callback, ffi.NULL, as_dc_charpointer(os_name)),
            _destroy_dc_context,
        )
-        if eventlogging:
-            self._evlogger = EventLogger(self._dc_context, logid, debug)
-            deltachat.set_context_callback(self._dc_context, self._process_event)
-            self._threads = IOThreads(self._dc_context, self._evlogger._log_event)
-        else:
-            self._threads = IOThreads(self._dc_context)

+        hook = hookspec.Global._get_plugin_manager().hook
+
+        self._threads = iothreads.IOThreads(self)
+        self._hook_event_queue = queue.Queue()
+        self._in_use_iter_events = False
+        self._shutdown_event = Event()
+
+        # open database
+        self.db_path = db_path
        if hasattr(db_path, "encode"):
            db_path = db_path.encode("utf8")
        if not lib.dc_open(self._dc_context, db_path, ffi.NULL):
            raise ValueError("Could not dc_open: {}".format(db_path))
        self._configkeys = self.get_config("sys.config_keys").split()
-        self._imex_events = Queue()
        atexit.register(self.shutdown)
+        hook.dc_account_init(account=self)
+
+    @hookspec.account_hookimpl
+    def ac_process_ffi_event(self, ffi_event):
+        name, kwargs = self._map_ffi_event(ffi_event)
+        if name is not None:
+            ev = HookEvent(self, name=name, kwargs=kwargs)
+            self._hook_event_queue.put(ev)

    # def __del__(self):
    #    self.shutdown()

+    def ac_log_line(self, msg):
+        self._pm.hook.ac_log_line(message=msg)
+
    def _check_config_key(self, name):
        if name not in self._configkeys:
            raise KeyError("{!r} not a valid config key, existing keys: {!r}".format(
@@ -130,16 +147,15 @@ class Account(object):
        if res == 0:
            raise Exception("Failed to set key")

-    def configure(self, **kwargs):
-        """ set config values and configure this account.
+    def update_config(self, kwargs):
+        """ update config values.

        :param kwargs: name=value config settings for this account.
                       values need to be unicode.
        :returns: None
        """
-        for name, value in kwargs.items():
-            self.set_config(name, value)
-        lib.dc_configure(self._dc_context)
+        for key, value in kwargs.items():
+            self.set_config(key, str(value))

    def is_configured(self):
        """ determine if the account is configured already; an initial connection
@@ -147,7 +163,7 @@ class Account(object):

        :returns: True if account is configured.
        """
-        return lib.dc_is_configured(self._dc_context)
+        return bool(lib.dc_is_configured(self._dc_context))

    def set_avatar(self, img_path):
        """Set self avatar.
@@ -177,11 +193,6 @@ class Account(object):
            raise ValueError("no flags set")
        lib.dc_empty_server(self._dc_context, flags)

-    def get_infostring(self):
-        """ return info of the configured account. """
-        self.check_is_configured()
-        return from_dc_charpointer(lib.dc_get_info(self._dc_context))
-
    def get_latest_backupfile(self, backupdir):
        """ return the latest backup file in a given directory.
        """
@@ -203,8 +214,7 @@ class Account(object):

        :returns: :class:`deltachat.contact.Contact`
        """
-        self.check_is_configured()
-        return Contact(self._dc_context, const.DC_CONTACT_ID_SELF)
+        return Contact(self, const.DC_CONTACT_ID_SELF)

    def create_contact(self, email, name=None):
        """ create a (new) Contact. If there already is a Contact
@@ -215,11 +225,14 @@ class Account(object):
        :param name: display name for this contact (optional)
        :returns: :class:`deltachat.contact.Contact` instance.
        """
-        name = as_dc_charpointer(name)
-        email = as_dc_charpointer(email)
-        contact_id = lib.dc_create_contact(self._dc_context, name, email)
+        realname, addr = parseaddr(email)
+        if name:
+            realname = name
+        realname = as_dc_charpointer(realname)
+        addr = as_dc_charpointer(addr)
+        contact_id = lib.dc_create_contact(self._dc_context, realname, addr)
        assert contact_id > const.DC_CHAT_ID_LAST_SPECIAL
-        return Contact(self._dc_context, contact_id)
+        return Contact(self, contact_id)

    def delete_contact(self, contact):
        """ delete a Contact.
@@ -251,7 +264,7 @@ class Account(object):
            lib.dc_get_contacts(self._dc_context, flags, query),
            lib.dc_array_unref
        )
-        return list(iter_array(dc_array, lambda x: Contact(self._dc_context, x)))
+        return list(iter_array(dc_array, lambda x: Contact(self, x)))

    def create_chat_by_contact(self, contact):
        """ create or get an existing 1:1 chat object for the specified contact or contact id.
@@ -273,6 +286,9 @@ class Account(object):
        """ create or get an existing chat object for the
        the specified message.

+        If this message is in the deaddrop chat then
+        the sender will become an accepted contact.
+
        :param message: messsage id or message instance.
        :returns: a :class:`deltachat.chat.Chat` object.
        """
@@ -325,6 +341,13 @@ class Account(object):
        """
        return Message.from_db(self, msg_id)

+    def get_contact_by_id(self, contact_id):
+        """ return Contact instance or None.
+        :param contact_id: integer id of this contact.
+        :returns: None or :class:`deltachat.contact.Contact` instance.
+        """
+        return Contact(self, contact_id)
+
    def get_chat_by_id(self, chat_id):
        """ return Chat instance.
        :param chat_id: integer id of this chat.
@@ -369,45 +392,37 @@ class Account(object):
        lib.dc_delete_msgs(self._dc_context, msg_ids, len(msg_ids))

    def export_self_keys(self, path):
-        """ export public and private keys to the specified directory. """
+        """ export public and private keys to the specified directory.
+
+        Note that the account does not have to be started.
+        """
        return self._export(path, imex_cmd=1)

    def export_all(self, path):
        """return new file containing a backup of all database state
        (chats, contacts, keys, media, ...). The file is created in the
        the `path` directory.
+
+        Note that the account does not have to be started.
        """
        export_files = self._export(path, 11)
        if len(export_files) != 1:
            raise RuntimeError("found more than one new file")
        return export_files[0]

-    def _imex_events_clear(self):
-        try:
-            while True:
-                self._imex_events.get_nowait()
-        except Empty:
-            pass
-
    def _export(self, path, imex_cmd):
-        self._imex_events_clear()
-        lib.dc_imex(self._dc_context, imex_cmd, as_dc_charpointer(path), ffi.NULL)
-        if not self._threads.is_started():
-            lib.dc_perform_imap_jobs(self._dc_context)
-        files_written = []
-        while True:
-            ev = self._imex_events.get()
-            if isinstance(ev, str):
-                files_written.append(ev)
-            elif isinstance(ev, bool):
-                if not ev:
-                    raise ValueError("export failed, exp-files: {}".format(files_written))
-                return files_written
+        with self.temp_plugin(ImexTracker()) as imex_tracker:
+            lib.dc_imex(self._dc_context, imex_cmd, as_dc_charpointer(path), ffi.NULL)
+            if not self._threads.is_started():
+                lib.dc_perform_imap_jobs(self._dc_context)
+            return imex_tracker.wait_finish()

    def import_self_keys(self, path):
        """ Import private keys found in the `path` directory.
        The last imported key is made the default keys unless its name
        contains the string legacy. Public keys are not imported.
+
+        Note that the account does not have to be started.
        """
        self._import(path, imex_cmd=2)

@@ -420,12 +435,11 @@ class Account(object):
        self._import(path, imex_cmd=12)

    def _import(self, path, imex_cmd):
-        self._imex_events_clear()
-        lib.dc_imex(self._dc_context, imex_cmd, as_dc_charpointer(path), ffi.NULL)
-        if not self._threads.is_started():
-            lib.dc_perform_imap_jobs(self._dc_context)
-        if not self._imex_events.get():
-            raise ValueError("import from path '{}' failed".format(path))
+        with self.temp_plugin(ImexTracker()) as imex_tracker:
+            lib.dc_imex(self._dc_context, imex_cmd, as_dc_charpointer(path), ffi.NULL)
+            if not self._threads.is_started():
+                lib.dc_perform_imap_jobs(self._dc_context)
+            imex_tracker.wait_finish()

    def initiate_key_transfer(self):
        """return setup code after a Autocrypt setup message
@@ -490,63 +504,6 @@ class Account(object):
            raise ValueError("could not join group")
        return Chat(self, chat_id)

-    def stop_ongoing(self):
-        lib.dc_stop_ongoing_process(self._dc_context)
-
-    #
-    # meta API for start/stop and event based processing
-    #
-
-    def wait_next_incoming_message(self):
-        """ wait for and return next incoming message. """
-        ev = self._evlogger.get_matching("DC_EVENT_INCOMING_MSG")
-        return self.get_message_by_id(ev[2])
-
-    def start_threads(self, mvbox=False, sentbox=False):
-        """ start IMAP/SMTP threads (and configure account if it hasn't happened).
-
-        :raises: ValueError if 'addr' or 'mail_pw' are not configured.
-        :returns: None
-        """
-        if not self.is_configured():
-            self.configure()
-        self._threads.start(mvbox=mvbox, sentbox=sentbox)
-
-    def stop_threads(self, wait=True):
-        """ stop IMAP/SMTP threads. """
-        if self._threads.is_started():
-            self.stop_ongoing()
-            self._threads.stop(wait=wait)
-
-    def shutdown(self, wait=True):
-        """ stop threads and close and remove underlying dc_context and callbacks. """
-        if hasattr(self, "_dc_context") and hasattr(self, "_threads"):
-            # print("SHUTDOWN", self)
-            self.stop_threads(wait=False)
-            lib.dc_close(self._dc_context)
-            self.stop_threads(wait=wait)  # to wait for threads
-            deltachat.clear_context_callback(self._dc_context)
-            del self._dc_context
-            atexit.unregister(self.shutdown)
-
-    def _process_event(self, ctx, evt_name, data1, data2):
-        assert ctx == self._dc_context
-        if hasattr(self, "_evlogger"):
-            self._evlogger(evt_name, data1, data2)
-            method = getattr(self, "on_" + evt_name.lower(), None)
-            if method is not None:
-                method(data1, data2)
-        return 0
-
-    def on_dc_event_imex_progress(self, data1, data2):
-        if data1 == 1000:
-            self._imex_events.put(True)
-        elif data1 == 0:
-            self._imex_events.put(False)
-
-    def on_dc_event_imex_file_written(self, data1, data2):
-        self._imex_events.put(data1)
-
    def set_location(self, latitude=0.0, longitude=0.0, accuracy=0.0):
        """set a new location. It effects all chats where we currently
        have enabled location streaming.
@@ -561,159 +518,123 @@ class Account(object):
        if dc_res == 0:
            raise ValueError("no chat is streaming locations")

+    #
+    # meta API for start/stop and event based processing
+    #

-class IOThreads:
-    def __init__(self, dc_context, log_event=lambda *args: None):
-        self._dc_context = dc_context
-        self._thread_quitflag = False
-        self._name2thread = {}
-        self._log_event = log_event
+    def add_account_plugin(self, plugin, name=None):
+        """ add an account plugin which implements one or more of
+        the :class:`deltachat.hookspec.PerAccount` hooks.
+        """
+        self._pm.register(plugin, name=name)
+        self._pm.check_pending()
+        return plugin

-    def is_started(self):
-        return len(self._name2thread) > 0
+    @contextmanager
+    def temp_plugin(self, plugin):
+        """ run a with-block with the given plugin temporarily registered. """
+        self._pm.register(plugin)
+        yield plugin
+        self._pm.unregister(plugin)

-    def start(self, imap=True, smtp=True, mvbox=False, sentbox=False):
-        assert not self.is_started()
-        if imap:
-            self._start_one_thread("inbox", self.imap_thread_run)
-        if mvbox:
-            self._start_one_thread("mvbox", self.mvbox_thread_run)
-        if sentbox:
-            self._start_one_thread("sentbox", self.sentbox_thread_run)
-        if smtp:
-            self._start_one_thread("smtp", self.smtp_thread_run)
+    def stop_ongoing(self):
+        """ Stop ongoing securejoin, configuration or other core jobs. """
+        lib.dc_stop_ongoing_process(self._dc_context)

-    def _start_one_thread(self, name, func):
-        self._name2thread[name] = t = threading.Thread(target=func, name=name)
-        t.setDaemon(1)
-        t.start()
+    def start(self, callback_thread=True):
+        """ start this account (activate imap/smtp threads etc.)
+        and return immediately.

-    def stop(self, wait=False):
-        self._thread_quitflag = True
+        If this account is not configured, an internal configuration
+        job will be scheduled if config values are sufficiently specified.

-        # Workaround for a race condition. Make sure that thread is
-        # not in between checking for quitflag and entering idle.
-        time.sleep(0.5)
+        You may call `wait_shutdown` or `shutdown` after the
+        account is in started mode.

-        lib.dc_interrupt_imap_idle(self._dc_context)
-        lib.dc_interrupt_smtp_idle(self._dc_context)
-        lib.dc_interrupt_mvbox_idle(self._dc_context)
-        lib.dc_interrupt_sentbox_idle(self._dc_context)
-        if wait:
-            for name, thread in self._name2thread.items():
-                thread.join()
+        :raises MissingCredentials: if `addr` and `mail_pw` values are not set.

-    def imap_thread_run(self):
-        self._log_event("py-bindings-info", 0, "INBOX THREAD START")
-        while not self._thread_quitflag:
-            lib.dc_perform_imap_jobs(self._dc_context)
-            if not self._thread_quitflag:
-                lib.dc_perform_imap_fetch(self._dc_context)
-            if not self._thread_quitflag:
-                lib.dc_perform_imap_idle(self._dc_context)
-        self._log_event("py-bindings-info", 0, "INBOX THREAD FINISHED")
+        :returns: None
+        """
+        if not self.is_configured():
+            if not self.get_config("addr") or not self.get_config("mail_pw"):
+                raise MissingCredentials("addr or mail_pwd not set in config")
+            lib.dc_configure(self._dc_context)
+        self._threads.start(callback_thread=callback_thread)

-    def mvbox_thread_run(self):
-        self._log_event("py-bindings-info", 0, "MVBOX THREAD START")
-        while not self._thread_quitflag:
-            lib.dc_perform_mvbox_jobs(self._dc_context)
-            if not self._thread_quitflag:
-                lib.dc_perform_mvbox_fetch(self._dc_context)
-            if not self._thread_quitflag:
-                lib.dc_perform_mvbox_idle(self._dc_context)
-        self._log_event("py-bindings-info", 0, "MVBOX THREAD FINISHED")
+    def wait_shutdown(self):
+        """ wait until shutdown of this account has completed. """
+        self._shutdown_event.wait()

-    def sentbox_thread_run(self):
-        self._log_event("py-bindings-info", 0, "SENTBOX THREAD START")
-        while not self._thread_quitflag:
-            lib.dc_perform_sentbox_jobs(self._dc_context)
-            if not self._thread_quitflag:
-                lib.dc_perform_sentbox_fetch(self._dc_context)
-            if not self._thread_quitflag:
-                lib.dc_perform_sentbox_idle(self._dc_context)
-        self._log_event("py-bindings-info", 0, "SENTBOX THREAD FINISHED")
+    def shutdown(self, wait=True):
+        """ shutdown account, stop threads and close and remove
+        underlying dc_context and callbacks. """
+        dc_context = self._dc_context
+        if dc_context is None:
+            return

-    def smtp_thread_run(self):
-        self._log_event("py-bindings-info", 0, "SMTP THREAD START")
-        while not self._thread_quitflag:
-            lib.dc_perform_smtp_jobs(self._dc_context)
-            if not self._thread_quitflag:
-                lib.dc_perform_smtp_idle(self._dc_context)
-        self._log_event("py-bindings-info", 0, "SMTP THREAD FINISHED")
+        if self._threads.is_started():
+            self.stop_ongoing()
+            self._threads.stop(wait=False)
+        lib.dc_close(dc_context)
+        self._hook_event_queue.put(None)
+        self._threads.stop(wait=wait)  # to wait for threads
+        self._dc_context = None
+        atexit.unregister(self.shutdown)
+        self._shutdown_event.set()
+        hook = hookspec.Global._get_plugin_manager().hook
+        hook.dc_account_after_shutdown(account=self, dc_context=dc_context)

-
-class EventLogger:
-    _loglock = threading.RLock()
-
-    def __init__(self, dc_context, logid=None, debug=True):
-        self._dc_context = dc_context
-        self._event_queue = Queue()
-        self._debug = debug
-        if logid is None:
-            logid = str(self._dc_context).strip(">").split()[-1]
-        self.logid = logid
-        self._timeout = None
-        self.init_time = time.time()
-
-    def __call__(self, evt_name, data1, data2):
-        self._log_event(evt_name, data1, data2)
-        self._event_queue.put((evt_name, data1, data2))
-
-    def set_timeout(self, timeout):
-        self._timeout = timeout
-
-    def consume_events(self, check_error=True):
-        while not self._event_queue.empty():
-            self.get()
-
-    def get(self, timeout=None, check_error=True):
-        timeout = timeout or self._timeout
-        ev = self._event_queue.get(timeout=timeout)
-        if check_error and ev[0] == "DC_EVENT_ERROR":
-            raise ValueError("{}({!r},{!r})".format(*ev))
-        return ev
-
-    def ensure_event_not_queued(self, event_name_regex):
-        __tracebackhide__ = True
-        rex = re.compile("(?:{}).*".format(event_name_regex))
+    def _handle_current_events(self):
+        """ handle all currently queued events and then return. """
        while 1:
            try:
-                ev = self._event_queue.get(False)
-            except Empty:
+                event = self._hook_event_queue.get(block=False)
+            except queue.Empty:
                break
            else:
-                assert not rex.match(ev[0]), "event found {}".format(ev)
+                event.call_hook()

-    def get_matching(self, event_name_regex, check_error=True, timeout=None):
-        self._log("-- waiting for event with regex: {} --".format(event_name_regex))
-        rex = re.compile("(?:{}).*".format(event_name_regex))
+    def iter_events(self, timeout=None):
+        """ yield hook events until shutdown.
+
+        It is not allowed to call iter_events() from multiple threads.
+        """
+        if self._in_use_iter_events:
+            raise RuntimeError("can only call iter_events() from one thread")
+        self._in_use_iter_events = True
        while 1:
-            ev = self.get(timeout=timeout, check_error=check_error)
-            if rex.match(ev[0]):
-                return ev
+            event = self._hook_event_queue.get(timeout=timeout)
+            if event is None:
+                break
+            yield event

-    def get_info_matching(self, regex):
-        rex = re.compile("(?:{}).*".format(regex))
-        while 1:
-            ev = self.get_matching("DC_EVENT_INFO")
-            if rex.match(ev[2]):
-                return ev
-
-    def _log_event(self, evt_name, data1, data2):
-        # don't show events that are anyway empty impls now
-        if evt_name == "DC_EVENT_GET_STRING":
-            return
-        if self._debug:
-            evpart = "{}({!r},{!r})".format(evt_name, data1, data2)
-            self._log(evpart)
-
-    def _log(self, msg):
-        t = threading.currentThread()
-        tname = getattr(t, "name", t)
-        if tname == "MainThread":
-            tname = "MAIN"
-        with self._loglock:
-            print("{:2.2f} [{}-{}] {}".format(time.time() - self.init_time, tname, self.logid, msg))
+    def _map_ffi_event(self, ffi_event):
+        name = ffi_event.name
+        if name == "DC_EVENT_CONFIGURE_PROGRESS":
+            data1 = ffi_event.data1
+            if data1 == 0 or data1 == 1000:
+                success = data1 == 1000
+                return "ac_configure_completed", dict(success=success)
+        elif name == "DC_EVENT_INCOMING_MSG":
+            msg = self.get_message_by_id(ffi_event.data2)
+            return "ac_incoming_message", dict(message=msg)
+        elif name == "DC_EVENT_MSGS_CHANGED":
+            if ffi_event.data2 != 0:
+                msg = self.get_message_by_id(ffi_event.data2)
+                if msg.is_in_fresh():
+                    return "ac_incoming_message", dict(message=msg)
+        elif name == "DC_EVENT_MSG_DELIVERED":
+            msg = self.get_message_by_id(ffi_event.data2)
+            return "ac_message_delivered", dict(message=msg)
+        elif name == "DC_EVENT_MEMBER_ADDED":
+            chat = self.get_chat_by_id(ffi_event.data1)
+            contact = self.get_contact_by_id(ffi_event.data2)
+            return "ac_member_added", dict(chat=chat, contact=contact)
+        elif name == "DC_EVENT_MEMBER_REMOVED":
+            chat = self.get_chat_by_id(ffi_event.data1)
+            contact = self.get_contact_by_id(ffi_event.data2)
+            return "ac_member_removed", dict(chat=chat, contact=contact)
+        return None, {}


 def _destroy_dc_context(dc_context, dc_context_unref=lib.dc_context_unref):
@@ -740,3 +661,17 @@ class ScannedQRCode:
    @property
    def contact_id(self):
        return self._dc_lot.id()
+
+
+class HookEvent:
+    def __init__(self, account, name, kwargs):
+        assert hasattr(account._pm.hook, name), name
+        self.account = account
+        self.name = name
+        self.kwargs = kwargs
+
+    def call_hook(self):
+        hook = getattr(self.account._pm.hook, self.name, None)
+        if hook is None:
+            raise ValueError("event_name {} unknown".format(self.name))
+        return hook(**self.kwargs)
--- a/python/src/deltachat/chat.py
+++ b/python/src/deltachat/chat.py
@@ -51,6 +51,16 @@ class Chat(object):

    # ------  chat status/metadata API ------------------------------

+    def is_group(self):
+        """ return true if this chat is a group chat.
+
+        :returns: True if chat is a group-chat, false if it's a contact 1:1 chat.
+        """
+        return lib.dc_chat_get_type(self._dc_chat) in (
+            const.DC_CHAT_TYPE_GROUP,
+            const.DC_CHAT_TYPE_VERIFIED_GROUP
+        )
+
    def is_deaddrop(self):
        """ return true if this chat is a deaddrop chat.

@@ -129,7 +139,7 @@ class Chat(object):
        return bool(lib.dc_chat_get_remaining_mute_duration(self.id))

    def get_type(self):
-        """ return type of this chat.
+        """ (deprecated) return type of this chat.

        :returns: one of const.DC_CHAT_TYPE_*
        """
@@ -353,7 +363,7 @@ class Chat(object):
            lib.dc_array_unref
        )
        return list(iter_array(
-            dc_array, lambda id: Contact(self._dc_context, id))
+            dc_array, lambda id: Contact(self.account, id))
        )

    def set_profile_image(self, img_path):
@@ -423,7 +433,7 @@ class Chat(object):
        """return True if this chat is archived.
        :returns: True if archived.
        """
-        return lib.dc_chat_get_archived(self._dc_chat)
+        return lib.dc_chat_get_visibility(self._dc_chat) == const.DC_CHAT_VISIBILITY_ARCHIVED

    def enable_sending_locations(self, seconds):
        """enable sending locations for this chat.
--- a/python/src/deltachat/const.py
+++ b/python/src/deltachat/const.py
@@ -18,6 +18,7 @@ DC_QR_ASK_VERIFYGROUP = 202
 DC_QR_FPR_OK = 210
 DC_QR_FPR_MISMATCH = 220
 DC_QR_FPR_WITHOUT_ADDR = 230
+DC_QR_ACCOUNT = 250
 DC_QR_ADDR = 320
 DC_QR_TEXT = 330
 DC_QR_URL = 332
@@ -98,13 +99,21 @@ DC_EVENT_IMEX_FILE_WRITTEN = 2052
 DC_EVENT_SECUREJOIN_INVITER_PROGRESS = 2060
 DC_EVENT_SECUREJOIN_JOINER_PROGRESS = 2061
 DC_EVENT_SECUREJOIN_MEMBER_ADDED = 2062
+DC_EVENT_MEMBER_ADDED = 2063
+DC_EVENT_MEMBER_REMOVED = 2064
 DC_EVENT_FILE_COPIED = 2055
 DC_EVENT_IS_OFFLINE = 2081
 DC_EVENT_GET_STRING = 2091
 DC_STR_SELFNOTINGRP = 21
+DC_KEY_GEN_DEFAULT = 0
+DC_KEY_GEN_RSA2048 = 1
+DC_KEY_GEN_ED25519 = 2
 DC_PROVIDER_STATUS_OK = 1
 DC_PROVIDER_STATUS_PREPARATION = 2
 DC_PROVIDER_STATUS_BROKEN = 3
+DC_CHAT_VISIBILITY_NORMAL = 0
+DC_CHAT_VISIBILITY_ARCHIVED = 1
+DC_CHAT_VISIBILITY_PINNED = 2
 DC_STR_NOMESSAGES = 1
 DC_STR_SELF = 2
 DC_STR_DRAFT = 3
@@ -157,7 +166,7 @@ DC_STR_COUNT = 68

 def read_event_defines(f):
    rex = re.compile(r'#define\s+((?:DC_EVENT|DC_QR|DC_MSG|DC_LP|DC_EMPTY|DC_CERTCK|DC_STATE|DC_STR|'
-                     r'DC_CONTACT_ID|DC_GCL|DC_CHAT|DC_PROVIDER)_\S+)\s+([x\d]+).*')
+                     r'DC_CONTACT_ID|DC_GCL|DC_CHAT|DC_PROVIDER|DC_KEY_GEN)_\S+)\s+([x\d]+).*')
    for line in f:
        m = rex.match(line)
        if m:
--- a/python/src/deltachat/contact.py
+++ b/python/src/deltachat/contact.py
@@ -10,8 +10,9 @@ class Contact(object):

    You obtain instances of it through :class:`deltachat.account.Account`.
    """
-    def __init__(self, dc_context, id):
-        self._dc_context = dc_context
+    def __init__(self, account, id):
+        self.account = account
+        self._dc_context = account._dc_context
        self.id = id

    def __eq__(self, other):
@@ -57,3 +58,7 @@ class Contact(object):
        if dc_res == ffi.NULL:
            return None
        return from_dc_charpointer(dc_res)
+
+    def get_chat(self):
+        """return 1:1 chat for this contact. """
+        return self.account.create_chat_by_contact(self)
--- a/python/src/deltachat/eventlogger.py
+++ b/python/src/deltachat/eventlogger.py
@@ -0,0 +1,137 @@
+import deltachat
+import threading
+import time
+import re
+from queue import Queue, Empty
+from .hookspec import account_hookimpl, global_hookimpl
+
+
+@global_hookimpl
+def dc_account_init(account):
+    # send all FFI events for this account to a plugin hook
+    def _ll_event(ctx, evt_name, data1, data2):
+        assert ctx == account._dc_context
+        ffi_event = FFIEvent(name=evt_name, data1=data1, data2=data2)
+        account._pm.hook.ac_process_ffi_event(
+            account=account, ffi_event=ffi_event
+        )
+    deltachat.set_context_callback(account._dc_context, _ll_event)
+
+
+@global_hookimpl
+def dc_account_after_shutdown(dc_context):
+    deltachat.clear_context_callback(dc_context)
+
+
+class FFIEvent:
+    def __init__(self, name, data1, data2):
+        self.name = name
+        self.data1 = data1
+        self.data2 = data2
+
+    def __str__(self):
+        return "{name} data1={data1} data2={data2}".format(**self.__dict__)
+
+
+class FFIEventLogger:
+    """ If you register an instance of this logger with an Account
+    you'll get all ffi-events printed.
+    """
+    # to prevent garbled logging
+    _loglock = threading.RLock()
+
+    def __init__(self, account, logid):
+        """
+        :param logid: an optional logging prefix that should be used with
+                      the default internal logging.
+        """
+        self.account = account
+        self.logid = logid
+        self.init_time = time.time()
+
+    @account_hookimpl
+    def ac_process_ffi_event(self, ffi_event):
+        self._log_event(ffi_event)
+
+    def _log_event(self, ffi_event):
+        # don't show events that are anyway empty impls now
+        if ffi_event.name == "DC_EVENT_GET_STRING":
+            return
+        self.account.ac_log_line(str(ffi_event))
+
+    @account_hookimpl
+    def ac_log_line(self, message):
+        t = threading.currentThread()
+        tname = getattr(t, "name", t)
+        if tname == "MainThread":
+            tname = "MAIN"
+        elapsed = time.time() - self.init_time
+        locname = tname
+        if self.logid:
+            locname += "-" + self.logid
+        s = "{:2.2f} [{}] {}".format(elapsed, locname, message)
+        with self._loglock:
+            print(s, flush=True)
+
+
+class FFIEventTracker:
+    def __init__(self, account, timeout=None):
+        self.account = account
+        self._timeout = timeout
+        self._event_queue = Queue()
+
+    @account_hookimpl
+    def ac_process_ffi_event(self, ffi_event):
+        self._event_queue.put(ffi_event)
+
+    def set_timeout(self, timeout):
+        self._timeout = timeout
+
+    def consume_events(self, check_error=True):
+        while not self._event_queue.empty():
+            self.get(check_error=check_error)
+
+    def get(self, timeout=None, check_error=True):
+        timeout = timeout if timeout is not None else self._timeout
+        ev = self._event_queue.get(timeout=timeout)
+        if check_error and ev.name == "DC_EVENT_ERROR":
+            raise ValueError(str(ev))
+        return ev
+
+    def ensure_event_not_queued(self, event_name_regex):
+        __tracebackhide__ = True
+        rex = re.compile("(?:{}).*".format(event_name_regex))
+        while 1:
+            try:
+                ev = self._event_queue.get(False)
+            except Empty:
+                break
+            else:
+                assert not rex.match(ev.name), "event found {}".format(ev)
+
+    def get_matching(self, event_name_regex, check_error=True, timeout=None):
+        self.account.ac_log_line("-- waiting for event with regex: {} --".format(event_name_regex))
+        rex = re.compile("(?:{}).*".format(event_name_regex))
+        while 1:
+            ev = self.get(timeout=timeout, check_error=check_error)
+            if rex.match(ev.name):
+                return ev
+
+    def get_info_matching(self, regex):
+        rex = re.compile("(?:{}).*".format(regex))
+        while 1:
+            ev = self.get_matching("DC_EVENT_INFO")
+            if rex.match(ev.data2):
+                return ev
+
+    def wait_next_incoming_message(self):
+        """ wait for and return next incoming message. """
+        ev = self.get_matching("DC_EVENT_INCOMING_MSG")
+        return self.account.get_message_by_id(ev.data2)
+
+    def wait_next_messages_changed(self):
+        """ wait for and return next message-changed message or None
+        if the event contains no msgid"""
+        ev = self.get_matching("DC_EVENT_MSGS_CHANGED")
+        if ev.data2 > 0:
+            return self.account.get_message_by_id(ev.data2)
--- a/python/src/deltachat/hookspec.py
+++ b/python/src/deltachat/hookspec.py
@@ -0,0 +1,84 @@
+""" Hooks for Python bindings to Delta Chat Core Rust CFFI"""
+
+import pluggy
+
+
+account_spec_name = "deltachat-account"
+account_hookspec = pluggy.HookspecMarker(account_spec_name)
+account_hookimpl = pluggy.HookimplMarker(account_spec_name)
+
+global_spec_name = "deltachat-global"
+global_hookspec = pluggy.HookspecMarker(global_spec_name)
+global_hookimpl = pluggy.HookimplMarker(global_spec_name)
+
+
+class PerAccount:
+    """ per-Account-instance hook specifications.
+
+    Except for ac_process_ffi_event all hooks are executed
+    in the thread which calls Account.wait_shutdown().
+    """
+    @classmethod
+    def _make_plugin_manager(cls):
+        pm = pluggy.PluginManager(account_spec_name)
+        pm.add_hookspecs(cls)
+        return pm
+
+    @account_hookspec
+    def ac_process_ffi_event(self, ffi_event):
+        """ process a CFFI low level events for a given account.
+
+        ffi_event has "name", "data1", "data2" values as specified
+        with `DC_EVENT_* <https://c.delta.chat/group__DC__EVENT.html>`_.
+
+        DANGER: this hook is executed from the callback invoked by core.
+        Hook implementations need to be short running and can typically
+        not call back into core because this would easily cause recursion issues.
+        """
+
+    @account_hookspec
+    def ac_log_line(self, message):
+        """ log a message related to the account. """
+
+    @account_hookspec
+    def ac_configure_completed(self, success):
+        """ Called when a configure process completed. """
+
+    @account_hookspec
+    def ac_incoming_message(self, message):
+        """ Called on any incoming message (to deaddrop or chat). """
+
+    @account_hookspec
+    def ac_message_delivered(self, message):
+        """ Called when an outgoing message has been delivered to SMTP. """
+
+    @account_hookspec
+    def ac_member_added(self, chat, contact):
+        """ Called for each contact added to a chat. """
+
+    @account_hookspec
+    def ac_member_removed(self, chat, contact):
+        """ Called for each contact removed from a chat. """
+
+
+class Global:
+    """ global hook specifications using a per-process singleton
+    plugin manager instance.
+
+    """
+    _plugin_manager = None
+
+    @classmethod
+    def _get_plugin_manager(cls):
+        if cls._plugin_manager is None:
+            cls._plugin_manager = pm = pluggy.PluginManager(global_spec_name)
+            pm.add_hookspecs(cls)
+        return cls._plugin_manager
+
+    @global_hookspec
+    def dc_account_init(self, account):
+        """ called when `Account::__init__()` function starts executing. """
+
+    @global_hookspec
+    def dc_account_after_shutdown(self, account, dc_context):
+        """ Called after the account has been shutdown. """
--- a/python/src/deltachat/iothreads.py
+++ b/python/src/deltachat/iothreads.py
@@ -0,0 +1,106 @@
+
+import threading
+import time
+
+from contextlib import contextmanager
+
+from .capi import lib
+
+
+class IOThreads:
+    def __init__(self, account):
+        self.account = account
+        self._dc_context = account._dc_context
+        self._thread_quitflag = False
+        self._name2thread = {}
+
+    def is_started(self):
+        return len(self._name2thread) > 0
+
+    def start(self, callback_thread):
+        assert not self.is_started()
+        self._start_one_thread("inbox", self.imap_thread_run)
+        self._start_one_thread("smtp", self.smtp_thread_run)
+
+        if callback_thread:
+            self._start_one_thread("cb", self.cb_thread_run)
+
+        if int(self.account.get_config("mvbox_watch")):
+            self._start_one_thread("mvbox", self.mvbox_thread_run)
+
+        if int(self.account.get_config("sentbox_watch")):
+            self._start_one_thread("sentbox", self.sentbox_thread_run)
+
+    def _start_one_thread(self, name, func):
+        self._name2thread[name] = t = threading.Thread(target=func, name=name)
+        t.setDaemon(1)
+        t.start()
+
+    @contextmanager
+    def log_execution(self, message):
+        self.account.ac_log_line(message + " START")
+        yield
+        self.account.ac_log_line(message + " FINISHED")
+
+    def stop(self, wait=False):
+        self._thread_quitflag = True
+
+        # Workaround for a race condition. Make sure that thread is
+        # not in between checking for quitflag and entering idle.
+        time.sleep(0.5)
+
+        lib.dc_interrupt_imap_idle(self._dc_context)
+        lib.dc_interrupt_smtp_idle(self._dc_context)
+        if "mvbox" in self._name2thread:
+            lib.dc_interrupt_mvbox_idle(self._dc_context)
+        if "sentbox" in self._name2thread:
+            lib.dc_interrupt_sentbox_idle(self._dc_context)
+        if wait:
+            for name, thread in self._name2thread.items():
+                if thread != threading.currentThread():
+                    thread.join()
+
+    def cb_thread_run(self):
+        with self.log_execution("CALLBACK THREAD START"):
+            it = self.account.iter_events()
+            while not self._thread_quitflag:
+                try:
+                    ev = next(it)
+                except StopIteration:
+                    break
+                self.account.ac_log_line("calling hook name={} kwargs={}".format(ev.name, ev.kwargs))
+                ev.call_hook()
+
+    def imap_thread_run(self):
+        with self.log_execution("INBOX THREAD START"):
+            while not self._thread_quitflag:
+                lib.dc_perform_imap_jobs(self._dc_context)
+                if not self._thread_quitflag:
+                    lib.dc_perform_imap_fetch(self._dc_context)
+                if not self._thread_quitflag:
+                    lib.dc_perform_imap_idle(self._dc_context)
+
+    def mvbox_thread_run(self):
+        with self.log_execution("MVBOX THREAD"):
+            while not self._thread_quitflag:
+                lib.dc_perform_mvbox_jobs(self._dc_context)
+                if not self._thread_quitflag:
+                    lib.dc_perform_mvbox_fetch(self._dc_context)
+                if not self._thread_quitflag:
+                    lib.dc_perform_mvbox_idle(self._dc_context)
+
+    def sentbox_thread_run(self):
+        with self.log_execution("SENTBOX THREAD"):
+            while not self._thread_quitflag:
+                lib.dc_perform_sentbox_jobs(self._dc_context)
+                if not self._thread_quitflag:
+                    lib.dc_perform_sentbox_fetch(self._dc_context)
+                if not self._thread_quitflag:
+                    lib.dc_perform_sentbox_idle(self._dc_context)
+
+    def smtp_thread_run(self):
+        with self.log_execution("SMTP THREAD"):
+            while not self._thread_quitflag:
+                lib.dc_perform_smtp_jobs(self._dc_context)
+                if not self._thread_quitflag:
+                    lib.dc_perform_smtp_idle(self._dc_context)
--- a/python/src/deltachat/message.py
+++ b/python/src/deltachat/message.py
@@ -50,6 +50,16 @@ class Message(object):
            lib.dc_msg_unref
        ))

+    def accept_sender_contact(self):
+        """ ensure that the sender is an accepted contact
+        and that the message has a non-deaddrop chat object.
+        """
+        self.account.create_chat_by_message(self)
+        self._dc_msg = ffi.gc(
+                lib.dc_get_msg(self._dc_context, self.id),
+                lib.dc_msg_unref
+        )
+
    @props.with_doc
    def text(self):
        """unicode text of this messages (might be empty if not a text message). """
@@ -159,6 +169,13 @@ class Message(object):
        chat_id = lib.dc_msg_get_chat_id(self._dc_msg)
        return Chat(self.account, chat_id)

+    def get_sender_chat(self):
+        """return the 1:1 chat with the sender of this message.
+
+        :returns: :class:`deltachat.chat.Chat` instance
+        """
+        return self.get_sender_contact().get_chat()
+
    def get_sender_contact(self):
        """return the contact of who wrote the message.

@@ -166,7 +183,7 @@ class Message(object):
        """
        from .contact import Contact
        contact_id = lib.dc_msg_get_from_id(self._dc_msg)
-        return Contact(self._dc_context, contact_id)
+        return Contact(self.account, contact_id)

    #
    # Message State query methods
@@ -269,6 +286,10 @@ class Message(object):
        """ return True if it's a file message. """
        return self._view_type == const.DC_MSG_FILE

+    def mark_seen(self):
+        """ mark this message as seen. """
+        self.account.mark_seen_messages([self.id])
+

 # some code for handling DC_MSG_* view types

--- a/python/src/deltachat/testplugin.py
+++ b/python/src/deltachat/testplugin.py
@@ -0,0 +1,373 @@
+from __future__ import print_function
+import os
+import sys
+import subprocess
+import queue
+import threading
+import fnmatch
+import pytest
+import requests
+import time
+from . import Account, const
+from .tracker import ConfigureTracker
+from .capi import lib
+from .eventlogger import FFIEventLogger, FFIEventTracker
+from _pytest.monkeypatch import MonkeyPatch
+from _pytest._code import Source
+
+import tempfile
+
+
+def pytest_addoption(parser):
+    parser.addoption(
+        "--liveconfig", action="store", default=None,
+        help="a file with >=2 lines where each line "
+             "contains NAME=VALUE config settings for one account"
+    )
+    parser.addoption(
+        "--ignored", action="store_true",
+        help="Also run tests marked with the ignored marker",
+    )
+
+
+def pytest_configure(config):
+    config.addinivalue_line(
+        "markers", "ignored: Mark test as bing slow, skipped unless --ignored is used."
+    )
+    cfg = config.getoption('--liveconfig')
+    if not cfg:
+        cfg = os.getenv('DCC_NEW_TMP_EMAIL')
+        if cfg:
+            config.option.liveconfig = cfg
+
+
+def pytest_runtest_setup(item):
+    if (list(item.iter_markers(name="ignored"))
+            and not item.config.getoption("ignored")):
+        pytest.skip("Ignored tests not requested, use --ignored")
+
+
+def pytest_report_header(config, startdir):
+    summary = []
+
+    t = tempfile.mktemp()
+    m = MonkeyPatch()
+    try:
+        m.setattr(sys.stdout, "write", lambda x: len(x))
+        ac = Account(t)
+        info = ac.get_info()
+        ac.shutdown()
+    finally:
+        m.undo()
+        os.remove(t)
+    summary.extend(['Deltachat core={} sqlite={}'.format(
+         info['deltachat_core_version'],
+         info['sqlite_version'],
+     )])
+
+    cfg = config.option.liveconfig
+    if cfg:
+        if "?" in cfg:
+            url, token = cfg.split("?", 1)
+            summary.append('Liveconfig provider: {}?<token ommitted>'.format(url))
+        else:
+            summary.append('Liveconfig file: {}'.format(cfg))
+    return summary
+
+
+class SessionLiveConfigFromFile:
+    def __init__(self, fn):
+        self.fn = fn
+        self.configlist = []
+        for line in open(fn):
+            if line.strip() and not line.strip().startswith('#'):
+                d = {}
+                for part in line.split():
+                    name, value = part.split("=")
+                    d[name] = value
+                self.configlist.append(d)
+
+    def get(self, index):
+        return self.configlist[index]
+
+    def exists(self):
+        return bool(self.configlist)
+
+
+class SessionLiveConfigFromURL:
+    def __init__(self, url):
+        self.configlist = []
+        self.url = url
+
+    def get(self, index):
+        try:
+            return self.configlist[index]
+        except IndexError:
+            assert index == len(self.configlist), index
+            res = requests.post(self.url)
+            if res.status_code != 200:
+                pytest.skip("creating newtmpuser failed {!r}".format(res))
+            d = res.json()
+            config = dict(addr=d["email"], mail_pw=d["password"])
+            self.configlist.append(config)
+            return config
+
+    def exists(self):
+        return bool(self.configlist)
+
+
+@pytest.fixture(scope="session")
+def session_liveconfig(request):
+    liveconfig_opt = request.config.option.liveconfig
+    if liveconfig_opt:
+        if liveconfig_opt.startswith("http"):
+            return SessionLiveConfigFromURL(liveconfig_opt)
+        else:
+            return SessionLiveConfigFromFile(liveconfig_opt)
+
+
+@pytest.fixture
+def data(request):
+    class Data:
+        def __init__(self):
+            # trying to find test data heuristically
+            # because we are run from a dev-setup with pytest direct,
+            # through tox, and then maybe also from deltachat-binding
+            # users like "deltabot".
+            self.paths = [os.path.normpath(x) for x in [
+                os.path.join(os.path.dirname(request.fspath.strpath), "data"),
+                os.path.join(os.path.dirname(__file__), "..", "..", "..", "test-data")
+            ]]
+
+        def get_path(self, bn):
+            """ return path of file or None if it doesn't exist. """
+            for path in self.paths:
+                fn = os.path.join(path, *bn.split("/"))
+                if os.path.exists(fn):
+                    return fn
+            print("WARNING: path does not exist: {!r}".format(fn))
+
+        def read_path(self, bn, mode="r"):
+            fn = self.get_path(bn)
+            if fn is not None:
+                with open(fn, mode) as f:
+                    return f.read()
+
+    return Data()
+
+
+@pytest.fixture
+def acfactory(pytestconfig, tmpdir, request, session_liveconfig, data):
+
+    class AccountMaker:
+        def __init__(self):
+            self.live_count = 0
+            self.offline_count = 0
+            self._finalizers = []
+            self.init_time = time.time()
+            self._generated_keys = ["alice", "bob", "charlie",
+                                    "dom", "elena", "fiona"]
+
+        def finalize(self):
+            while self._finalizers:
+                fin = self._finalizers.pop()
+                fin()
+
+        def make_account(self, path, logid, quiet=False):
+            ac = Account(path)
+            ac._evtracker = ac.add_account_plugin(FFIEventTracker(ac))
+            ac._configtracker = ac.add_account_plugin(ConfigureTracker())
+            if not quiet:
+                ac.add_account_plugin(FFIEventLogger(ac, logid=logid))
+            self._finalizers.append(ac.shutdown)
+            return ac
+
+        def get_unconfigured_account(self):
+            self.offline_count += 1
+            tmpdb = tmpdir.join("offlinedb%d" % self.offline_count)
+            ac = self.make_account(tmpdb.strpath, logid="ac{}".format(self.offline_count))
+            ac._evtracker.init_time = self.init_time
+            ac._evtracker.set_timeout(2)
+            return ac
+
+        def _preconfigure_key(self, account, addr):
+            # Only set a key if we haven't used it yet for another account.
+            if self._generated_keys:
+                keyname = self._generated_keys.pop(0)
+                fname_pub = data.read_path("key/{name}-public.asc".format(name=keyname))
+                fname_sec = data.read_path("key/{name}-secret.asc".format(name=keyname))
+                if fname_pub and fname_sec:
+                    account._preconfigure_keypair(addr, fname_pub, fname_sec)
+                    return True
+                else:
+                    print("WARN: could not use preconfigured keys for {!r}".format(addr))
+
+        def get_configured_offline_account(self):
+            ac = self.get_unconfigured_account()
+
+            # do a pseudo-configured account
+            addr = "addr{}@offline.org".format(self.offline_count)
+            ac.set_config("addr", addr)
+            self._preconfigure_key(ac, addr)
+            lib.dc_set_config(ac._dc_context, b"configured_addr", addr.encode("ascii"))
+            ac.set_config("mail_pw", "123")
+            lib.dc_set_config(ac._dc_context, b"configured_mail_pw", b"123")
+            lib.dc_set_config(ac._dc_context, b"configured", b"1")
+            return ac
+
+        def get_online_config(self, pre_generated_key=True, quiet=False):
+            if not session_liveconfig:
+                pytest.skip("specify DCC_NEW_TMP_EMAIL or --liveconfig")
+            configdict = session_liveconfig.get(self.live_count)
+            self.live_count += 1
+            if "e2ee_enabled" not in configdict:
+                configdict["e2ee_enabled"] = "1"
+
+            # Enable strict certificate checks for online accounts
+            configdict["imap_certificate_checks"] = str(const.DC_CERTCK_STRICT)
+            configdict["smtp_certificate_checks"] = str(const.DC_CERTCK_STRICT)
+
+            tmpdb = tmpdir.join("livedb%d" % self.live_count)
+            ac = self.make_account(tmpdb.strpath, logid="ac{}".format(self.live_count), quiet=quiet)
+            if pre_generated_key:
+                self._preconfigure_key(ac, configdict['addr'])
+            ac._evtracker.init_time = self.init_time
+            ac._evtracker.set_timeout(30)
+            return ac, dict(configdict)
+
+        def get_online_configuring_account(self, mvbox=False, sentbox=False, move=False,
+                                           pre_generated_key=True, quiet=False, config={}):
+            ac, configdict = self.get_online_config(
+                pre_generated_key=pre_generated_key, quiet=quiet)
+            configdict.update(config)
+            configdict["mvbox_watch"] = str(int(mvbox))
+            configdict["mvbox_move"] = str(int(move))
+            configdict["sentbox_watch"] = str(int(sentbox))
+            ac.update_config(configdict)
+            ac.start()
+            return ac
+
+        def get_one_online_account(self, pre_generated_key=True, mvbox=False, move=False):
+            ac1 = self.get_online_configuring_account(
+                pre_generated_key=pre_generated_key, mvbox=mvbox, move=move)
+            ac1._configtracker.wait_imap_connected()
+            ac1._configtracker.wait_smtp_connected()
+            ac1._configtracker.wait_finish()
+            return ac1
+
+        def get_two_online_accounts(self, move=False, quiet=False):
+            ac1 = self.get_online_configuring_account(move=True, quiet=quiet)
+            ac2 = self.get_online_configuring_account(quiet=quiet)
+            ac1._configtracker.wait_finish()
+            ac2._configtracker.wait_finish()
+            return ac1, ac2
+
+        def clone_online_account(self, account, pre_generated_key=True):
+            self.live_count += 1
+            tmpdb = tmpdir.join("livedb%d" % self.live_count)
+            ac = self.make_account(tmpdb.strpath, logid="ac{}".format(self.live_count))
+            if pre_generated_key:
+                self._preconfigure_key(ac, account.get_config("addr"))
+            ac._evtracker.init_time = self.init_time
+            ac._evtracker.set_timeout(30)
+            ac.update_config(dict(
+                addr=account.get_config("addr"),
+                mail_pw=account.get_config("mail_pw"),
+                mvbox_watch=account.get_config("mvbox_watch"),
+                mvbox_move=account.get_config("mvbox_move"),
+                sentbox_watch=account.get_config("sentbox_watch"),
+            ))
+            ac.start()
+            return ac
+
+        def run_bot_process(self, module):
+            fn = module.__file__
+
+            bot_ac, bot_cfg = self.get_online_config()
+
+            args = [
+                sys.executable,
+                fn,
+                "--show-ffi",
+                "--email", bot_cfg["addr"],
+                "--password", bot_cfg["mail_pw"],
+                bot_ac.db_path,
+            ]
+            print("$", " ".join(args))
+            popen = subprocess.Popen(
+                args=args,
+                stdin=subprocess.DEVNULL,
+                stdout=subprocess.PIPE,
+                stderr=subprocess.STDOUT,  # combine stdout/stderr in one stream
+                bufsize=1,                 # line buffering
+                close_fds=True,            # close all FDs other than 0/1/2
+                universal_newlines=True    # give back text
+            )
+            bot = BotProcess(popen, bot_cfg)
+            self._finalizers.append(bot.kill)
+            return bot
+
+    am = AccountMaker()
+    request.addfinalizer(am.finalize)
+    return am
+
+
+class BotProcess:
+    def __init__(self, popen, bot_cfg):
+        self.popen = popen
+        self.addr = bot_cfg["addr"]
+
+        # we read stdout as quickly as we can in a thread and make
+        # the (unicode) lines available for readers through a queue.
+        self.stdout_queue = queue.Queue()
+        self.stdout_thread = t = threading.Thread(target=self._run_stdout_thread, name="bot-stdout-thread")
+        t.setDaemon(1)
+        t.start()
+
+    def _run_stdout_thread(self):
+        try:
+            while 1:
+                line = self.popen.stdout.readline()
+                if not line:
+                    break
+                line = line.strip()
+                self.stdout_queue.put(line)
+        finally:
+            self.stdout_queue.put(None)
+
+    def kill(self):
+        self.popen.kill()
+
+    def wait(self, timeout=30):
+        self.popen.wait(timeout=timeout)
+
+    def fnmatch_lines(self, pattern_lines):
+        patterns = [x.strip() for x in Source(pattern_lines.rstrip()).lines if x.strip()]
+        for next_pattern in patterns:
+            print("+++FNMATCH:", next_pattern)
+            while 1:
+                line = self.stdout_queue.get(timeout=15)
+                if line is None:
+                    raise IOError("BOT stdout-thread terminated")
+                if fnmatch.fnmatch(line, next_pattern):
+                    print("+++MATCHED:", line)
+                    break
+                else:
+                    print("+++IGN:", line)
+
+
+@pytest.fixture
+def tmp_db_path(tmpdir):
+    return tmpdir.join("test.db").strpath
+
+
+@pytest.fixture
+def lp():
+    class Printer:
+        def sec(self, msg):
+            print()
+            print("=" * 10, msg, "=" * 10)
+
+        def step(self, msg):
+            print("-" * 5, "step " + msg, "-" * 5)
+    return Printer()
--- a/python/src/deltachat/tracker.py
+++ b/python/src/deltachat/tracker.py
@@ -0,0 +1,76 @@
+
+from queue import Queue
+from threading import Event
+
+from .hookspec import account_hookimpl
+
+
+class ImexFailed(RuntimeError):
+    """ Exception for signalling that import/export operations failed."""
+
+
+class ImexTracker:
+    def __init__(self):
+        self._imex_events = Queue()
+
+    @account_hookimpl
+    def ac_process_ffi_event(self, ffi_event):
+        if ffi_event.name == "DC_EVENT_IMEX_PROGRESS":
+            self._imex_events.put(ffi_event.data1)
+        elif ffi_event.name == "DC_EVENT_IMEX_FILE_WRITTEN":
+            self._imex_events.put(ffi_event.data1)
+
+    def wait_finish(self, progress_timeout=60):
+        """ Return list of written files, raise ValueError if ExportFailed. """
+        files_written = []
+        while True:
+            ev = self._imex_events.get(timeout=progress_timeout)
+            if isinstance(ev, str):
+                files_written.append(ev)
+            elif ev == 0:
+                raise ImexFailed("export failed, exp-files: {}".format(files_written))
+            elif ev == 1000:
+                return files_written
+
+
+class ConfigureFailed(RuntimeError):
+    """ Exception for signalling that configuration failed."""
+
+
+class ConfigureTracker:
+    ConfigureFailed = ConfigureFailed
+
+    def __init__(self):
+        self._configure_events = Queue()
+        self._smtp_finished = Event()
+        self._imap_finished = Event()
+        self._ffi_events = []
+
+    @account_hookimpl
+    def ac_process_ffi_event(self, ffi_event):
+        self._ffi_events.append(ffi_event)
+        if ffi_event.name == "DC_EVENT_SMTP_CONNECTED":
+            self._smtp_finished.set()
+        elif ffi_event.name == "DC_EVENT_IMAP_CONNECTED":
+            self._imap_finished.set()
+
+    @account_hookimpl
+    def ac_configure_completed(self, success):
+        self._configure_events.put(success)
+
+    def wait_smtp_connected(self):
+        """ wait until smtp is configured. """
+        self._smtp_finished.wait()
+
+    def wait_imap_connected(self):
+        """ wait until smtp is configured. """
+        self._imap_finished.wait()
+
+    def wait_finish(self):
+        """ wait until configure is completed.
+
+        Raise Exception if Configure failed
+        """
+        if not self._configure_events.get():
+            content = "\n".join(map(str, self._ffi_events))
+            raise ConfigureFailed(content)
--- a/python/tests/conftest.py
+++ b/python/tests/conftest.py
@@ -1,311 +1,18 @@
 from __future__ import print_function
-import os
-import py
-import pytest
-import requests
-import time
-from deltachat import Account
-from deltachat import const
-from deltachat.capi import lib
-import tempfile
-
-
-def pytest_addoption(parser):
-    parser.addoption(
-        "--liveconfig", action="store", default=None,
-        help="a file with >=2 lines where each line "
-             "contains NAME=VALUE config settings for one account"
-    )
-    parser.addoption(
-        "--ignored", action="store_true",
-        help="Also run tests marked with the ignored marker",
-    )
-
-
-def pytest_configure(config):
-    config.addinivalue_line(
-        "markers", "ignored: Mark test as bing slow, skipped unless --ignored is used."
-    )
-    cfg = config.getoption('--liveconfig')
-    if not cfg:
-        cfg = os.getenv('DCC_NEW_TMP_EMAIL')
-        if cfg:
-            config.option.liveconfig = cfg
-
-
-def pytest_runtest_setup(item):
-    if (list(item.iter_markers(name="ignored"))
-            and not item.config.getoption("ignored")):
-        pytest.skip("Ignored tests not requested, use --ignored")
-
-
-def pytest_report_header(config, startdir):
-    summary = []
-
-    t = tempfile.mktemp()
-    try:
-        ac = Account(t, eventlogging=False)
-        info = ac.get_info()
-        ac.shutdown()
-    finally:
-        os.remove(t)
-    summary.extend(['Deltachat core={} sqlite={}'.format(
-         info['deltachat_core_version'],
-         info['sqlite_version'],
-     )])
-
-    cfg = config.option.liveconfig
-    if cfg:
-        if "#" in cfg:
-            url, token = cfg.split("#", 1)
-            summary.append('Liveconfig provider: {}#<token ommitted>'.format(url))
-        else:
-            summary.append('Liveconfig file: {}'.format(cfg))
-    return summary
-
-
-@pytest.fixture(scope="session")
-def data():
-    class Data:
-        def __init__(self):
-            self.path = os.path.join(os.path.dirname(__file__), "data")
-
-        def get_path(self, bn):
-            fn = os.path.join(self.path, bn)
-            assert os.path.exists(fn)
-            return fn
-    return Data()
-
-
-class SessionLiveConfigFromFile:
-    def __init__(self, fn):
-        self.fn = fn
-        self.configlist = []
-        for line in open(fn):
-            if line.strip() and not line.strip().startswith('#'):
-                d = {}
-                for part in line.split():
-                    name, value = part.split("=")
-                    d[name] = value
-                self.configlist.append(d)
-
-    def get(self, index):
-        return self.configlist[index]
-
-    def exists(self):
-        return bool(self.configlist)
-
-
-class SessionLiveConfigFromURL:
-    def __init__(self, url):
-        self.configlist = []
-        self.url = url
-
-    def get(self, index):
-        try:
-            return self.configlist[index]
-        except IndexError:
-            assert index == len(self.configlist), index
-            res = requests.post(self.url)
-            if res.status_code != 200:
-                pytest.skip("creating newtmpuser failed {!r}".format(res))
-            d = res.json()
-            config = dict(addr=d["email"], mail_pw=d["password"])
-            self.configlist.append(config)
-            return config
-
-    def exists(self):
-        return bool(self.configlist)
-
-
-@pytest.fixture(scope="session")
-def session_liveconfig(request):
-    liveconfig_opt = request.config.option.liveconfig
-    if liveconfig_opt:
-        if liveconfig_opt.startswith("http"):
-            return SessionLiveConfigFromURL(liveconfig_opt)
-        else:
-            return SessionLiveConfigFromFile(liveconfig_opt)
-
-
-@pytest.fixture(scope='session')
-def datadir():
-    """The py.path.local object of the test-data/ directory."""
-    for path in reversed(py.path.local(__file__).parts()):
-        datadir = path.join('test-data')
-        if datadir.isdir():
-            return datadir
-    else:
-        pytest.skip('test-data directory not found')
-
-
-@pytest.fixture
-def acfactory(pytestconfig, tmpdir, request, session_liveconfig, datadir):
-
-    class AccountMaker:
-        def __init__(self):
-            self.live_count = 0
-            self.offline_count = 0
-            self._finalizers = []
-            self.init_time = time.time()
-            self._generated_keys = ["alice", "bob", "charlie",
-                                    "dom", "elena", "fiona"]
-
-        def finalize(self):
-            while self._finalizers:
-                fin = self._finalizers.pop()
-                fin()
-
-        def make_account(self, path, logid):
-            ac = Account(path, logid=logid)
-            self._finalizers.append(ac.shutdown)
-            return ac
-
-        def get_unconfigured_account(self):
-            self.offline_count += 1
-            tmpdb = tmpdir.join("offlinedb%d" % self.offline_count)
-            ac = self.make_account(tmpdb.strpath, logid="ac{}".format(self.offline_count))
-            ac._evlogger.init_time = self.init_time
-            ac._evlogger.set_timeout(2)
-            return ac
-
-        def _preconfigure_key(self, account, addr):
-            # Only set a key if we haven't used it yet for another account.
-            if self._generated_keys:
-                keyname = self._generated_keys.pop(0)
-                fname_pub = "key/{name}-public.asc".format(name=keyname)
-                fname_sec = "key/{name}-secret.asc".format(name=keyname)
-                account._preconfigure_keypair(addr,
-                                              datadir.join(fname_pub).read(),
-                                              datadir.join(fname_sec).read())
-
-        def get_configured_offline_account(self):
-            ac = self.get_unconfigured_account()
-
-            # do a pseudo-configured account
-            addr = "addr{}@offline.org".format(self.offline_count)
-            ac.set_config("addr", addr)
-            self._preconfigure_key(ac, addr)
-            lib.dc_set_config(ac._dc_context, b"configured_addr", addr.encode("ascii"))
-            ac.set_config("mail_pw", "123")
-            lib.dc_set_config(ac._dc_context, b"configured_mail_pw", b"123")
-            lib.dc_set_config(ac._dc_context, b"configured", b"1")
-            return ac
-
-        def get_online_config(self, pre_generated_key=True):
-            if not session_liveconfig:
-                pytest.skip("specify DCC_NEW_TMP_EMAIL or --liveconfig")
-            configdict = session_liveconfig.get(self.live_count)
-            self.live_count += 1
-            if "e2ee_enabled" not in configdict:
-                configdict["e2ee_enabled"] = "1"
-
-            # Enable strict certificate checks for online accounts
-            configdict["imap_certificate_checks"] = str(const.DC_CERTCK_STRICT)
-            configdict["smtp_certificate_checks"] = str(const.DC_CERTCK_STRICT)
-
-            tmpdb = tmpdir.join("livedb%d" % self.live_count)
-            ac = self.make_account(tmpdb.strpath, logid="ac{}".format(self.live_count))
-            if pre_generated_key:
-                self._preconfigure_key(ac, configdict['addr'])
-            ac._evlogger.init_time = self.init_time
-            ac._evlogger.set_timeout(30)
-            return ac, dict(configdict)
-
-        def get_online_configuring_account(self, mvbox=False, sentbox=False,
-                                           pre_generated_key=True):
-            ac, configdict = self.get_online_config(
-                pre_generated_key=pre_generated_key)
-            ac.configure(**configdict)
-            ac.start_threads(mvbox=mvbox, sentbox=sentbox)
-            return ac
-
-        def get_one_online_account(self, pre_generated_key=True):
-            ac1 = self.get_online_configuring_account(
-                pre_generated_key=pre_generated_key)
-            wait_successful_IMAP_SMTP_connection(ac1)
-            wait_configuration_progress(ac1, 1000)
-            return ac1
-
-        def get_two_online_accounts(self):
-            ac1 = self.get_online_configuring_account()
-            ac2 = self.get_online_configuring_account()
-            wait_successful_IMAP_SMTP_connection(ac1)
-            wait_configuration_progress(ac1, 1000)
-            wait_successful_IMAP_SMTP_connection(ac2)
-            wait_configuration_progress(ac2, 1000)
-            return ac1, ac2
-
-        def clone_online_account(self, account, pre_generated_key=True):
-            self.live_count += 1
-            tmpdb = tmpdir.join("livedb%d" % self.live_count)
-            ac = self.make_account(tmpdb.strpath, logid="ac{}".format(self.live_count))
-            if pre_generated_key:
-                self._preconfigure_key(ac, account.get_config("addr"))
-            ac._evlogger.init_time = self.init_time
-            ac._evlogger.set_timeout(30)
-            ac.configure(addr=account.get_config("addr"), mail_pw=account.get_config("mail_pw"))
-            ac.start_threads()
-            return ac
-
-    am = AccountMaker()
-    request.addfinalizer(am.finalize)
-    return am
-
-
-@pytest.fixture
-def tmp_db_path(tmpdir):
-    return tmpdir.join("test.db").strpath
-
-
-@pytest.fixture
-def lp():
-    class Printer:
-        def sec(self, msg):
-            print()
-            print("=" * 10, msg, "=" * 10)
-
-        def step(self, msg):
-            print("-" * 5, "step " + msg, "-" * 5)
-    return Printer()


 def wait_configuration_progress(account, min_target, max_target=1001):
    min_target = min(min_target, max_target)
    while 1:
-        evt_name, data1, data2 = \
-            account._evlogger.get_matching("DC_EVENT_CONFIGURE_PROGRESS")
-        if data1 >= min_target and data1 <= max_target:
+        event = account._evtracker.get_matching("DC_EVENT_CONFIGURE_PROGRESS")
+        if event.data1 >= min_target and event.data1 <= max_target:
            print("** CONFIG PROGRESS {}".format(min_target), account)
            break


 def wait_securejoin_inviter_progress(account, target):
    while 1:
-        evt_name, data1, data2 = \
-            account._evlogger.get_matching("DC_EVENT_SECUREJOIN_INVITER_PROGRESS")
-        if data2 >= target:
+        event = account._evtracker.get_matching("DC_EVENT_SECUREJOIN_INVITER_PROGRESS")
+        if event.data2 >= target:
            print("** SECUREJOINT-INVITER PROGRESS {}".format(target), account)
            break
-
-
-def wait_successful_IMAP_SMTP_connection(account):
-    imap_ok = smtp_ok = False
-    while not imap_ok or not smtp_ok:
-        evt_name, data1, data2 = \
-            account._evlogger.get_matching("DC_EVENT_(IMAP|SMTP)_CONNECTED")
-        if evt_name == "DC_EVENT_IMAP_CONNECTED":
-            imap_ok = True
-            print("** IMAP OK", account)
-        if evt_name == "DC_EVENT_SMTP_CONNECTED":
-            smtp_ok = True
-            print("** SMTP OK", account)
-    print("** IMAP and SMTP logins successful", account)
-
-
-def wait_msgs_changed(account, chat_id, msg_id=None):
-    ev = account._evlogger.get_matching("DC_EVENT_MSGS_CHANGED")
-    assert ev[1] == chat_id
-    if msg_id is not None:
-        assert ev[2] == msg_id
-    return ev[2]
--- a/python/tests/data/key
+++ b/python/tests/data/key
@@ -0,0 +1 @@
+../../../test-data/key
--- a/python/tests/test_account.py
+++ b/python/tests/test_account.py
--- a/python/tests/test_increation.py
+++ b/python/tests/test_increation.py
@@ -6,10 +6,18 @@ import shutil
 import pytest
 from filecmp import cmp

-from conftest import wait_configuration_progress, wait_msgs_changed
+from conftest import wait_configuration_progress
 from deltachat import const


+def wait_msgs_changed(account, chat_id, msg_id=None):
+    ev = account._evtracker.get_matching("DC_EVENT_MSGS_CHANGED")
+    assert ev.data1 == chat_id
+    if msg_id is not None:
+        assert ev.data2 == msg_id
+    return ev.data2
+
+
 class TestOnlineInCreation:
    def test_increation_not_blobdir(self, tmpdir, acfactory, lp):
        ac1 = acfactory.get_online_configuring_account()
@@ -91,22 +99,22 @@ class TestOnlineInCreation:
        assert fwd_msg.is_out_pending() or fwd_msg.is_out_delivered()

        lp.sec("wait for the messages to be delivered to SMTP")
-        ev = ac1._evlogger.get_matching("DC_EVENT_MSG_DELIVERED")
-        assert ev[1] == chat.id
-        assert ev[2] == prepared_original.id
-        ev = ac1._evlogger.get_matching("DC_EVENT_MSG_DELIVERED")
-        assert ev[1] == chat2.id
-        assert ev[2] == forwarded_id
+        ev = ac1._evtracker.get_matching("DC_EVENT_MSG_DELIVERED")
+        assert ev.data1 == chat.id
+        assert ev.data2 == prepared_original.id
+        ev = ac1._evtracker.get_matching("DC_EVENT_MSG_DELIVERED")
+        assert ev.data1 == chat2.id
+        assert ev.data2 == forwarded_id

        lp.sec("wait1 for original or forwarded messages to arrive")
-        ev1 = ac2._evlogger.get_matching("DC_EVENT_MSGS_CHANGED")
-        assert ev1[1] > const.DC_CHAT_ID_LAST_SPECIAL
-        received_original = ac2.get_message_by_id(ev1[2])
+        ev1 = ac2._evtracker.get_matching("DC_EVENT_MSGS_CHANGED")
+        assert ev1.data1 > const.DC_CHAT_ID_LAST_SPECIAL
+        received_original = ac2.get_message_by_id(ev1.data2)
        assert cmp(received_original.filename, orig, shallow=False)

        lp.sec("wait2 for original or forwarded messages to arrive")
-        ev2 = ac2._evlogger.get_matching("DC_EVENT_MSGS_CHANGED")
-        assert ev2[1] > const.DC_CHAT_ID_LAST_SPECIAL
-        assert ev2[1] != ev1[1]
-        received_copy = ac2.get_message_by_id(ev2[2])
+        ev2 = ac2._evtracker.get_matching("DC_EVENT_MSGS_CHANGED")
+        assert ev2.data1 > const.DC_CHAT_ID_LAST_SPECIAL
+        assert ev2.data1 != ev1.data1
+        received_copy = ac2.get_message_by_id(ev2.data2)
        assert cmp(received_copy.filename, orig, shallow=False)
--- a/python/tests/test_lowlevel.py
+++ b/python/tests/test_lowlevel.py
@@ -1,8 +1,9 @@
 from __future__ import print_function
 from deltachat import capi, cutil, const, set_context_callback, clear_context_callback
+from deltachat import register_global_plugin
+from deltachat.hookspec import global_hookimpl
 from deltachat.capi import ffi
 from deltachat.capi import lib
-from deltachat.account import EventLogger


 def test_empty_context():
@@ -17,29 +18,31 @@ def test_callback_None2int():
    clear_context_callback(ctx)


-def test_dc_close_events(tmpdir):
-    ctx = ffi.gc(
-        capi.lib.dc_context_new(capi.lib.py_dc_callback, ffi.NULL, ffi.NULL),
-        lib.dc_context_unref,
-    )
-    evlog = EventLogger(ctx)
-    evlog.set_timeout(5)
-    set_context_callback(
-        ctx,
-        lambda ctx, evt_name, data1, data2: evlog(evt_name, data1, data2)
-    )
-    p = tmpdir.join("hello.db")
-    lib.dc_open(ctx, p.strpath.encode("ascii"), ffi.NULL)
-    capi.lib.dc_close(ctx)
+def test_dc_close_events(tmpdir, acfactory):
+    ac1 = acfactory.get_unconfigured_account()
+
+    # register after_shutdown function
+    shutdowns = []
+
+    class ShutdownPlugin:
+        @global_hookimpl
+        def dc_account_after_shutdown(self, account):
+            assert account._dc_context is None
+            shutdowns.append(account)
+    register_global_plugin(ShutdownPlugin())
+    assert hasattr(ac1, "_dc_context")
+    ac1.shutdown()
+    assert shutdowns == [ac1]

    def find(info_string):
+        evlog = ac1._evtracker
        while 1:
            ev = evlog.get_matching("DC_EVENT_INFO", check_error=False)
-            data2 = ev[2]
+            data2 = ev.data2
            if info_string in data2:
                return
            else:
-                print("skipping event", *ev)
+                print("skipping event", ev)

    find("disconnecting inbox-thread")
    find("disconnecting sentbox-thread")
@@ -89,10 +92,10 @@ def test_markseen_invalid_message_ids(acfactory):
    contact1 = ac1.create_contact(email="some1@example.com", name="some1")
    chat = ac1.create_chat_by_contact(contact1)
    chat.send_text("one messae")
-    ac1._evlogger.get_matching("DC_EVENT_MSGS_CHANGED")
+    ac1._evtracker.get_matching("DC_EVENT_MSGS_CHANGED")
    msg_ids = [9]
    lib.dc_markseen_msgs(ac1._dc_context, msg_ids, len(msg_ids))
-    ac1._evlogger.ensure_event_not_queued("DC_EVENT_WARNING|DC_EVENT_ERROR")
+    ac1._evtracker.ensure_event_not_queued("DC_EVENT_WARNING|DC_EVENT_ERROR")


 def test_get_special_message_id_returns_empty_message(acfactory):
--- a/python/tox.ini
+++ b/python/tox.ini
@@ -7,13 +7,14 @@ envlist =

 [testenv]
 commands = 
-    pytest -n6 --reruns 2 --reruns-delay 5 -v -rsXx --ignored {posargs:tests}
+    pytest -n6 --reruns 2 --reruns-delay 5 -v -rsXx --ignored {posargs: tests examples}
    python tests/package_wheels.py {toxworkdir}/wheelhouse
 passenv = 
    TRAVIS 
    DCC_RS_DEV
    DCC_RS_TARGET
    DCC_PY_LIVECONFIG
+    DCC_NEW_TMP_EMAIL 
    CARGO_TARGET_DIR
    RUSTC_WRAPPER
 deps = 
@@ -40,13 +41,13 @@ deps =
    restructuredtext_lint 
 commands =
    flake8 src/deltachat
-    flake8 tests/
+    flake8 tests/ examples/
    rst-lint --encoding 'utf-8' README.rst

 [testenv:doc]
 changedir=doc
 deps =
-    sphinx==2.2.0
+    sphinx
    breathe
 commands =
    sphinx-build -Q -w toxdoc-warnings.log -b html . _build/html
@@ -66,7 +67,6 @@ commands =

 [pytest]
 addopts = -v -ra --strict-markers
-python_files = tests/test_*.py
 norecursedirs = .tox 
 xfail_strict=true
 timeout = 90
--- a/2
+++ b/2
@@ -1 +1 @@
-nightly-2019-11-06
+nightly-2020-03-12
--- a/scripts/proxy.py
+++ b/scripts/proxy.py
@@ -0,0 +1,80 @@
+#!/usr/bin/env python3
+# Examples:
+#
+# Original server that doesn't use SSL:
+# ./proxy.py 8080 imap.nauta.cu 143
+# ./proxy.py 8081 smtp.nauta.cu 25
+#
+# Original server that uses SSL:
+# ./proxy.py 8080 testrun.org 993 --ssl
+# ./proxy.py 8081 testrun.org 465 --ssl
+
+from datetime import datetime
+import argparse
+import selectors
+import ssl
+import socket
+import socketserver
+
+
+class Proxy(socketserver.ThreadingTCPServer):
+    allow_reuse_address = True
+
+    def __init__(self, proxy_host, proxy_port, real_host, real_port, use_ssl):
+        self.real_host = real_host
+        self.real_port = real_port
+        self.use_ssl = use_ssl
+        super().__init__((proxy_host, proxy_port), RequestHandler)
+
+
+class RequestHandler(socketserver.BaseRequestHandler):
+
+    def handle(self):
+        print('{} - {} CONNECTED.'.format(datetime.now(), self.client_address))
+
+        total = 0
+        real_server = (self.server.real_host, self.server.real_port)
+        with socket.create_connection(real_server) as sock:
+            if self.server.use_ssl:
+                context = ssl.create_default_context()
+                sock = context.wrap_socket(
+                    sock, server_hostname=real_server[0])
+
+            forward = {self.request: sock, sock: self.request}
+
+            sel = selectors.DefaultSelector()
+            sel.register(self.request, selectors.EVENT_READ,
+                         self.client_address)
+            sel.register(sock, selectors.EVENT_READ, real_server)
+
+            active = True
+            while active:
+                events = sel.select()
+                for key, mask in events:
+                    print('\n{} - {} wrote:'.format(datetime.now(), key.data))
+                    data = key.fileobj.recv(1024)
+                    received = len(data)
+                    total += received
+                    print(data)
+                    print('{} Bytes\nTotal: {} Bytes'.format(received, total))
+                    if data:
+                        forward[key.fileobj].sendall(data)
+                    else:
+                        print('\nCLOSING CONNECTION.\n\n')
+                        forward[key.fileobj].close()
+                        key.fileobj.close()
+                        active = False
+
+
+if __name__ == '__main__':
+    p = argparse.ArgumentParser(description='Simple Python Proxy')
+    p.add_argument(
+        "proxy_port", help="the port where the proxy will listen", type=int)
+    p.add_argument('host', help="the real host")
+    p.add_argument('port', help="the port of the real host", type=int)
+    p.add_argument("--ssl", help="use ssl to connect to the real host",
+                   action="store_true")
+    args = p.parse_args()
+
+    with Proxy('', args.proxy_port, args.host, args.port, args.ssl) as proxy:
+        proxy.serve_forever()
--- a/set_core_version.py
+++ b/set_core_version.py
@@ -35,7 +35,7 @@ if __name__ == "__main__":
    if len(sys.argv) < 2:
        for x in ("Cargo.toml", "deltachat-ffi/Cargo.toml"):
            print("{}: {}".format(x, read_toml_version(x)))
-        raise SystemExit("need argument: new version, example 1.0.0-beta.27")
+        raise SystemExit("need argument: new version, example: 1.25.0")
    newversion = sys.argv[1]
    if newversion.count(".") < 2:
        raise SystemExit("need at least two dots in version")
@@ -45,7 +45,7 @@ if __name__ == "__main__":
    assert core_toml == ffi_toml, (core_toml, ffi_toml)

    for line in open("CHANGELOG.md"):
-        ## 1.0.0-beta5
+        ## 1.25.0
        if line.startswith("## "):
            if line[2:].strip().startswith(newversion):
                break
--- a/spec.md
+++ b/spec.md
@@ -1,6 +1,6 @@
 # Chat-over-Email specification

-Version 0.20.0
+Version 0.30.0

 This document describes how emails can be used
 to implement typical messenger functions
@@ -17,6 +17,9 @@ while staying compatible to existing MUAs.
    - [Change group name](#change-group-name)
    - [Set group image](#set-group-image)
 - [Set profile image](#set-profile-image)
+- [Locations](#locations)
+    - [User locations](#user-locations)
+    - [Points of interest](#points-of-interest)
 - [Miscellaneous](#miscellaneous)


@@ -29,8 +32,7 @@ Messages SHOULD be encrypted by the
 Meta data (at least the subject and all chat-headers) SHOULD be encrypted
 by the [Memoryhole](https://github.com/autocrypt/memoryhole) standard.
 If Memoryhole is not used,
-the subject of encrypted messages SHOULD be replaced by the string
-`Chat: Encrypted message` where the part after the colon MAY be localized.
+the subject of encrypted messages SHOULD be replaced by the string `...`.


 # Outgoing messages
@@ -113,6 +115,7 @@ but MUAs typically expose the sender in the UI.
 Groups are chats with usually more than one recipient,
 each defined by an email-address.
 The sender plus the recipients are the group members.
+All group members form the member list.

 To allow different groups with the same members,
 groups are identified by a group-id.
@@ -135,8 +138,7 @@ The group-name MUST be written to `Chat-Group-Name` header
 to join a group chat on a second device any time).

 The `Subject` header of outgoing group messages
-SHOULD start with the characters `Chat:`
-followed by the group-name and a colon followed by an excerpt of the message.
+SHOULD be set to the group-name.

 To identify the group-id on replies from normal MUAs,
 the group-id MUST also be added to the message-id of outgoing messages.
@@ -177,12 +179,22 @@ to a normal single-user chat with the email-address given in `From`.

 ## Add and remove members

-Messenger clients MUST construct the member list
-from the `From`/`To` headers only on the first group message
-or if they see a `Chat-Group-Member-Added`
-or `Chat-Group-Member-Removed` action header.
-Both headers MUST have the email-address
-of the added or removed member as the value.
+Messenger clients MUST init the member list
+from the `From`/`To` headers on the first group message.
+
+When a member is added later,
+a `Chat-Group-Member-Added` action header must be sent
+with the value set to the email-address of the added member.
+When receiving a `Chat-Group-Member-Added` header, however,
+_all missing_ members  the `From`/`To` headers has to be added.
+This is to mitigate problems when receiving messages
+in different orders, esp. on creating new groups.
+
+To remove a member, a `Chat-Group-Member-Removed` header must be sent
+with the value set to the email-address of the member to remove.
+When receiving a `Chat-Group-Member-Removed` header,
+only exaxtly the given member has to be removed from the member list.
+
 Messenger clients MUST NOT construct the member list
 on other group messages
 (this is to avoid accidentally altered To-lists in normal MUAs;
@@ -332,6 +344,64 @@ To save data, it is RECOMMENDED to add a `Chat-User-Avatar` header
 only on image changes.


+# Locations
+
+Locations can be attachted to messages using
+[standard kml-files](https://www.opengeospatial.org/standards/kml/)
+with well-known names.
+
+
+## User locations
+
+To send the location of the sender,
+the app can attach a file with the name `location.kml`.
+The file can contain one or more locations.
+Apps that support location streaming will typically collect some location events
+and send them together in one file.
+As each location has an independent timestamp,
+the apps can show the location as a track.
+
+Note that the `addr` attribute inside the  `location.kml` file
+MUST match the users email-address.
+Otherwise, the file is discarded silently;
+this is to protect against getting wrong locations,
+eg. forwarded from a normal MUA.
+
+    <?xml version="1.0" encoding="UTF-8"?>
+    <kml xmlns="http://www.opengis.net/kml/2.2">
+      <Document addr="ndh@deltachat.de">
+        <Placemark>
+          <Timestamp><when>2020-01-11T20:40:19Z</when></Timestamp>
+          <Point><coordinates accuracy="1.2">1.234,5.678</coordinates></Point>
+        </Placemark>
+        <Placemark>
+          <Timestamp><when>2020-01-11T20:40:25Z</when></Timestamp>
+          <Point><coordinates accuracy="5.4">7.654,3.21</coordinates></Point>
+        </Placemark>
+      </Document>
+    </kml>
+
+
+## Points of interest
+
+To send an "Point of interest", a POI,
+use a normal message and attach a file with the name  `message.kml`.
+In contrast to user locations, this file should contain only one location
+and an address-attribute is not needed -
+as the location belongs to the message content,
+it is fine if the location is detected on forwarding etc.
+
+    <?xml version="1.0" encoding="UTF-8"?>
+    <kml xmlns="http://www.opengis.net/kml/2.2">
+      <Document>
+        <Placemark>
+          <Timestamp><when>2020-01-01T20:40:19Z</when></Timestamp>
+          <Point><coordinates accuracy="1.2">1.234,5.678</coordinates></Point>
+        </Placemark>
+      </Document>
+    </kml>
+
+
 # Miscellaneous

 Messengers SHOULD use the header `In-Reply-To` as usual.
@@ -368,4 +438,4 @@ as the sending time of the message as indicated by its Date header,
 or the time of first receipt if that date is in the future or unavailable.


-Copyright © 2017-2019 Delta Chat contributors.
+Copyright © 2017-2020 Delta Chat contributors.
--- a/src/aheader.rs
+++ b/src/aheader.rs
@@ -75,7 +75,7 @@ impl Aheader {
        wanted_from: &str,
        headers: &[mailparse::MailHeader<'_>],
    ) -> Option<Self> {
-        if let Ok(Some(value)) = headers.get_header_value(HeaderDef::Autocrypt) {
+        if let Some(value) = headers.get_header_value(HeaderDef::Autocrypt) {
            match Self::from_str(&value) {
                Ok(header) => {
                    if addr_cmp(&header.addr, wanted_from) {
@@ -127,14 +127,10 @@ impl str::FromStr for Aheader {
            .split(';')
            .filter_map(|a| {
                let attribute: Vec<&str> = a.trim().splitn(2, '=').collect();
-                if attribute.len() < 2 {
-                    return None;
+                match &attribute[..] {
+                    [key, value] => Some((key.trim().to_string(), value.trim().to_string())),
+                    _ => None,
                }
-
-                Some((
-                    attribute[0].trim().to_string(),
-                    attribute[1].trim().to_string(),
-                ))
            })
            .collect();

--- a/src/blob.rs
+++ b/src/blob.rs
@@ -6,13 +6,13 @@ use std::fs;
 use std::io::Write;
 use std::path::{Path, PathBuf};

-use self::image::GenericImageView;
+use image::GenericImageView;
+use thiserror::Error;
+
 use crate::constants::AVATAR_SIZE;
 use crate::context::Context;
 use crate::events::Event;

-extern crate image;
-
 /// Represents a file in the blob directory.
 ///
 /// The object has a name, which will always be valid UTF-8.  Having a
@@ -56,7 +56,6 @@ impl<'a> BlobObject<'a> {
                blobdir: blobdir.to_path_buf(),
                blobname: name.clone(),
                cause: err,
-                backtrace: failure::Backtrace::new(),
            })?;
        let blob = BlobObject {
            blobdir,
@@ -84,7 +83,6 @@ impl<'a> BlobObject<'a> {
                            blobdir: dir.to_path_buf(),
                            blobname: name,
                            cause: err,
-                            backtrace: failure::Backtrace::new(),
                        });
                    } else {
                        name = format!("{}-{}{}", stem, rand::random::<u32>(), ext);
@@ -97,7 +95,6 @@ impl<'a> BlobObject<'a> {
            blobdir: dir.to_path_buf(),
            blobname: name,
            cause: std::io::Error::new(std::io::ErrorKind::Other, "supposedly unreachable"),
-            backtrace: failure::Backtrace::new(),
        })
    }

@@ -122,7 +119,6 @@ impl<'a> BlobObject<'a> {
            blobname: String::from(""),
            src: src.as_ref().to_path_buf(),
            cause: err,
-            backtrace: failure::Backtrace::new(),
        })?;
        let (stem, ext) = BlobObject::sanitise_name(&src.as_ref().to_string_lossy());
        let (name, mut dst_file) = BlobObject::create_new_file(context.get_blobdir(), &stem, &ext)?;
@@ -138,7 +134,6 @@ impl<'a> BlobObject<'a> {
                blobname: name_for_err,
                src: src.as_ref().to_path_buf(),
                cause: err,
-                backtrace: failure::Backtrace::new(),
            }
        })?;
        let blob = BlobObject {
@@ -198,17 +193,14 @@ impl<'a> BlobObject<'a> {
            .map_err(|_| BlobError::WrongBlobdir {
                blobdir: context.get_blobdir().to_path_buf(),
                src: path.as_ref().to_path_buf(),
-                backtrace: failure::Backtrace::new(),
            })?;
        if !BlobObject::is_acceptible_blob_name(&rel_path) {
            return Err(BlobError::WrongName {
                blobname: path.as_ref().to_path_buf(),
-                backtrace: failure::Backtrace::new(),
            });
        }
        let name = rel_path.to_str().ok_or_else(|| BlobError::WrongName {
            blobname: path.as_ref().to_path_buf(),
-            backtrace: failure::Backtrace::new(),
        })?;
        BlobObject::from_name(context, name.to_string())
    }
@@ -236,7 +228,6 @@ impl<'a> BlobObject<'a> {
        if !BlobObject::is_acceptible_blob_name(&name) {
            return Err(BlobError::WrongName {
                blobname: PathBuf::from(name),
-                backtrace: failure::Backtrace::new(),
            });
        }
        Ok(BlobObject {
@@ -359,7 +350,6 @@ impl<'a> BlobObject<'a> {
            blobdir: context.get_blobdir().to_path_buf(),
            blobname: blob_abs.to_str().unwrap_or_default().to_string(),
            cause: err,
-            backtrace: failure::Backtrace::new(),
        })?;

        if img.width() <= AVATAR_SIZE && img.height() <= AVATAR_SIZE {
@@ -372,7 +362,6 @@ impl<'a> BlobObject<'a> {
            blobdir: context.get_blobdir().to_path_buf(),
            blobname: blob_abs.to_str().unwrap_or_default().to_string(),
            cause: err,
-            backtrace: failure::Backtrace::new(),
        })?;

        Ok(())
@@ -386,98 +375,41 @@ impl<'a> fmt::Display for BlobObject<'a> {
 }

 /// Errors for the [BlobObject].
-#[derive(Fail, Debug)]
+#[derive(Debug, Error)]
 pub enum BlobError {
+    #[error("Failed to create blob {blobname} in {}", .blobdir.display())]
    CreateFailure {
        blobdir: PathBuf,
        blobname: String,
-        #[cause]
+        #[source]
        cause: std::io::Error,
-        backtrace: failure::Backtrace,
    },
+    #[error("Failed to write data to blob {blobname} in {}", .blobdir.display())]
    WriteFailure {
        blobdir: PathBuf,
        blobname: String,
-        #[cause]
+        #[source]
        cause: std::io::Error,
-        backtrace: failure::Backtrace,
    },
+    #[error("Failed to copy data from {} to blob {blobname} in {}", .src.display(), .blobdir.display())]
    CopyFailure {
        blobdir: PathBuf,
        blobname: String,
        src: PathBuf,
-        #[cause]
+        #[source]
        cause: std::io::Error,
-        backtrace: failure::Backtrace,
    },
+    #[error("Failed to recode to blob {blobname} in {}", .blobdir.display())]
    RecodeFailure {
        blobdir: PathBuf,
        blobname: String,
-        #[cause]
+        #[source]
        cause: image::ImageError,
-        backtrace: failure::Backtrace,
    },
-    WrongBlobdir {
-        blobdir: PathBuf,
-        src: PathBuf,
-        backtrace: failure::Backtrace,
-    },
-    WrongName {
-        blobname: PathBuf,
-        backtrace: failure::Backtrace,
-    },
-}
-
-// Implementing Display is done by hand because the failure
-// #[fail(display = "...")] syntax does not allow using
-// `blobdir.display()`.
-impl fmt::Display for BlobError {
-    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
-        // Match on the data rather than kind, they are equivalent for
-        // identifying purposes but contain the actual data we need.
-        match &self {
-            BlobError::CreateFailure {
-                blobdir, blobname, ..
-            } => write!(
-                f,
-                "Failed to create blob {} in {}",
-                blobname,
-                blobdir.display()
-            ),
-            BlobError::WriteFailure {
-                blobdir, blobname, ..
-            } => write!(
-                f,
-                "Failed to write data to blob {} in {}",
-                blobname,
-                blobdir.display()
-            ),
-            BlobError::CopyFailure {
-                blobdir,
-                blobname,
-                src,
-                ..
-            } => write!(
-                f,
-                "Failed to copy data from {} to blob {} in {}",
-                src.display(),
-                blobname,
-                blobdir.display(),
-            ),
-            BlobError::RecodeFailure {
-                blobdir, blobname, ..
-            } => write!(f, "Failed to recode {} in {}", blobname, blobdir.display(),),
-            BlobError::WrongBlobdir { blobdir, src, .. } => write!(
-                f,
-                "File path {} is not in blobdir {}",
-                src.display(),
-                blobdir.display(),
-            ),
-            BlobError::WrongName { blobname, .. } => {
-                write!(f, "Blob has a bad name: {}", blobname.display(),)
-            }
-        }
-    }
+    #[error("File path {} is not in {}", .src.display(), .blobdir.display())]
+    WrongBlobdir { blobdir: PathBuf, src: PathBuf },
+    #[error("Blob has a badname {}", .blobname.display())]
+    WrongName { blobname: PathBuf },
 }

 #[cfg(test)]
--- a/src/chat.rs
+++ b/src/chat.rs
@@ -15,7 +15,7 @@ use crate::constants::*;
 use crate::contact::*;
 use crate::context::Context;
 use crate::dc_tools::*;
-use crate::error::Error;
+use crate::error::{bail, ensure, format_err, Error};
 use crate::events::Event;
 use crate::job::*;
 use crate::message::{self, InvalidMsgId, Message, MessageState, MsgId};
@@ -28,7 +28,9 @@ use crate::stock::StockMessage;
 ///
 /// Some chat IDs are reserved to identify special chat types.  This
 /// type can represent both the special as well as normal chats.
-#[derive(Debug, Copy, Clone, Default, PartialEq, Eq, Serialize, Deserialize)]
+#[derive(
+    Debug, Copy, Clone, Default, PartialEq, Eq, Serialize, Deserialize, Hash, PartialOrd, Ord,
+)]
 pub struct ChatId(u32);

 impl ChatId {
@@ -135,14 +137,18 @@ impl ChatId {
    }

    /// Archives or unarchives a chat.
-    pub fn set_archived(self, context: &Context, new_archived: bool) -> Result<(), Error> {
+    pub fn set_visibility(
+        self,
+        context: &Context,
+        visibility: ChatVisibility,
+    ) -> Result<(), Error> {
        ensure!(
            !self.is_special(),
            "bad chat_id, can not be special chat: {}",
            self
        );

-        if new_archived {
+        if visibility == ChatVisibility::Archived {
            sql::execute(
                context,
                &context.sql,
@@ -155,7 +161,7 @@ impl ChatId {
            context,
            &context.sql,
            "UPDATE chats SET archived=? WHERE id=?;",
-            params![new_archived, self],
+            params![visibility, self],
        )?;

        context.call_cb(Event::MsgsChanged {
@@ -166,13 +172,13 @@ impl ChatId {
        Ok(())
    }

-    // note that unarchive() is not the same as set_archived(false) -
-    // eg. unarchive() does not send events as done for set_archived(false).
+    // note that unarchive() is not the same as set_visibility(Normal) -
+    // eg. unarchive() does not modify pinned chats and does not send events.
    pub fn unarchive(self, context: &Context) -> Result<(), Error> {
        sql::execute(
            context,
            &context.sql,
-            "UPDATE chats SET archived=0 WHERE id=?",
+            "UPDATE chats SET archived=0 WHERE id=? and archived=1",
            params![self],
        )?;
        Ok(())
@@ -280,10 +286,7 @@ impl ChatId {
    /// Returns `true`, if message was deleted, `false` otherwise.
    fn maybe_delete_draft(self, context: &Context) -> bool {
        match self.get_draft_msg_id(context) {
-            Some(msg_id) => {
-                Message::delete_from_db(context, msg_id);
-                true
-            }
+            Some(msg_id) => msg_id.delete_from_db(context).is_ok(),
            None => false,
        }
    }
@@ -321,7 +324,7 @@ impl ChatId {
                time(),
                msg.viewtype,
                MessageState::OutDraft,
-                msg.text.as_ref().map(String::as_str).unwrap_or(""),
+                msg.text.as_deref().unwrap_or(""),
                msg.param.to_string(),
                1,
            ],
@@ -356,6 +359,74 @@ impl ChatId {
            .unwrap_or_default() as usize
    }

+    pub(crate) fn get_param(self, context: &Context) -> Result<Params, Error> {
+        let res: Option<String> = context
+            .sql
+            .query_get_value_result("SELECT param FROM chats WHERE id=?", params![self])?;
+        Ok(res
+            .map(|s| s.parse().unwrap_or_default())
+            .unwrap_or_default())
+    }
+
+    // Returns true if chat is a saved messages chat.
+    pub fn is_self_talk(self, context: &Context) -> Result<bool, Error> {
+        Ok(self.get_param(context)?.exists(Param::Selftalk))
+    }
+
+    /// Returns true if chat is a device chat.
+    pub fn is_device_talk(self, context: &Context) -> Result<bool, Error> {
+        Ok(self.get_param(context)?.exists(Param::Devicetalk))
+    }
+
+    fn parent_query<T, F>(self, context: &Context, fields: &str, f: F) -> sql::Result<Option<T>>
+    where
+        F: FnOnce(&rusqlite::Row) -> rusqlite::Result<T>,
+    {
+        let sql = &context.sql;
+        let query = format!(
+            "SELECT {} \
+             FROM msgs WHERE chat_id=? AND state NOT IN (?, ?, ?, ?) \
+             ORDER BY timestamp DESC, id DESC \
+             LIMIT 1;",
+            fields
+        );
+        sql.query_row_optional(
+            query,
+            params![
+                self,
+                MessageState::OutPreparing,
+                MessageState::OutDraft,
+                MessageState::OutPending,
+                MessageState::OutFailed
+            ],
+            f,
+        )
+    }
+
+    fn get_parent_mime_headers(self, context: &Context) -> Option<(String, String, String)> {
+        let collect = |row: &rusqlite::Row| Ok((row.get(0)?, row.get(1)?, row.get(2)?));
+        self.parent_query(
+            context,
+            "rfc724_mid, mime_in_reply_to, mime_references",
+            collect,
+        )
+        .ok()
+        .flatten()
+    }
+
+    fn parent_is_encrypted(self, context: &Context) -> Result<bool, Error> {
+        let collect = |row: &rusqlite::Row| Ok(row.get(0)?);
+        let packed: Option<String> = self.parent_query(context, "param", collect)?;
+
+        if let Some(ref packed) = packed {
+            let param = packed.parse::<Params>()?;
+            Ok(param.exists(Param::GuaranteeE2ee))
+        } else {
+            // No messages
+            Ok(false)
+        }
+    }
+
    /// Bad evil escape hatch.
    ///
    /// Avoid using this, eventually types should be cleaned up enough
@@ -414,12 +485,12 @@ impl rusqlite::types::FromSql for ChatId {
 /// Chat objects are created using eg. `Chat::load_from_db`
 /// and are not updated on database changes;
 /// if you want an update, you have to recreate the object.
-#[derive(Debug, Clone)]
+#[derive(Debug, Clone, Deserialize, Serialize)]
 pub struct Chat {
    pub id: ChatId,
    pub typ: Chattype,
    pub name: String,
-    archived: bool,
+    pub visibility: ChatVisibility,
    pub grpid: String,
    blocked: Blocked,
    pub param: Params,
@@ -443,7 +514,7 @@ impl Chat {
                    name: row.get::<_, String>(1)?,
                    grpid: row.get::<_, String>(2)?,
                    param: row.get::<_, String>(3)?.parse().unwrap_or_default(),
-                    archived: row.get(4)?,
+                    visibility: row.get(4)?,
                    blocked: row.get::<_, Option<_>>(5)?.unwrap_or_default(),
                    is_sending_locations: row.get(6)?,
                    mute_duration: row.get(7)?,
@@ -503,9 +574,13 @@ impl Chat {
        self.param.exists(Param::Devicetalk)
    }

+    pub fn is_mailing_list(&self) -> bool {
+        self.param.exists(Param::MailingList)
+    }
+
    /// Returns true if user can send messages to this chat.
    pub fn can_send(&self) -> bool {
-        !self.id.is_special() && !self.is_device_talk()
+        !self.id.is_special() && !self.is_device_talk() && !self.is_mailing_list()
    }

    pub fn update_param(&mut self, context: &Context) -> Result<(), Error> {
@@ -554,6 +629,10 @@ impl Chat {
                .unwrap_or_else(|| "Err".into());
        }

+        if self.typ == Chattype::Group && self.is_mailing_list() {
+            return "".to_string();
+        }
+
        if self.typ == Chattype::Group || self.typ == Chattype::VerifiedGroup {
            if self.id.is_deaddrop() {
                return context.stock_str(StockMessage::DeadDrop).into();
@@ -565,44 +644,6 @@ impl Chat {
        "Err".to_string()
    }

-    fn parent_query(fields: &str) -> String {
-        // Check for server_uid guarantees that we don't
-        // select a draft or undelivered message.
-        format!(
-            "SELECT {} \
-             FROM msgs WHERE chat_id=?1 AND server_uid!=0 \
-             ORDER BY timestamp DESC, id DESC \
-             LIMIT 1;",
-            fields
-        )
-    }
-
-    fn get_parent_mime_headers(&self, context: &Context) -> Option<(String, String, String)> {
-        let collect = |row: &rusqlite::Row| Ok((row.get(0)?, row.get(1)?, row.get(2)?));
-        let params = params![self.id];
-        let sql = &context.sql;
-
-        let query = Self::parent_query("rfc724_mid, mime_in_reply_to, mime_references");
-
-        sql.query_row(&query, params, collect).ok()
-    }
-
-    fn parent_is_encrypted(&self, context: &Context) -> Result<bool, Error> {
-        let sql = &context.sql;
-        let params = params![self.id];
-        let query = Self::parent_query("param");
-
-        let packed: Option<String> = sql.query_get_value_result(&query, params)?;
-
-        if let Some(ref packed) = packed {
-            let param = packed.parse::<Params>()?;
-            Ok(param.exists(Param::GuaranteeE2ee))
-        } else {
-            // No messages
-            Ok(false)
-        }
-    }
-
    pub fn get_profile_image(&self, context: &Context) -> Option<PathBuf> {
        if let Some(image_rel) = self.param.get(Param::ProfileImage) {
            if !image_rel.is_empty() {
@@ -654,7 +695,7 @@ impl Chat {
            id: self.id,
            type_: self.typ as u32,
            name: self.name.clone(),
-            archived: self.archived,
+            archived: self.visibility == ChatVisibility::Archived,
            param: self.param.to_string(),
            gossiped_timestamp: self.get_gossiped_timestamp(context),
            is_sending_locations: self.is_sending_locations,
@@ -666,9 +707,8 @@ impl Chat {
        })
    }

-    /// Returns true if the chat is archived.
-    pub fn is_archived(&self) -> bool {
-        self.archived
+    pub fn get_visibility(&self) -> ChatVisibility {
+        self.visibility
    }

    pub fn is_unpromoted(&self) -> bool {
@@ -810,7 +850,7 @@ impl Chat {
                    }
                }

-                if can_encrypt && (all_mutual || self.parent_is_encrypted(context)?) {
+                if can_encrypt && (all_mutual || self.id.parent_is_encrypted(context)?) {
                    msg.param.set_int(Param::GuaranteeE2ee, 1);
                }
            }
@@ -825,7 +865,7 @@ impl Chat {
            // we do not set In-Reply-To/References in this case.
            if !self.is_self_talk() {
                if let Some((parent_rfc724_mid, parent_in_reply_to, parent_references)) =
-                    self.get_parent_mime_headers(context)
+                    self.id.get_parent_mime_headers(context)
                {
                    if !parent_rfc724_mid.is_empty() {
                        new_in_reply_to = parent_rfc724_mid.clone();
@@ -926,6 +966,40 @@ impl Chat {
    }
 }

+#[derive(Debug, Copy, Eq, PartialEq, Clone, Serialize, Deserialize)]
+pub enum ChatVisibility {
+    Normal,
+    Archived,
+    Pinned,
+}
+
+impl rusqlite::types::ToSql for ChatVisibility {
+    fn to_sql(&self) -> rusqlite::Result<rusqlite::types::ToSqlOutput> {
+        let visibility = match &self {
+            ChatVisibility::Normal => 0,
+            ChatVisibility::Archived => 1,
+            ChatVisibility::Pinned => 2,
+        };
+        let val = rusqlite::types::Value::Integer(visibility);
+        let out = rusqlite::types::ToSqlOutput::Owned(val);
+        Ok(out)
+    }
+}
+
+impl rusqlite::types::FromSql for ChatVisibility {
+    fn column_result(value: rusqlite::types::ValueRef) -> rusqlite::types::FromSqlResult<Self> {
+        i64::column_result(value).and_then(|val| {
+            match val {
+                2 => Ok(ChatVisibility::Pinned),
+                1 => Ok(ChatVisibility::Archived),
+                0 => Ok(ChatVisibility::Normal),
+                // fallback to to Normal for unknown values, may happen eg. on imports created by a newer version.
+                _ => Ok(ChatVisibility::Normal),
+            }
+        })
+    }
+}
+
 /// The current state of a chat.
 #[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
 #[non_exhaustive]
@@ -1031,7 +1105,11 @@ pub fn create_by_msg_id(context: &Context, msg_id: MsgId) -> Result<ChatId, Erro
            msg_id: MsgId::new(0),
        });
    }
-    Contact::scaleup_origin_by_id(context, msg.from_id, Origin::CreateChat);
+
+    // If the message is from a mailing list, the contacts are not counted as "known"
+    if !chat.is_mailing_list() {
+        Contact::scaleup_origin_by_id(context, msg.from_id, Origin::CreateChat);
+    }
    Ok(chat.id)
 }

@@ -1075,7 +1153,7 @@ pub fn create_by_contact_id(context: &Context, contact_id: u32) -> Result<ChatId
    Ok(chat_id)
 }

-pub fn update_saved_messages_icon(context: &Context) -> Result<(), Error> {
+pub(crate) fn update_saved_messages_icon(context: &Context) -> Result<(), Error> {
    // if there is no saved-messages chat, there is nothing to update. this is no error.
    if let Ok((chat_id, _)) = lookup_by_contact_id(context, DC_CONTACT_ID_SELF) {
        let icon = include_bytes!("../assets/icon-saved-messages.png");
@@ -1089,7 +1167,7 @@ pub fn update_saved_messages_icon(context: &Context) -> Result<(), Error> {
    Ok(())
 }

-pub fn update_device_icon(context: &Context) -> Result<(), Error> {
+pub(crate) fn update_device_icon(context: &Context) -> Result<(), Error> {
    // if there is no device-chat, there is nothing to update. this is no error.
    if let Ok((chat_id, _)) = lookup_by_contact_id(context, DC_CONTACT_ID_DEVICE) {
        let icon = include_bytes!("../assets/icon-device.png");
@@ -1123,13 +1201,13 @@ fn update_special_chat_name(
    Ok(())
 }

-pub fn update_special_chat_names(context: &Context) -> Result<(), Error> {
+pub(crate) fn update_special_chat_names(context: &Context) -> Result<(), Error> {
    update_special_chat_name(context, DC_CONTACT_ID_DEVICE, StockMessage::DeviceMessages)?;
    update_special_chat_name(context, DC_CONTACT_ID_SELF, StockMessage::SavedMessages)?;
    Ok(())
 }

-pub fn create_or_lookup_by_contact_id(
+pub(crate) fn create_or_lookup_by_contact_id(
    context: &Context,
    contact_id: u32,
    create_blocked: Blocked,
@@ -1145,33 +1223,31 @@ pub fn create_or_lookup_by_contact_id(
    let contact = Contact::load_from_db(context, contact_id)?;
    let chat_name = contact.get_display_name();

-    sql::execute(
-        context,
-        &context.sql,
-        "INSERT INTO chats (type, name, param, blocked, grpid, created_timestamp) VALUES(?, ?, ?, ?, ?, ?)",
+    context
+        .sql
+        .start_stmt("create_or_lookup_by_contact_id transaction");
+    context.sql.with_conn(|conn| {
+        let tx = conn.transaction()?;
+        tx.execute(
+        "INSERT INTO chats (type, name, param, blocked, created_timestamp) VALUES(?, ?, ?, ?, ?)",
        params![
-            100,
+            Chattype::Single,
            chat_name,
            match contact_id {
                DC_CONTACT_ID_SELF => "K=1".to_string(), // K = Param::Selftalk
                DC_CONTACT_ID_DEVICE => "D=1".to_string(), // D = Param::Devicetalk
-                _ => "".to_string()
+                _ => "".to_string(),
            },
            create_blocked as u8,
-            contact.get_addr(),
            time(),
        ]
-    )?;
-
-    let row_id = sql::get_rowid(context, &context.sql, "chats", "grpid", contact.get_addr());
-    let chat_id = ChatId::new(row_id);
-
-    sql::execute(
-        context,
-        &context.sql,
-        "INSERT INTO chats_contacts (chat_id, contact_id) VALUES(?, ?)",
-        params![chat_id, contact_id],
-    )?;
+        )?;
+        tx.execute(
+            "INSERT INTO chats_contacts (chat_id, contact_id) VALUES((SELECT last_insert_rowid()), ?)",
+            params![contact_id])?;
+        tx.commit()?;
+        Ok(())
+    })?;

    if contact_id == DC_CONTACT_ID_SELF {
        update_saved_messages_icon(context)?;
@@ -1179,10 +1255,10 @@ pub fn create_or_lookup_by_contact_id(
        update_device_icon(context)?;
    }

-    Ok((chat_id, create_blocked))
+    lookup_by_contact_id(context, contact_id)
 }

-pub fn lookup_by_contact_id(
+pub(crate) fn lookup_by_contact_id(
    context: &Context,
    contact_id: u32,
 ) -> Result<(ChatId, Blocked), Error> {
@@ -1236,7 +1312,7 @@ pub fn prepare_msg<'a>(
    Ok(msg_id)
 }

-pub fn msgtype_has_file(msgtype: Viewtype) -> bool {
+pub(crate) fn msgtype_has_file(msgtype: Viewtype) -> bool {
    match msgtype {
        Viewtype::Unknown => false,
        Viewtype::Text => false,
@@ -1413,6 +1489,18 @@ pub fn get_chat_msgs(
    flags: u32,
    marker1before: Option<MsgId>,
 ) -> Vec<MsgId> {
+    match hide_device_expired_messages(context) {
+        Err(err) => warn!(context, "Failed to delete expired messages: {}", err),
+        Ok(messages_deleted) => {
+            if messages_deleted {
+                context.call_cb(Event::MsgsChanged {
+                    msg_id: MsgId::new(0),
+                    chat_id: ChatId::new(0),
+                })
+            }
+        }
+    }
+
    let process_row =
        |row: &rusqlite::Row| Ok((row.get::<_, MsgId>("id")?, row.get::<_, i64>("timestamp")?));
    let process_rows = |rows: rusqlite::MappedRows<_>| {
@@ -1547,6 +1635,47 @@ pub fn marknoticed_all_chats(context: &Context) -> Result<(), Error> {
    Ok(())
 }

+/// Hides messages which are expired according to "delete_device_after" setting.
+///
+/// Returns true if any message is hidden, so event can be emitted. If nothing
+/// has been hidden, returns false.
+pub fn hide_device_expired_messages(context: &Context) -> Result<bool, Error> {
+    if let Some(delete_device_after) = context.get_config_delete_device_after() {
+        let threshold_timestamp = time() - delete_device_after;
+
+        let self_chat_id = lookup_by_contact_id(context, DC_CONTACT_ID_SELF)
+            .unwrap_or_default()
+            .0;
+        let device_chat_id = lookup_by_contact_id(context, DC_CONTACT_ID_DEVICE)
+            .unwrap_or_default()
+            .0;
+
+        // Hide expired messages
+        //
+        // Only update the rows that have to be updated, to avoid emitting
+        // unnecessary "chat modified" events.
+        let rows_modified = context.sql.execute(
+            "UPDATE msgs \
+             SET txt = 'DELETED', hidden = 1 \
+             WHERE timestamp < ? \
+             AND chat_id > ? \
+             AND chat_id != ? \
+             AND chat_id != ? \
+             AND NOT hidden",
+            params![
+                threshold_timestamp,
+                DC_CHAT_ID_LAST_SPECIAL,
+                self_chat_id,
+                device_chat_id
+            ],
+        )?;
+
+        Ok(rows_modified > 0)
+    } else {
+        Ok(false)
+    }
+}
+
 pub fn get_chat_media(
    context: &Context,
    chat_id: ChatId,
@@ -1621,17 +1750,17 @@ pub fn get_next_media(
            msg_type2,
            msg_type3,
        );
-        for i in 0..list.len() {
-            if curr_msg_id == list[i] {
+        for (i, msg_id) in list.iter().enumerate() {
+            if curr_msg_id == *msg_id {
                match direction {
                    Direction::Forward => {
                        if i + 1 < list.len() {
-                            ret = Some(list[i + 1]);
+                            ret = list.get(i + 1).copied();
                        }
                    }
                    Direction::Backward => {
                        if i >= 1 {
-                            ret = Some(list[i - 1]);
+                            ret = list.get(i - 1).copied();
                        }
                    }
                }
@@ -1713,18 +1842,68 @@ pub fn create_group_chat(
    Ok(chat_id)
 }

-/* you MUST NOT modify this or the following strings */
-// Context functions to work with chats
-pub fn add_to_chat_contacts_table(context: &Context, chat_id: ChatId, contact_id: u32) -> bool {
-    // add a contact to a chat; the function does not check the type or if any of the record exist or are already
-    // added to the chat!
-    sql::execute(
+/// add a contact to the chats_contact table
+/// on success emit MemberAdded event and return true
+pub(crate) fn add_to_chat_contacts_table(
+    context: &Context,
+    chat_id: ChatId,
+    contact_id: u32,
+) -> bool {
+    match sql::execute(
        context,
        &context.sql,
        "INSERT INTO chats_contacts (chat_id, contact_id) VALUES(?, ?)",
        params![chat_id, contact_id as i32],
-    )
-    .is_ok()
+    ) {
+        Ok(()) => {
+            context.call_cb(Event::MemberAdded {
+                chat_id,
+                contact_id,
+            });
+
+            true
+        }
+        Err(err) => {
+            error!(
+                context,
+                "could not add {} to chat {} table: {}", contact_id, chat_id, err
+            );
+
+            false
+        }
+    }
+}
+
+/// remove a contact from the chats_contact table
+/// on success emit MemberRemoved event and return true
+pub(crate) fn remove_from_chat_contacts_table(
+    context: &Context,
+    chat_id: ChatId,
+    contact_id: u32,
+) -> bool {
+    match sql::execute(
+        context,
+        &context.sql,
+        "DELETE FROM chats_contacts WHERE chat_id=? AND contact_id=?",
+        params![chat_id, contact_id as i32],
+    ) {
+        Ok(()) => {
+            context.call_cb(Event::MemberRemoved {
+                chat_id,
+                contact_id,
+            });
+
+            true
+        }
+        Err(_) => {
+            warn!(
+                context,
+                "could not remove contact {:?} from chat {:?}", contact_id, chat_id
+            );
+
+            false
+        }
+    }
 }

 /// Adds a contact to the chat.
@@ -1818,16 +1997,9 @@ pub(crate) fn add_contact_to_chat_ex(
        msg.param.set_cmd(SystemMessage::MemberAddedToGroup);
        msg.param.set(Param::Arg, contact.get_addr());
        msg.param.set_int(Param::Arg2, from_handshake.into());
+
        msg.id = send_msg(context, chat_id, &mut msg)?;
-        context.call_cb(Event::MsgsChanged {
-            chat_id,
-            msg_id: msg.id,
-        });
    }
-    context.call_cb(Event::MsgsChanged {
-        chat_id,
-        msg_id: MsgId::new(0),
-    });
    context.call_cb(Event::ChatModified(chat_id));
    Ok(true)
 }
@@ -1847,7 +2019,7 @@ fn real_group_exists(context: &Context, chat_id: ChatId) -> bool {
        .unwrap_or_default()
 }

-pub fn reset_gossiped_timestamp(context: &Context, chat_id: ChatId) -> Result<(), Error> {
+pub(crate) fn reset_gossiped_timestamp(context: &Context, chat_id: ChatId) -> Result<(), Error> {
    set_gossiped_timestamp(context, chat_id, 0)
 }

@@ -1864,7 +2036,7 @@ pub fn get_gossiped_timestamp(context: &Context, chat_id: ChatId) -> i64 {
        .unwrap_or_default()
 }

-pub fn set_gossiped_timestamp(
+pub(crate) fn set_gossiped_timestamp(
    context: &Context,
    chat_id: ChatId,
    timestamp: i64,
@@ -1884,7 +2056,7 @@ pub fn set_gossiped_timestamp(
    Ok(())
 }

-pub fn shall_attach_selfavatar(context: &Context, chat_id: ChatId) -> Result<bool, Error> {
+pub(crate) fn shall_attach_selfavatar(context: &Context, chat_id: ChatId) -> Result<bool, Error> {
    // versions before 12/2019 already allowed to set selfavatar, however, it was never sent to others.
    // to avoid sending out previously set selfavatars unexpectedly we added this additional check.
    // it can be removed after some time.
@@ -1919,7 +2091,7 @@ pub fn shall_attach_selfavatar(context: &Context, chat_id: ChatId) -> Result<boo
    Ok(needs_attach)
 }

-#[derive(Debug, Clone, PartialEq)]
+#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
 pub enum MuteDuration {
    NotMuted,
    Forever,
@@ -2009,7 +2181,6 @@ pub fn remove_contact_from_chat(
                    )
                );
            } else {
-                /* we should respect this - whatever we send to the group, it gets discarded anyway! */
                if let Ok(contact) = Contact::get_by_id(context, contact_id) {
                    if chat.is_promoted() {
                        msg.viewtype = Viewtype::Text;
@@ -2038,17 +2209,18 @@ pub fn remove_contact_from_chat(
                        });
                    }
                }
-                if sql::execute(
-                    context,
-                    &context.sql,
-                    "DELETE FROM chats_contacts WHERE chat_id=? AND contact_id=?;",
-                    params![chat_id, contact_id as i32],
-                )
-                .is_ok()
-                {
-                    context.call_cb(Event::ChatModified(chat_id));
-                    success = true;
-                }
+                // we remove the member from the chat after constructing the
+                // to-be-send message. If between send_msg() and here the
+                // process dies the user will have to re-do the action.  It's
+                // better than the other way round: you removed
+                // someone from DB but no peer or device gets to know about it and
+                // group membership is thus different on different devices.
+                // Note also that sending a message needs all recipients
+                // in order to correctly determine encryption so if we
+                // removed it first, it would complicate the
+                // check/encryption logic.
+                success = remove_from_chat_contacts_table(context, chat_id, contact_id);
+                context.call_cb(Event::ChatModified(chat_id));
            }
        }
    }
@@ -2073,7 +2245,10 @@ fn set_group_explicitly_left(context: &Context, grpid: impl AsRef<str>) -> Resul
    Ok(())
 }

-pub fn is_group_explicitly_left(context: &Context, grpid: impl AsRef<str>) -> Result<bool, Error> {
+pub(crate) fn is_group_explicitly_left(
+    context: &Context,
+    grpid: impl AsRef<str>,
+) -> Result<bool, Error> {
    context
        .sql
        .exists(
@@ -2295,7 +2470,7 @@ pub fn forward_msgs(context: &Context, msg_ids: &[MsgId], chat_id: ChatId) -> Re
    Ok(())
 }

-pub fn get_chat_contact_cnt(context: &Context, chat_id: ChatId) -> usize {
+pub(crate) fn get_chat_contact_cnt(context: &Context, chat_id: ChatId) -> usize {
    context
        .sql
        .query_get_value::<_, isize>(
@@ -2306,7 +2481,7 @@ pub fn get_chat_contact_cnt(context: &Context, chat_id: ChatId) -> usize {
        .unwrap_or_default() as usize
 }

-pub fn get_chat_cnt(context: &Context) -> usize {
+pub(crate) fn get_chat_cnt(context: &Context) -> usize {
    if context.sql.is_open() {
        /* no database, no chats - this is no error (needed eg. for information) */
        context
@@ -2339,6 +2514,22 @@ pub(crate) fn get_chat_id_by_grpid(
    )
 }

+pub(crate) fn get_chat_id_by_mailinglistid(
+    context: &Context,
+    listid: impl AsRef<str>,
+) -> Result<(ChatId, Blocked), sql::Error> {
+    context.sql.query_row(
+        "SELECT id, blocked, type FROM chats WHERE grpid=?;",
+        params![listid.as_ref()],
+        |row| {
+            let chat_id = row.get::<_, ChatId>(0)?;
+
+            let b = row.get::<_, Option<Blocked>>(1)?.unwrap_or_default();
+            Ok((chat_id, b))
+        },
+    )
+}
+
 /// Adds a message to device chat.
 ///
 /// Optional `label` can be provided to ensure that message is added only once.
@@ -2421,7 +2612,7 @@ pub fn was_device_msg_ever_added(context: &Context, label: &str) -> Result<bool,
 //   no wrong information are shown in the device chat
 // - deletion in `devmsglabels` makes sure,
 //   deleted messages are resetted and useful messages can be added again
-pub fn delete_and_reset_all_device_msgs(context: &Context) -> Result<(), Error> {
+pub(crate) fn delete_and_reset_all_device_msgs(context: &Context) -> Result<(), Error> {
    context.sql.execute(
        "DELETE FROM msgs WHERE from_id=?;",
        params![DC_CONTACT_ID_DEVICE],
@@ -2435,7 +2626,7 @@ pub fn delete_and_reset_all_device_msgs(context: &Context) -> Result<(), Error>
 /// Adds an informational message to chat.
 ///
 /// For example, it can be a message showing that a member was added to a group.
-pub fn add_info_msg(context: &Context, chat_id: ChatId, text: impl AsRef<str>) {
+pub(crate) fn add_info_msg(context: &Context, chat_id: ChatId, text: impl AsRef<str>) {
    let rfc724_mid = dc_create_outgoing_rfc724_mid(None, "@device");

    if context.sql.execute(
@@ -2558,7 +2749,7 @@ mod tests {
        let chat = Chat::load_from_db(&t.ctx, chat_id).unwrap();
        assert_eq!(chat.id, chat_id);
        assert!(chat.is_self_talk());
-        assert!(!chat.archived);
+        assert!(chat.visibility == ChatVisibility::Normal);
        assert!(!chat.is_device_talk());
        assert!(chat.can_send());
        assert_eq!(chat.name, t.ctx.stock_str(StockMessage::SavedMessages));
@@ -2572,7 +2763,7 @@ mod tests {
        assert_eq!(DC_CHAT_ID_DEADDROP, 1);
        assert!(chat.id.is_deaddrop());
        assert!(!chat.is_self_talk());
-        assert!(!chat.archived);
+        assert!(chat.visibility == ChatVisibility::Normal);
        assert!(!chat.is_device_talk());
        assert!(!chat.can_send());
        assert_eq!(chat.name, t.ctx.stock_str(StockMessage::DeadDrop));
@@ -2778,35 +2969,134 @@ mod tests {
        assert_eq!(DC_GCL_NO_SPECIALS, 0x02);

        // archive first chat
-        assert!(chat_id1.set_archived(&t.ctx, true).is_ok());
-        assert!(Chat::load_from_db(&t.ctx, chat_id1).unwrap().is_archived());
-        assert!(!Chat::load_from_db(&t.ctx, chat_id2).unwrap().is_archived());
+        assert!(chat_id1
+            .set_visibility(&t.ctx, ChatVisibility::Archived)
+            .is_ok());
+        assert!(
+            Chat::load_from_db(&t.ctx, chat_id1)
+                .unwrap()
+                .get_visibility()
+                == ChatVisibility::Archived
+        );
+        assert!(
+            Chat::load_from_db(&t.ctx, chat_id2)
+                .unwrap()
+                .get_visibility()
+                == ChatVisibility::Normal
+        );
        assert_eq!(get_chat_cnt(&t.ctx), 2);
        assert_eq!(chatlist_len(&t.ctx, 0), 2); // including DC_CHAT_ID_ARCHIVED_LINK now
        assert_eq!(chatlist_len(&t.ctx, DC_GCL_NO_SPECIALS), 1);
        assert_eq!(chatlist_len(&t.ctx, DC_GCL_ARCHIVED_ONLY), 1);

        // archive second chat
-        assert!(chat_id2.set_archived(&t.ctx, true).is_ok());
-        assert!(Chat::load_from_db(&t.ctx, chat_id1).unwrap().is_archived());
-        assert!(Chat::load_from_db(&t.ctx, chat_id2).unwrap().is_archived());
+        assert!(chat_id2
+            .set_visibility(&t.ctx, ChatVisibility::Archived)
+            .is_ok());
+        assert!(
+            Chat::load_from_db(&t.ctx, chat_id1)
+                .unwrap()
+                .get_visibility()
+                == ChatVisibility::Archived
+        );
+        assert!(
+            Chat::load_from_db(&t.ctx, chat_id2)
+                .unwrap()
+                .get_visibility()
+                == ChatVisibility::Archived
+        );
        assert_eq!(get_chat_cnt(&t.ctx), 2);
        assert_eq!(chatlist_len(&t.ctx, 0), 1); // only DC_CHAT_ID_ARCHIVED_LINK now
        assert_eq!(chatlist_len(&t.ctx, DC_GCL_NO_SPECIALS), 0);
        assert_eq!(chatlist_len(&t.ctx, DC_GCL_ARCHIVED_ONLY), 2);

        // archive already archived first chat, unarchive second chat two times
-        assert!(chat_id1.set_archived(&t.ctx, true).is_ok());
-        assert!(chat_id2.set_archived(&t.ctx, false).is_ok());
-        assert!(chat_id2.set_archived(&t.ctx, false).is_ok());
-        assert!(Chat::load_from_db(&t.ctx, chat_id1).unwrap().is_archived());
-        assert!(!Chat::load_from_db(&t.ctx, chat_id2).unwrap().is_archived());
+        assert!(chat_id1
+            .set_visibility(&t.ctx, ChatVisibility::Archived)
+            .is_ok());
+        assert!(chat_id2
+            .set_visibility(&t.ctx, ChatVisibility::Normal)
+            .is_ok());
+        assert!(chat_id2
+            .set_visibility(&t.ctx, ChatVisibility::Normal)
+            .is_ok());
+        assert!(
+            Chat::load_from_db(&t.ctx, chat_id1)
+                .unwrap()
+                .get_visibility()
+                == ChatVisibility::Archived
+        );
+        assert!(
+            Chat::load_from_db(&t.ctx, chat_id2)
+                .unwrap()
+                .get_visibility()
+                == ChatVisibility::Normal
+        );
        assert_eq!(get_chat_cnt(&t.ctx), 2);
        assert_eq!(chatlist_len(&t.ctx, 0), 2);
        assert_eq!(chatlist_len(&t.ctx, DC_GCL_NO_SPECIALS), 1);
        assert_eq!(chatlist_len(&t.ctx, DC_GCL_ARCHIVED_ONLY), 1);
    }

+    fn get_chats_from_chat_list(ctx: &Context, listflags: usize) -> Vec<ChatId> {
+        let chatlist = Chatlist::try_load(ctx, listflags, None, None).unwrap();
+        let mut result = Vec::new();
+        for chatlist_index in 0..chatlist.len() {
+            result.push(chatlist.get_chat_id(chatlist_index))
+        }
+        result
+    }
+
+    #[test]
+    fn test_pinned() {
+        let t = dummy_context();
+
+        // create 3 chats, wait 1 second in between to get a reliable order (we order by time)
+        let mut msg = Message::new(Viewtype::Text);
+        msg.text = Some("foo".to_string());
+        let msg_id = add_device_msg(&t.ctx, None, Some(&mut msg)).unwrap();
+        let chat_id1 = message::Message::load_from_db(&t.ctx, msg_id)
+            .unwrap()
+            .chat_id;
+        std::thread::sleep(std::time::Duration::from_millis(1000));
+        let chat_id2 = create_by_contact_id(&t.ctx, DC_CONTACT_ID_SELF).unwrap();
+        std::thread::sleep(std::time::Duration::from_millis(1000));
+        let chat_id3 = create_group_chat(&t.ctx, VerifiedStatus::Unverified, "foo").unwrap();
+
+        let chatlist = get_chats_from_chat_list(&t.ctx, DC_GCL_NO_SPECIALS);
+        assert_eq!(chatlist, vec![chat_id3, chat_id2, chat_id1]);
+
+        // pin
+        assert!(chat_id1
+            .set_visibility(&t.ctx, ChatVisibility::Pinned)
+            .is_ok());
+        assert_eq!(
+            Chat::load_from_db(&t.ctx, chat_id1)
+                .unwrap()
+                .get_visibility(),
+            ChatVisibility::Pinned
+        );
+
+        // check if chat order changed
+        let chatlist = get_chats_from_chat_list(&t.ctx, DC_GCL_NO_SPECIALS);
+        assert_eq!(chatlist, vec![chat_id1, chat_id3, chat_id2]);
+
+        // unpin
+        assert!(chat_id1
+            .set_visibility(&t.ctx, ChatVisibility::Normal)
+            .is_ok());
+        assert_eq!(
+            Chat::load_from_db(&t.ctx, chat_id1)
+                .unwrap()
+                .get_visibility(),
+            ChatVisibility::Normal
+        );
+
+        // check if chat order changed back
+        let chatlist = get_chats_from_chat_list(&t.ctx, DC_GCL_NO_SPECIALS);
+        assert_eq!(chatlist, vec![chat_id3, chat_id2, chat_id1]);
+    }
+
    #[test]
    fn test_set_chat_name() {
        let t = dummy_context();
@@ -2901,4 +3191,16 @@ mod tests {
            false
        );
    }
+
+    #[test]
+    fn test_parent_is_encrypted() {
+        let t = dummy_context();
+        let chat_id = create_group_chat(&t.ctx, VerifiedStatus::Unverified, "foo").unwrap();
+        assert!(!chat_id.parent_is_encrypted(&t.ctx).unwrap());
+
+        let mut msg = Message::new(Viewtype::Text);
+        msg.set_text(Some("hello".to_string()));
+        chat_id.set_draft(&t.ctx, Some(&mut msg));
+        assert!(!chat_id.parent_is_encrypted(&t.ctx).unwrap());
+    }
 }
--- a/src/chatlist.rs
+++ b/src/chatlist.rs
@@ -1,10 +1,11 @@
 //! # Chat list module

+use crate::chat;
 use crate::chat::*;
 use crate::constants::*;
 use crate::contact::*;
 use crate::context::*;
-use crate::error::Result;
+use crate::error::{bail, ensure, Result};
 use crate::lot::Lot;
 use crate::message::{Message, MessageState, MsgId};
 use crate::stock::StockMessage;
@@ -60,7 +61,7 @@ impl Chatlist {
    ///   or "Not now".
    ///   The UI can also offer a "Close" button that calls dc_marknoticed_contact() then.
    /// - DC_CHAT_ID_ARCHIVED_LINK (6) - this special chat is present if the user has
-    ///   archived *any* chat using dc_archive_chat(). The UI should show a link as
+    ///   archived *any* chat using dc_set_chat_visibility(). The UI should show a link as
    ///   "Show archived chats", if the user clicks this item, the UI should show a
    ///   list of all archived chats that can be created by this function hen using
    ///   the DC_GCL_ARCHIVED_ONLY flag.
@@ -73,6 +74,9 @@ impl Chatlist {
    ///   if DC_GCL_ARCHIVED_ONLY is not set, only unarchived chats are returned and
    ///   the pseudo-chat DC_CHAT_ID_ARCHIVED_LINK is added if there are *any* archived
    ///   chats
+    /// - the flag DC_GCL_FOR_FORWARDING sorts "Saved messages" to the top of the chatlist
+    ///   and hides the device-chat,
+    //    typically used on forwarding, may be combined with DC_GCL_NO_SPECIALS
    /// - if the flag DC_GCL_NO_SPECIALS is set, deaddrop and archive link are not added
    ///   to the list (may be used eg. for selecting chats on forwarding, the flag is
    ///   not needed when DC_GCL_ARCHIVED_ONLY is already set)
@@ -88,6 +92,12 @@ impl Chatlist {
        query: Option<&str>,
        query_contact_id: Option<u32>,
    ) -> Result<Self> {
+        // Note that we do not emit DC_EVENT_MSGS_MODIFIED here even if some
+        // messages get hidden to avoid reloading the same chatlist.
+        if let Err(err) = hide_device_expired_messages(context) {
+            warn!(context, "Failed to hide expired messages: {}", err);
+        }
+
        let mut add_archived_link_item = false;

        let process_row = |row: &rusqlite::Row| {
@@ -101,6 +111,14 @@ impl Chatlist {
                .map_err(Into::into)
        };

+        let skip_id = if 0 != listflags & DC_GCL_FOR_FORWARDING {
+            chat::lookup_by_contact_id(context, DC_CONTACT_ID_DEVICE)
+                .unwrap_or_default()
+                .0
+        } else {
+            ChatId::new(0)
+        };
+
        // select with left join and minimum:
        //
        // - the inner select must use `hidden` and _not_ `m.hidden`
@@ -127,18 +145,21 @@ impl Chatlist {
                               SELECT MAX(timestamp)
                                 FROM msgs
                                WHERE chat_id=c.id
-                                  AND (hidden=0 OR state=?))
+                                  AND (hidden=0 OR state=?1))
                 WHERE c.id>9
                   AND c.blocked=0
-                   AND c.id IN(SELECT chat_id FROM chats_contacts WHERE contact_id=?)
+                   AND c.id IN(SELECT chat_id FROM chats_contacts WHERE contact_id=?2)
                 GROUP BY c.id
-                 ORDER BY IFNULL(m.timestamp,c.created_timestamp) DESC, m.id DESC;",
-                params![MessageState::OutDraft, query_contact_id as i32],
+                 ORDER BY c.archived=?3 DESC, IFNULL(m.timestamp,c.created_timestamp) DESC, m.id DESC;",
+                params![MessageState::OutDraft, query_contact_id as i32, ChatVisibility::Pinned],
                process_row,
                process_rows,
            )?
        } else if 0 != listflags & DC_GCL_ARCHIVED_ONLY {
            // show archived chats
+            // (this includes the archived device-chat; we could skip it,
+            // however, then the number of archived chats do not match, which might be even more irritating.
+            // and adapting the number requires larger refactorings and seems not to be worth the effort)
            context.sql.query_map(
                "SELECT c.id, m.id
                 FROM chats c
@@ -178,18 +199,25 @@ impl Chatlist {
                               SELECT MAX(timestamp)
                                 FROM msgs
                                WHERE chat_id=c.id
-                                  AND (hidden=0 OR state=?))
-                 WHERE c.id>9
+                                  AND (hidden=0 OR state=?1))
+                 WHERE c.id>9 AND c.id!=?2
                   AND c.blocked=0
-                   AND c.name LIKE ?
+                   AND c.name LIKE ?3
                 GROUP BY c.id
                 ORDER BY IFNULL(m.timestamp,c.created_timestamp) DESC, m.id DESC;",
-                params![MessageState::OutDraft, str_like_cmd],
+                params![MessageState::OutDraft, skip_id, str_like_cmd],
                process_row,
                process_rows,
            )?
        } else {
            //  show normal chatlist
+            let sort_id_up = if 0 != listflags & DC_GCL_FOR_FORWARDING {
+                chat::lookup_by_contact_id(context, DC_CONTACT_ID_SELF)
+                    .unwrap_or_default()
+                    .0
+            } else {
+                ChatId::new(0)
+            };
            let mut ids = context.sql.query_map(
                "SELECT c.id, m.id
                 FROM chats c
@@ -199,22 +227,24 @@ impl Chatlist {
                               SELECT MAX(timestamp)
                                 FROM msgs
                                WHERE chat_id=c.id
-                                  AND (hidden=0 OR state=?))
-                 WHERE c.id>9
+                                  AND (hidden=0 OR state=?1))
+                 WHERE c.id>9 AND c.id!=?2
                   AND c.blocked=0
-                   AND c.archived=0
+                   AND NOT c.archived=?3
                 GROUP BY c.id
-                 ORDER BY IFNULL(m.timestamp,c.created_timestamp) DESC, m.id DESC;",
-                params![MessageState::OutDraft],
+                 ORDER BY c.id=?4 DESC, c.archived=?5 DESC, IFNULL(m.timestamp,c.created_timestamp) DESC, m.id DESC;",
+                params![MessageState::OutDraft, skip_id, ChatVisibility::Archived, sort_id_up, ChatVisibility::Pinned],
                process_row,
                process_rows,
            )?;
            if 0 == listflags & DC_GCL_NO_SPECIALS {
                if let Some(last_deaddrop_fresh_msg_id) = get_last_deaddrop_fresh_msg(context) {
-                    ids.insert(
-                        0,
-                        (ChatId::new(DC_CHAT_ID_DEADDROP), last_deaddrop_fresh_msg_id),
-                    );
+                    if 0 == listflags & DC_GCL_FOR_FORWARDING {
+                        ids.insert(
+                            0,
+                            (ChatId::new(DC_CHAT_ID_DEADDROP), last_deaddrop_fresh_msg_id),
+                        );
+                    }
                }
                add_archived_link_item = true;
            }
@@ -245,18 +275,20 @@ impl Chatlist {
    ///
    /// To get the message object from the message ID, use dc_get_chat().
    pub fn get_chat_id(&self, index: usize) -> ChatId {
-        if index >= self.ids.len() {
-            return ChatId::new(0);
+        match self.ids.get(index) {
+            Some((chat_id, _msg_id)) => *chat_id,
+            None => ChatId::new(0),
        }
-        self.ids[index].0
    }

    /// Get a single message ID of a chatlist.
    ///
    /// To get the message object from the message ID, use dc_get_msg().
    pub fn get_msg_id(&self, index: usize) -> Result<MsgId> {
-        ensure!(index < self.ids.len(), "Chatlist index out of range");
-        Ok(self.ids[index].1)
+        match self.ids.get(index) {
+            Some((_chat_id, msg_id)) => Ok(*msg_id),
+            None => bail!("Chatlist index out of range"),
+        }
    }

    /// Get a summary for a chatlist index.
@@ -278,27 +310,29 @@ impl Chatlist {
        // This is because we may want to display drafts here or stuff as
        // "is typing".
        // Also, sth. as "No messages" would not work if the summary comes from a message.
-
        let mut ret = Lot::new();
-        if index >= self.ids.len() {
-            ret.text2 = Some("ErrBadChatlistIndex".to_string());
-            return ret;
-        }
+
+        let (chat_id, lastmsg_id) = match self.ids.get(index) {
+            Some(ids) => ids,
+            None => {
+                ret.text2 = Some("ErrBadChatlistIndex".to_string());
+                return ret;
+            }
+        };

        let chat_loaded: Chat;
        let chat = if let Some(chat) = chat {
            chat
-        } else if let Ok(chat) = Chat::load_from_db(context, self.ids[index].0) {
+        } else if let Ok(chat) = Chat::load_from_db(context, *chat_id) {
            chat_loaded = chat;
            &chat_loaded
        } else {
            return ret;
        };

-        let lastmsg_id = self.ids[index].1;
        let mut lastcontact = None;

-        let lastmsg = if let Ok(lastmsg) = Message::load_from_db(context, lastmsg_id) {
+        let lastmsg = if let Ok(lastmsg) = Message::load_from_db(context, *lastmsg_id) {
            if lastmsg.from_id != DC_CONTACT_ID_SELF
                && (chat.typ == Chattype::Group || chat.typ == Chattype::VerifiedGroup)
            {
@@ -321,6 +355,10 @@ impl Chatlist {

        ret
    }
+
+    pub fn get_index_for_id(&self, id: ChatId) -> Option<usize> {
+        self.ids.iter().position(|(chat_id, _)| chat_id == &id)
+    }
 }

 /// Returns the number of archived chats
@@ -388,11 +426,32 @@ mod tests {
        let chats = Chatlist::try_load(&t.ctx, DC_GCL_ARCHIVED_ONLY, None, None).unwrap();
        assert_eq!(chats.len(), 0);

-        chat_id1.set_archived(&t.ctx, true).ok();
+        chat_id1
+            .set_visibility(&t.ctx, ChatVisibility::Archived)
+            .ok();
        let chats = Chatlist::try_load(&t.ctx, DC_GCL_ARCHIVED_ONLY, None, None).unwrap();
        assert_eq!(chats.len(), 1);
    }

+    #[test]
+    fn test_sort_self_talk_up_on_forward() {
+        let t = dummy_context();
+        t.ctx.update_device_chats().unwrap();
+        create_group_chat(&t.ctx, VerifiedStatus::Unverified, "a chat").unwrap();
+
+        let chats = Chatlist::try_load(&t.ctx, 0, None, None).unwrap();
+        assert!(chats.len() == 3);
+        assert!(!Chat::load_from_db(&t.ctx, chats.get_chat_id(0))
+            .unwrap()
+            .is_self_talk());
+
+        let chats = Chatlist::try_load(&t.ctx, DC_GCL_FOR_FORWARDING, None, None).unwrap();
+        assert!(chats.len() == 2); // device chat cannot be written and is skipped on forwarding
+        assert!(Chat::load_from_db(&t.ctx, chats.get_chat_id(0))
+            .unwrap()
+            .is_self_talk());
+    }
+
    #[test]
    fn test_search_special_chat_names() {
        let t = dummy_context();
@@ -415,4 +474,18 @@ mod tests {
        let chats = Chatlist::try_load(&t.ctx, 0, Some("t-5678-b"), None).unwrap();
        assert_eq!(chats.len(), 1);
    }
+
+    #[test]
+    fn test_get_summary_unwrap() {
+        let t = dummy_context();
+        let chat_id1 = create_group_chat(&t.ctx, VerifiedStatus::Unverified, "a chat").unwrap();
+
+        let mut msg = Message::new(Viewtype::Text);
+        msg.set_text(Some("foo:\nbar \r\n test".to_string()));
+        chat_id1.set_draft(&t.ctx, Some(&mut msg));
+
+        let chats = Chatlist::try_load(&t.ctx, 0, None, None).unwrap();
+        let summary = chats.get_summary(&t.ctx, 0, None);
+        assert_eq!(summary.get_text2().unwrap(), "foo: bar test"); // the linebreak should be removed from summary
+    }
 }
--- a/src/config.rs
+++ b/src/config.rs
@@ -4,10 +4,13 @@ use strum::{EnumProperty, IntoEnumIterator};
 use strum_macros::{AsRefStr, Display, EnumIter, EnumProperty, EnumString};

 use crate::blob::BlobObject;
+use crate::chat::ChatId;
 use crate::constants::DC_VERSION_STR;
 use crate::context::Context;
 use crate::dc_tools::*;
+use crate::events::Event;
 use crate::job::*;
+use crate::message::MsgId;
 use crate::mimefactory::RECOMMENDED_FILE_SIZE;
 use crate::stock::StockMessage;
 use rusqlite::NO_PARAMS;
@@ -62,6 +65,28 @@ pub enum Config {
    #[strum(props(default = "0"))] // also change ShowEmails.default() on changes
    ShowEmails,

+    #[strum(props(default = "0"))]
+    KeyGenType,
+
+    /// Timer in seconds after which the message is deleted from the
+    /// server.
+    ///
+    /// Equals to 0 by default, which means the message is never
+    /// deleted.
+    ///
+    /// Value 1 is treated as "delete at once": messages are deleted
+    /// immediately, without moving to DeltaChat folder.
+    #[strum(props(default = "0"))]
+    DeleteServerAfter,
+
+    /// Timer in seconds after which the message is deleted from the
+    /// device.
+    ///
+    /// Equals to 0 by default, which means the message is never
+    /// deleted.
+    #[strum(props(default = "0"))]
+    DeleteDeviceAfter,
+
    SaveMimeHeaders,
    ConfiguredAddr,
    ConfiguredMailServer,
@@ -125,6 +150,29 @@ impl Context {
        self.get_config_int(key) != 0
    }

+    /// Gets configured "delete_server_after" value.
+    ///
+    /// `None` means never delete the message, `Some(0)` means delete
+    /// at once, `Some(x)` means delete after `x` seconds.
+    pub fn get_config_delete_server_after(&self) -> Option<i64> {
+        match self.get_config_int(Config::DeleteServerAfter) {
+            0 => None,
+            1 => Some(0),
+            x => Some(x as i64),
+        }
+    }
+
+    /// Gets configured "delete_device_after" value.
+    ///
+    /// `None` means never delete the message, `Some(x)` means delete
+    /// after `x` seconds.
+    pub fn get_config_delete_device_after(&self) -> Option<i64> {
+        match self.get_config_int(Config::DeleteDeviceAfter) {
+            0 => None,
+            x => Some(x as i64),
+        }
+    }
+
    /// Set the given config key.
    /// If `None` is passed as a value the value is cleared and set to the default if there is one.
    pub fn set_config(&self, key: Config, value: Option<&str>) -> crate::sql::Result<()> {
@@ -168,6 +216,15 @@ impl Context {

                self.sql.set_raw_config(self, key, val)
            }
+            Config::DeleteDeviceAfter => {
+                let ret = self.sql.set_raw_config(self, key, value);
+                // Force chatlist reload to delete old messages immediately.
+                self.call_cb(Event::MsgsChanged {
+                    msg_id: MsgId::new(0),
+                    chat_id: ChatId::new(0),
+                });
+                ret
+            }
            _ => self.sql.set_raw_config(self, key, value),
        }
    }
--- a/src/configure/auto_mozilla.rs
+++ b/src/configure/auto_mozilla.rs
@@ -1,7 +1,6 @@
 //! # Thunderbird's Autoconfiguration implementation
 //!
 //! Documentation: https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration */
-use quick_xml;
 use quick_xml::events::{BytesEnd, BytesStart, BytesText};

 use crate::constants::*;
@@ -9,33 +8,7 @@ use crate::context::Context;
 use crate::login_param::LoginParam;

 use super::read_url::read_url;
-
-#[derive(Debug, Fail)]
-pub enum Error {
-    #[fail(display = "Invalid email address: {:?}", _0)]
-    InvalidEmailAddress(String),
-
-    #[fail(display = "XML error at position {}", position)]
-    InvalidXml {
-        position: usize,
-        #[cause]
-        error: quick_xml::Error,
-    },
-
-    #[fail(display = "Bad or incomplete autoconfig")]
-    IncompleteAutoconfig(LoginParam),
-
-    #[fail(display = "Failed to get URL {}", _0)]
-    ReadUrlError(#[cause] super::read_url::Error),
-}
-
-pub type Result<T> = std::result::Result<T, Error>;
-
-impl From<super::read_url::Error> for Error {
-    fn from(err: super::read_url::Error) -> Error {
-        Error::ReadUrlError(err)
-    }
-}
+use super::Error;

 #[derive(Debug)]
 struct MozAutoconfigure<'a> {
@@ -65,16 +38,16 @@ enum MozConfigTag {
    Username,
 }

-fn parse_xml(in_emailaddr: &str, xml_raw: &str) -> Result<LoginParam> {
+fn parse_xml(in_emailaddr: &str, xml_raw: &str) -> Result<LoginParam, Error> {
    let mut reader = quick_xml::Reader::from_str(xml_raw);
    reader.trim_text(true);

    // Split address into local part and domain part.
-    let p = in_emailaddr
-        .find('@')
-        .ok_or_else(|| Error::InvalidEmailAddress(in_emailaddr.to_string()))?;
-    let (in_emaillocalpart, in_emaildomain) = in_emailaddr.split_at(p);
-    let in_emaildomain = &in_emaildomain[1..];
+    let parts: Vec<&str> = in_emailaddr.rsplitn(2, '@').collect();
+    let (in_emaillocalpart, in_emaildomain) = match &parts[..] {
+        [domain, local] => (local, domain),
+        _ => return Err(Error::InvalidEmailAddress(in_emailaddr.to_string())),
+    };

    let mut moz_ac = MozAutoconfigure {
        in_emailaddr,
@@ -125,7 +98,7 @@ pub fn moz_autoconfigure(
    context: &Context,
    url: &str,
    param_in: &LoginParam,
-) -> Result<LoginParam> {
+) -> Result<LoginParam, Error> {
    let xml_raw = read_url(context, url)?;

    let res = parse_xml(&param_in.addr, &xml_raw);
--- a/src/configure/auto_outlook.rs
+++ b/src/configure/auto_outlook.rs
@@ -1,6 +1,5 @@
 //! Outlook's Autodiscover

-use quick_xml;
 use quick_xml::events::BytesEnd;

 use crate::constants::*;
@@ -8,33 +7,7 @@ use crate::context::Context;
 use crate::login_param::LoginParam;

 use super::read_url::read_url;
-
-#[derive(Debug, Fail)]
-pub enum Error {
-    #[fail(display = "XML error at position {}", position)]
-    InvalidXml {
-        position: usize,
-        #[cause]
-        error: quick_xml::Error,
-    },
-
-    #[fail(display = "Bad or incomplete autoconfig")]
-    IncompleteAutoconfig(LoginParam),
-
-    #[fail(display = "Failed to get URL {}", _0)]
-    ReadUrlError(#[cause] super::read_url::Error),
-
-    #[fail(display = "Number of redirection is exceeded")]
-    RedirectionError,
-}
-
-pub type Result<T> = std::result::Result<T, Error>;
-
-impl From<super::read_url::Error> for Error {
-    fn from(err: super::read_url::Error) -> Error {
-        Error::ReadUrlError(err)
-    }
-}
+use super::Error;

 struct OutlookAutodiscover {
    pub out: LoginParam,
@@ -52,7 +25,7 @@ enum ParsingResult {
    RedirectUrl(String),
 }

-fn parse_xml(xml_raw: &str) -> Result<ParsingResult> {
+fn parse_xml(xml_raw: &str) -> Result<ParsingResult, Error> {
    let mut outlk_ad = OutlookAutodiscover {
        out: LoginParam::new(),
        out_imap_set: false,
@@ -143,7 +116,7 @@ pub fn outlk_autodiscover(
    context: &Context,
    url: &str,
    _param_in: &LoginParam,
-) -> Result<LoginParam> {
+) -> Result<LoginParam, Error> {
    let mut url = url.to_string();
    /* Follow up to 10 xml-redirects (http-redirects are followed in read_url() */
    for _i in 0..10 {
--- a/src/configure/mod.rs
+++ b/src/configure/mod.rs
@@ -12,6 +12,7 @@ use crate::config::Config;
 use crate::constants::*;
 use crate::context::Context;
 use crate::dc_tools::*;
+use crate::error::format_err;
 use crate::job::{self, job_add, job_kill_action};
 use crate::login_param::{CertificateChecks, LoginParam};
 use crate::oauth2::*;
@@ -32,26 +33,28 @@ macro_rules! progress {
    };
 }

-// connect
-pub fn configure(context: &Context) {
-    if context.has_ongoing() {
-        warn!(context, "There is already another ongoing process running.",);
-        return;
+impl Context {
+    /// Starts a configuration job.
+    pub fn configure(&self) {
+        if self.has_ongoing() {
+            warn!(self, "There is already another ongoing process running.",);
+            return;
+        }
+        job_kill_action(self, job::Action::ConfigureImap);
+        job_add(self, job::Action::ConfigureImap, 0, Params::new(), 0);
    }
-    job_kill_action(context, job::Action::ConfigureImap);
-    job_add(context, job::Action::ConfigureImap, 0, Params::new(), 0);
-}

-/// Check if the context is already configured.
-pub fn dc_is_configured(context: &Context) -> bool {
-    context.sql.get_raw_config_bool(context, "configured")
+    /// Checks if the context is already configured.
+    pub fn is_configured(&self) -> bool {
+        self.sql.get_raw_config_bool(self, "configured")
+    }
 }

 /*******************************************************************************
 * Configure JOB
 ******************************************************************************/
 #[allow(non_snake_case, unused_must_use, clippy::cognitive_complexity)]
-pub fn JobConfigureImap(context: &Context) -> job::Status {
+pub(crate) fn JobConfigureImap(context: &Context) -> job::Status {
    if !context.sql.is_open() {
        error!(context, "Cannot configure, database not opened.",);
        progress!(context, 0);
@@ -369,7 +372,7 @@ pub fn JobConfigureImap(context: &Context) -> job::Status {
                let create_mvbox = context.get_config_bool(Config::MvboxWatch)
                    || context.get_config_bool(Config::MvboxMove);
                let imap = &context.inbox_thread.read().unwrap().imap;
-                if let Err(err) = imap.ensure_configured_folders(context, create_mvbox) {
+                if let Err(err) = imap.configure_folders(context, create_mvbox) {
                    warn!(context, "configuring folders failed: {:?}", err);
                    false
                } else {
@@ -649,6 +652,28 @@ fn try_smtp_one_param(context: &Context, param: &LoginParam) -> Option<bool> {
    }
 }

+#[derive(Debug, thiserror::Error)]
+pub enum Error {
+    #[error("Invalid email address: {0:?}")]
+    InvalidEmailAddress(String),
+
+    #[error("XML error at position {position}")]
+    InvalidXml {
+        position: usize,
+        #[source]
+        error: quick_xml::Error,
+    },
+
+    #[error("Bad or incomplete autoconfig")]
+    IncompleteAutoconfig(LoginParam),
+
+    #[error("Failed to get URL")]
+    ReadUrlError(#[from] self::read_url::Error),
+
+    #[error("Number of redirection is exceeded")]
+    RedirectionError,
+}
+
 #[cfg(test)]
 mod tests {

--- a/src/configure/read_url.rs
+++ b/src/configure/read_url.rs
@@ -1,14 +1,12 @@
 use crate::context::Context;

-#[derive(Debug, Fail)]
+#[derive(Debug, thiserror::Error)]
 pub enum Error {
-    #[fail(display = "URL request error")]
-    GetError(#[cause] reqwest::Error),
+    #[error("URL request error")]
+    GetError(#[from] reqwest::Error),
 }

-pub type Result<T> = std::result::Result<T, Error>;
-
-pub fn read_url(context: &Context, url: &str) -> Result<String> {
+pub fn read_url(context: &Context, url: &str) -> Result<String, Error> {
    info!(context, "Requesting URL {}", url);

    match reqwest::blocking::Client::new()
--- a/src/constants.rs
+++ b/src/constants.rs
@@ -3,6 +3,7 @@

 use deltachat_derive::*;
 use lazy_static::lazy_static;
+use serde::{Deserialize, Serialize};

 lazy_static! {
    pub static ref DC_VERSION_STR: String = env!("CARGO_PKG_VERSION").to_string();
@@ -15,7 +16,20 @@ const DC_SENTBOX_WATCH_DEFAULT: i32 = 1;
 const DC_MVBOX_WATCH_DEFAULT: i32 = 1;
 const DC_MVBOX_MOVE_DEFAULT: i32 = 1;

-#[derive(Debug, Display, Clone, Copy, PartialEq, Eq, FromPrimitive, ToPrimitive, FromSql, ToSql)]
+#[derive(
+    Debug,
+    Display,
+    Clone,
+    Copy,
+    PartialEq,
+    Eq,
+    FromPrimitive,
+    ToPrimitive,
+    FromSql,
+    ToSql,
+    Serialize,
+    Deserialize,
+)]
 #[repr(u8)]
 pub enum Blocked {
    Not = 0,
@@ -43,7 +57,19 @@ impl Default for ShowEmails {
    }
 }

-pub const DC_IMAP_SEEN: u32 = 0x1;
+#[derive(Debug, Display, Clone, Copy, PartialEq, Eq, FromPrimitive, ToPrimitive, FromSql, ToSql)]
+#[repr(u8)]
+pub enum KeyGenType {
+    Default = 0,
+    Rsa2048 = 1,
+    Ed25519 = 2,
+}
+
+impl Default for KeyGenType {
+    fn default() -> Self {
+        KeyGenType::Default
+    }
+}

 pub const DC_HANDSHAKE_CONTINUE_NORMAL_PROCESSING: i32 = 0x01;
 pub const DC_HANDSHAKE_STOP_NORMAL_PROCESSING: i32 = 0x02;
@@ -54,6 +80,7 @@ pub(crate) const DC_FROM_HANDSHAKE: i32 = 0x01;
 pub const DC_GCL_ARCHIVED_ONLY: usize = 0x01;
 pub const DC_GCL_NO_SPECIALS: usize = 0x02;
 pub const DC_GCL_ADD_ALLDONE_HINT: usize = 0x04;
+pub const DC_GCL_FOR_FORWARDING: usize = 0x08;

 pub const DC_GCM_ADDDAYMARKER: u32 = 0x01;

@@ -90,6 +117,8 @@ pub const DC_CHAT_ID_LAST_SPECIAL: u32 = 9;
    FromSql,
    ToSql,
    IntoStaticStr,
+    Serialize,
+    Deserialize,
 )]
 #[repr(u32)]
 pub enum Chattype {
@@ -168,13 +197,13 @@ pub const DC_LP_SMTP_SOCKET_SSL: usize = 0x20000;
 pub const DC_LP_SMTP_SOCKET_PLAIN: usize = 0x40000;

 /// if none of these flags are set, the default is chosen
-pub const DC_LP_AUTH_FLAGS: i32 = (DC_LP_AUTH_OAUTH2 | DC_LP_AUTH_NORMAL);
+pub const DC_LP_AUTH_FLAGS: i32 = DC_LP_AUTH_OAUTH2 | DC_LP_AUTH_NORMAL;
 /// if none of these flags are set, the default is chosen
 pub const DC_LP_IMAP_SOCKET_FLAGS: i32 =
-    (DC_LP_IMAP_SOCKET_STARTTLS | DC_LP_IMAP_SOCKET_SSL | DC_LP_IMAP_SOCKET_PLAIN);
+    DC_LP_IMAP_SOCKET_STARTTLS | DC_LP_IMAP_SOCKET_SSL | DC_LP_IMAP_SOCKET_PLAIN;
 /// if none of these flags are set, the default is chosen
 pub const DC_LP_SMTP_SOCKET_FLAGS: usize =
-    (DC_LP_SMTP_SOCKET_STARTTLS | DC_LP_SMTP_SOCKET_SSL | DC_LP_SMTP_SOCKET_PLAIN);
+    DC_LP_SMTP_SOCKET_STARTTLS | DC_LP_SMTP_SOCKET_SSL | DC_LP_SMTP_SOCKET_PLAIN;

 // QR code scanning (view from Bob, the joiner)
 pub const DC_VC_AUTH_REQUIRED: i32 = 2;
@@ -185,7 +214,23 @@ pub const DC_BOB_SUCCESS: i32 = 1;
 // max. width/height of an avatar
 pub const AVATAR_SIZE: u32 = 192;

-#[derive(Debug, Display, Clone, Copy, PartialEq, Eq, FromPrimitive, ToPrimitive, FromSql, ToSql)]
+// this value can be increased if the folder configuration is changed and must be redone on next program start
+pub const DC_FOLDERS_CONFIGURED_VERSION: i32 = 3;
+
+#[derive(
+    Debug,
+    Display,
+    Clone,
+    Copy,
+    PartialEq,
+    Eq,
+    FromPrimitive,
+    ToPrimitive,
+    FromSql,
+    ToSql,
+    Serialize,
+    Deserialize,
+)]
 #[repr(i32)]
 pub enum Viewtype {
    Unknown = 0,
--- a/src/contact.rs
+++ b/src/contact.rs
@@ -4,7 +4,6 @@ use std::path::PathBuf;

 use deltachat_derive::*;
 use itertools::Itertools;
-use rusqlite;

 use crate::aheader::EncryptPreference;
 use crate::chat::ChatId;
@@ -13,7 +12,7 @@ use crate::constants::*;
 use crate::context::Context;
 use crate::dc_tools::*;
 use crate::e2ee;
-use crate::error::{Error, Result};
+use crate::error::{bail, ensure, format_err, Result};
 use crate::events::Event;
 use crate::key::*;
 use crate::login_param::LoginParam;
@@ -24,9 +23,6 @@ use crate::peerstate::*;
 use crate::sql;
 use crate::stock::StockMessage;

-/// Contacts with at least this origin value are shown in the contact list.
-const DC_ORIGIN_MIN_CONTACT_LIST: i32 = 0x100;
-
 /// An object representing a single contact in memory.
 ///
 /// The contact object is not updated.
@@ -60,7 +56,7 @@ pub struct Contact {
    /// to access this field.
    authname: String,

-    /// E-Mail-Address of the contact. It is recommended to use `Contact::get_addr`` to access this field.
+    /// E-Mail-Address of the contact. It is recommended to use `Contact::get_addr` to access this field.
    addr: String,

    /// Blocked state. Use dc_contact_is_blocked to access this field.
@@ -94,6 +90,7 @@ pub enum Origin {
    UnhandledQrScan = 0x80,

    /// Reply-To: of incoming message of known sender
+    /// Contacts with at least this origin value are shown in the contact list.
    IncomingReplyTo = 0x100,

    /// Cc: of incoming message of known sender
@@ -118,7 +115,7 @@ pub enum Origin {
    Internal = 0x40000,

    /// address is in our address book
-    AdressBook = 0x80000,
+    AddressBook = 0x80000,

    /// set on Alice's side for contacts like Bob that have scanned the QR code offered by her. Only means the contact has once been established using the "securejoin" procedure in the past, getting the current key verification status requires calling dc_contact_is_verified() !
    SecurejoinInvited = 0x0100_0000,
@@ -146,7 +143,7 @@ impl Origin {
 }

 #[derive(Debug, PartialEq, Eq, Clone, Copy)]
-pub enum Modifier {
+pub(crate) enum Modifier {
    None,
    Modified,
    Created,
@@ -274,7 +271,7 @@ impl Contact {
    ///
    /// To validate an e-mail address independently of the contact database
    /// use `dc_may_be_valid_addr()`.
-    pub fn lookup_id_by_addr(context: &Context, addr: impl AsRef<str>) -> u32 {
+    pub fn lookup_id_by_addr(context: &Context, addr: impl AsRef<str>, min_origin: Origin) -> u32 {
        if addr.as_ref().is_empty() {
            return 0;
        }
@@ -287,22 +284,43 @@ impl Contact {
        if addr_cmp(addr_normalized, addr_self) {
            return DC_CONTACT_ID_SELF;
        }
-
        context.sql.query_get_value(
            context,
            "SELECT id FROM contacts WHERE addr=?1 COLLATE NOCASE AND id>?2 AND origin>=?3 AND blocked=0;",
            params![
                addr_normalized,
                DC_CONTACT_ID_LAST_SPECIAL as i32,
-                DC_ORIGIN_MIN_CONTACT_LIST,
+                min_origin as u32,
            ],
        ).unwrap_or_default()
    }

    /// Lookup a contact and create it if it does not exist yet.
+    /// The contact is identified by the email-address, a name and an "origin" can be given.
+    ///
+    /// The "origin" is where the address comes from -
+    /// from-header, cc-header, addressbook, qr, manual-edit etc.
+    /// In general, "better" origins overwrite the names of "worse" origins -
+    /// Eg. if we got a name in cc-header and later in from-header, the name will change -
+    /// this does not happen the other way round.
+    ///
+    /// The "best" origin are manually created contacts -
+    /// names given manually can only be overwritten by further manual edits
+    /// (until they are set empty again or reset to the name seen in the From-header).
+    ///
+    /// These manually edited names are _never_ used for sending on the wire -
+    /// this should avoid sending sth. as "Mama" or "Daddy" to some 3rd party.
+    /// Instead, for the wire, we use so called "authnames"
+    /// that can only be set and updated by a From-header.
+    ///
+    /// The different names used in the function are:
+    /// - "name": name passed as function argument, belonging to the given origin
+    /// - "row_name": current name used in the database, typically set to "name"
+    /// - "row_authname": name as authorized from a contact, set only through a From-header
+    /// Depending on the origin, both, "row_name" and "row_authname" are updated from "name".
    ///
    /// Returns the contact_id and a `Modifier` value indicating if a modification occured.
-    pub fn add_or_lookup(
+    pub(crate) fn add_or_lookup(
        context: &Context,
        name: impl AsRef<str>,
        addr: impl AsRef<str>,
@@ -325,20 +343,6 @@ impl Contact {
            return Ok((DC_CONTACT_ID_SELF, sth_modified));
        }

-        if !may_be_valid_addr(&addr) {
-            warn!(
-                context,
-                "Bad address \"{}\" for contact \"{}\".",
-                addr,
-                if !name.as_ref().is_empty() {
-                    name.as_ref()
-                } else {
-                    "<unset>"
-                },
-            );
-            bail!("Bad address supplied: {:?}", addr);
-        }
-
        let mut update_addr = false;
        let mut update_name = false;
        let mut update_authname = false;
@@ -356,7 +360,9 @@ impl Contact {

                if !name.as_ref().is_empty() {
                    if !row_name.is_empty() {
-                        if origin >= row_origin && name.as_ref() != row_name {
+                        if (origin >= row_origin || row_name == row_authname)
+                            && name.as_ref() != row_name
+                        {
                            update_name = true;
                        }
                    } else {
@@ -365,6 +371,9 @@ impl Contact {
                    if origin == Origin::IncomingUnknownFrom && name.as_ref() != row_authname {
                        update_authname = true;
                    }
+                } else if origin == Origin::ManuallyCreated && !row_authname.is_empty() {
+                    // no name given on manual edit, this will update the name to the authname
+                    update_name = true;
                }

                Ok((row_id, row_name, row_addr, row_origin, row_authname))
@@ -375,16 +384,22 @@ impl Contact {
                update_addr = true;
            }
            if update_name || update_authname || update_addr || origin > row_origin {
+                let new_name = if update_name {
+                    if !name.as_ref().is_empty() {
+                        name.as_ref()
+                    } else {
+                        &row_authname
+                    }
+                } else {
+                    &row_name
+                };
+
                sql::execute(
                    context,
                    &context.sql,
                    "UPDATE contacts SET name=?, addr=?, origin=?, authname=? WHERE id=?;",
                    params![
-                        if update_name {
-                            name.as_ref()
-                        } else {
-                            &row_name
-                        },
+                        new_name,
                        if update_addr { addr } else { &row_addr },
                        if origin > row_origin {
                            origin
@@ -402,11 +417,13 @@ impl Contact {
                .ok();

                if update_name {
+                    // Update the contact name also if it is used as a group name.
+                    // This is one of the few duplicated data, however, getting the chat list is easier this way.
                    sql::execute(
                    context,
                    &context.sql,
                    "UPDATE chats SET name=? WHERE type=? AND id IN(SELECT chat_id FROM chats_contacts WHERE contact_id=?);",
-                    params![name.as_ref(), Chattype::Single, row_id]
+                    params![new_name, Chattype::Single, row_id]
                ).ok();
                }
                sth_modified = Modifier::Modified;
@@ -462,9 +479,18 @@ impl Contact {

        for (name, addr) in split_address_book(addr_book.as_ref()).into_iter() {
            let name = normalize_name(name);
-            let (_, modified) = Contact::add_or_lookup(context, name, addr, Origin::AdressBook)?;
-            if modified != Modifier::None {
-                modify_cnt += 1
+            match Contact::add_or_lookup(context, name, addr, Origin::AddressBook) {
+                Err(err) => {
+                    warn!(
+                        context,
+                        "Failed to add address {} from address book: {}", addr, err
+                    );
+                }
+                Ok((_, modified)) => {
+                    if modified != Modifier::None {
+                        modify_cnt += 1
+                    }
+                }
            }
        }
        if modify_cnt > 0 {
@@ -984,7 +1010,7 @@ fn set_block_contact(context: &Context, contact_id: u32, new_blocking: bool) {
    }
 }

-pub fn set_profile_image(
+pub(crate) fn set_profile_image(
    context: &Context,
    contact_id: u32,
    profile_image: &AvatarAction,
@@ -1001,7 +1027,6 @@ pub fn set_profile_image(
            contact.param.remove(Param::ProfileImage);
            true
        }
-        AvatarAction::None => false,
    };
    if changed {
        contact.update_param(context)?;
@@ -1024,7 +1049,7 @@ pub fn normalize_name(full_name: impl AsRef<str>) -> String {
    }

    let len = full_name.len();
-    if len > 0 {
+    if len > 1 {
        let firstchar = full_name.as_bytes()[0];
        let lastchar = full_name.as_bytes()[len - 1];
        if firstchar == b'\'' && lastchar == b'\''
@@ -1077,10 +1102,9 @@ fn cat_fingerprint(
 impl Context {
    /// determine whether the specified addr maps to the/a self addr
    pub fn is_self_addr(&self, addr: &str) -> Result<bool> {
-        let self_addr = match self.get_config(Config::ConfiguredAddr) {
-            Some(s) => s,
-            None => return Err(Error::NotConfigured),
-        };
+        let self_addr = self
+            .get_config(Config::ConfiguredAddr)
+            .ok_or_else(|| format_err!("Not configured"))?;

        Ok(addr_cmp(self_addr, addr))
    }
@@ -1133,6 +1157,10 @@ mod tests {
    fn test_normalize_name() {
        assert_eq!(&normalize_name("Doe, John"), "John Doe");
        assert_eq!(&normalize_name(" hello world   "), "hello world");
+        assert_eq!(&normalize_name("<"), "<");
+        assert_eq!(&normalize_name(">"), ">");
+        assert_eq!(&normalize_name("'"), "'");
+        assert_eq!(&normalize_name("\""), "\"");
    }

    #[test]
@@ -1195,6 +1223,7 @@ mod tests {
        let book = concat!(
            "  Name one  \n one@eins.org \n",
            "Name two\ntwo@deux.net\n",
+            "Invalid\n+1234567890\n", // invalid, should be ignored
            "\nthree@drei.sam\n",
            "Name two\ntwo@deux.net\n" // should not be added again
        );
@@ -1281,6 +1310,7 @@ mod tests {
    fn test_remote_authnames() {
        let t = dummy_context();

+        // incoming mail `From: bob1 <bob@example.org>` - this should init authname and name
        let (contact_id, sth_modified) = Contact::add_or_lookup(
            &t.ctx,
            "bob1",
@@ -1295,6 +1325,7 @@ mod tests {
        assert_eq!(contact.get_name(), "bob1");
        assert_eq!(contact.get_display_name(), "bob1");

+        // incoming mail `From: bob2 <bob@example.org>` - this should update authname and name
        let (contact_id, sth_modified) = Contact::add_or_lookup(
            &t.ctx,
            "bob2",
@@ -1309,16 +1340,15 @@ mod tests {
        assert_eq!(contact.get_name(), "bob2");
        assert_eq!(contact.get_display_name(), "bob2");

-        let (contact_id, sth_modified) =
-            Contact::add_or_lookup(&t.ctx, "bob3", "bob@example.org", Origin::ManuallyCreated)
-                .unwrap();
+        // manually edit name to "bob3" - authname should be still be "bob2" a given in `From:` above
+        let contact_id = Contact::create(&t.ctx, "bob3", "bob@example.org").unwrap();
        assert!(contact_id > DC_CONTACT_ID_LAST_SPECIAL);
-        assert_eq!(sth_modified, Modifier::Modified);
        let contact = Contact::load_from_db(&t.ctx, contact_id).unwrap();
        assert_eq!(contact.get_authname(), "bob2");
        assert_eq!(contact.get_name(), "bob3");
        assert_eq!(contact.get_display_name(), "bob3");

+        // incoming mail `From: bob4 <bob@example.org>` - this should update authname, manually given name is still "bob3"
        let (contact_id, sth_modified) = Contact::add_or_lookup(
            &t.ctx,
            "bob4",
@@ -1334,6 +1364,81 @@ mod tests {
        assert_eq!(contact.get_display_name(), "bob3");
    }

+    #[test]
+    fn test_remote_authnames_create_empty() {
+        let t = dummy_context();
+
+        // manually create "claire@example.org" without a given name
+        let contact_id = Contact::create(&t.ctx, "", "claire@example.org").unwrap();
+        assert!(contact_id > DC_CONTACT_ID_LAST_SPECIAL);
+        let contact = Contact::load_from_db(&t.ctx, contact_id).unwrap();
+        assert_eq!(contact.get_authname(), "");
+        assert_eq!(contact.get_name(), "");
+        assert_eq!(contact.get_display_name(), "claire@example.org");
+
+        // incoming mail `From: claire1 <claire@example.org>` - this should update authname and name
+        let (contact_id_same, sth_modified) = Contact::add_or_lookup(
+            &t.ctx,
+            "claire1",
+            "claire@example.org",
+            Origin::IncomingUnknownFrom,
+        )
+        .unwrap();
+        assert_eq!(contact_id, contact_id_same);
+        assert_eq!(sth_modified, Modifier::Modified);
+        let contact = Contact::load_from_db(&t.ctx, contact_id).unwrap();
+        assert_eq!(contact.get_authname(), "claire1");
+        assert_eq!(contact.get_name(), "claire1");
+        assert_eq!(contact.get_display_name(), "claire1");
+
+        // incoming mail `From: claire2 <claire@example.org>` - this should update authname and name
+        let (contact_id_same, sth_modified) = Contact::add_or_lookup(
+            &t.ctx,
+            "claire2",
+            "claire@example.org",
+            Origin::IncomingUnknownFrom,
+        )
+        .unwrap();
+        assert_eq!(contact_id, contact_id_same);
+        assert_eq!(sth_modified, Modifier::Modified);
+        let contact = Contact::load_from_db(&t.ctx, contact_id).unwrap();
+        assert_eq!(contact.get_authname(), "claire2");
+        assert_eq!(contact.get_name(), "claire2");
+        assert_eq!(contact.get_display_name(), "claire2");
+    }
+
+    #[test]
+    fn test_remote_authnames_edit_empty() {
+        let t = dummy_context();
+
+        // manually create "dave@example.org"
+        let contact_id = Contact::create(&t.ctx, "dave1", "dave@example.org").unwrap();
+        let contact = Contact::load_from_db(&t.ctx, contact_id).unwrap();
+        assert_eq!(contact.get_authname(), "");
+        assert_eq!(contact.get_name(), "dave1");
+        assert_eq!(contact.get_display_name(), "dave1");
+
+        // incoming mail `From: dave2 <dave@example.org>` - this should update authname
+        Contact::add_or_lookup(
+            &t.ctx,
+            "dave2",
+            "dave@example.org",
+            Origin::IncomingUnknownFrom,
+        )
+        .unwrap();
+        let contact = Contact::load_from_db(&t.ctx, contact_id).unwrap();
+        assert_eq!(contact.get_authname(), "dave2");
+        assert_eq!(contact.get_name(), "dave1");
+        assert_eq!(contact.get_display_name(), "dave1");
+
+        // manually clear the name
+        Contact::create(&t.ctx, "", "dave@example.org").unwrap();
+        let contact = Contact::load_from_db(&t.ctx, contact_id).unwrap();
+        assert_eq!(contact.get_authname(), "dave2");
+        assert_eq!(contact.get_name(), "dave2");
+        assert_eq!(contact.get_display_name(), "dave2");
+    }
+
    #[test]
    fn test_addr_cmp() {
        assert!(addr_cmp("AA@AA.ORG", "aa@aa.ORG"));
--- a/src/context.rs
+++ b/src/context.rs
@@ -51,7 +51,7 @@ pub struct Context {
    cb: Box<ContextCallback>,
    pub os_name: Option<String>,
    pub cmdline_sel_chat_id: Arc<RwLock<ChatId>>,
-    pub bob: Arc<RwLock<BobStatus>>,
+    pub(crate) bob: Arc<RwLock<BobStatus>>,
    pub last_smeared_timestamp: RwLock<i64>,
    pub running_state: Arc<RwLock<RunningState>>,
    /// Mutex to avoid generating the key for the user more than once.
@@ -478,14 +478,14 @@ impl Default for RunningState {
 }

 #[derive(Debug, Default)]
-pub struct BobStatus {
+pub(crate) struct BobStatus {
    pub expects: i32,
    pub status: i32,
    pub qr_scan: Option<Lot>,
 }

 #[derive(Debug, PartialEq)]
-pub enum PerformJobsNeeded {
+pub(crate) enum PerformJobsNeeded {
    Not,
    AtOnce,
    AvoidDos,
@@ -502,7 +502,7 @@ pub struct SmtpState {
    pub idle: bool,
    pub suspended: bool,
    pub doing_jobs: bool,
-    pub perform_jobs_needed: PerformJobsNeeded,
+    pub(crate) perform_jobs_needed: PerformJobsNeeded,
    pub probe_network: bool,
 }

--- a/src/dc_receive_imf.rs
+++ b/src/dc_receive_imf.rs
--- a/src/dc_tools.rs
+++ b/src/dc_tools.rs
@@ -12,17 +12,17 @@ use chrono::{Local, TimeZone};
 use rand::{thread_rng, Rng};

 use crate::context::Context;
-use crate::error::Error;
+use crate::error::{bail, ensure, Error};
 use crate::events::Event;

 pub(crate) fn dc_exactly_one_bit_set(v: i32) -> bool {
    0 != v && 0 == v & (v - 1)
 }

-/// Shortens a string to a specified length and adds "..." or "[...]" to the end of
-/// the shortened string.
-pub(crate) fn dc_truncate(buf: &str, approx_chars: usize, do_unwrap: bool) -> Cow<str> {
-    let ellipse = if do_unwrap { "..." } else { "[...]" };
+/// Shortens a string to a specified length and adds "[...]" to the
+/// end of the shortened string.
+pub(crate) fn dc_truncate(buf: &str, approx_chars: usize) -> Cow<str> {
+    let ellipse = "[...]";

    let count = buf.chars().count();
    if approx_chars > 0 && count > approx_chars + ellipse.len() {
@@ -494,24 +494,25 @@ impl FromStr for EmailAddress {
        ensure!(!input.is_empty(), "empty string is not valid");
        let parts: Vec<&str> = input.rsplitn(2, '@').collect();

-        ensure!(parts.len() > 1, "missing '@' character");
-        let local = parts[1];
-        let domain = parts[0];
+        match &parts[..] {
+            [domain, local] => {
+                ensure!(
+                    !local.is_empty(),
+                    "empty string is not valid for local part"
+                );
+                ensure!(domain.len() > 3, "domain is too short");

-        ensure!(
-            !local.is_empty(),
-            "empty string is not valid for local part"
-        );
-        ensure!(domain.len() > 3, "domain is too short");
+                let dot = domain.find('.');
+                ensure!(dot.is_some(), "invalid domain");
+                ensure!(dot.unwrap() < domain.len() - 2, "invalid domain");

-        let dot = domain.find('.');
-        ensure!(dot.is_some(), "invalid domain");
-        ensure!(dot.unwrap() < domain.len() - 2, "invalid domain");
-
-        Ok(EmailAddress {
-            local: local.to_string(),
-            domain: domain.to_string(),
-        })
+                Ok(EmailAddress {
+                    local: (*local).to_string(),
+                    domain: (*domain).to_string(),
+                })
+            }
+            _ => bail!("missing '@' character"),
+        }
    }
 }

@@ -538,54 +539,42 @@ mod tests {
    #[test]
    fn test_dc_truncate_1() {
        let s = "this is a little test string";
-        assert_eq!(dc_truncate(s, 16, false), "this is a [...]");
-        assert_eq!(dc_truncate(s, 16, true), "this is a ...");
+        assert_eq!(dc_truncate(s, 16), "this is a [...]");
    }

    #[test]
    fn test_dc_truncate_2() {
-        assert_eq!(dc_truncate("1234", 2, false), "1234");
-        assert_eq!(dc_truncate("1234", 2, true), "1234");
+        assert_eq!(dc_truncate("1234", 2), "1234");
    }

    #[test]
    fn test_dc_truncate_3() {
-        assert_eq!(dc_truncate("1234567", 1, false), "1[...]");
-        assert_eq!(dc_truncate("1234567", 1, true), "1...");
+        assert_eq!(dc_truncate("1234567", 1), "1[...]");
    }

    #[test]
    fn test_dc_truncate_4() {
-        assert_eq!(dc_truncate("123456", 4, false), "123456");
-        assert_eq!(dc_truncate("123456", 4, true), "123456");
+        assert_eq!(dc_truncate("123456", 4), "123456");
    }

    #[test]
    fn test_dc_truncate_edge() {
-        assert_eq!(dc_truncate("", 4, false), "");
-        assert_eq!(dc_truncate("", 4, true), "");
+        assert_eq!(dc_truncate("", 4), "");

-        assert_eq!(dc_truncate("\n  hello \n world", 4, false), "\n  [...]");
-        assert_eq!(dc_truncate("\n  hello \n world", 4, true), "\n  ...");
+        assert_eq!(dc_truncate("\n  hello \n world", 4), "\n  [...]");

+        assert_eq!(dc_truncate("𐠈0Aᝮa𫝀®!ꫛa¡0A𐢧00𐹠®A  丽ⷐએ", 1), "𐠈[...]");
        assert_eq!(
-            dc_truncate("𐠈0Aᝮa𫝀®!ꫛa¡0A𐢧00𐹠®A  丽ⷐએ", 1, false),
-            "𐠈[...]"
-        );
-        assert_eq!(
-            dc_truncate("𐠈0Aᝮa𫝀®!ꫛa¡0A𐢧00𐹠®A  丽ⷐએ", 0, false),
+            dc_truncate("𐠈0Aᝮa𫝀®!ꫛa¡0A𐢧00𐹠®A  丽ⷐએ", 0),
            "𐠈0Aᝮa𫝀®!ꫛa¡0A𐢧00𐹠®A  丽ⷐએ"
        );

        // 9 characters, so no truncation
-        assert_eq!(
-            dc_truncate("𑒀ὐ￠🜀\u{1e01b}A a🟠", 6, false),
-            "𑒀ὐ￠🜀\u{1e01b}A a🟠",
-        );
+        assert_eq!(dc_truncate("𑒀ὐ￠🜀\u{1e01b}A a🟠", 6), "𑒀ὐ￠🜀\u{1e01b}A a🟠",);

        // 12 characters, truncation
        assert_eq!(
-            dc_truncate("𑒀ὐ￠🜀\u{1e01b}A a🟠bcd", 6, false),
+            dc_truncate("𑒀ὐ￠🜀\u{1e01b}A a🟠bcd", 6),
            "𑒀ὐ￠🜀\u{1e01b}A[...]",
        );
    }
@@ -701,11 +690,10 @@ mod tests {
        #[test]
        fn test_dc_truncate(
            buf: String,
-            approx_chars in 0..10000usize,
-            do_unwrap: bool,
+            approx_chars in 0..10000usize
        ) {
-            let res = dc_truncate(&buf, approx_chars, do_unwrap);
-            let el_len = if do_unwrap { 3 } else { 5 };
+            let res = dc_truncate(&buf, approx_chars);
+            let el_len = 5;
            let l = res.chars().count();
            if approx_chars > 0 {
                assert!(
@@ -719,11 +707,7 @@ mod tests {

            if approx_chars > 0 && buf.chars().count() > approx_chars + el_len {
                let l = res.len();
-                if do_unwrap {
-                    assert_eq!(&res[l-3..l], "...", "missing ellipsis in {}", &res);
-                } else {
-                    assert_eq!(&res[l-5..l], "[...]", "missing ellipsis in {}", &res);
-                }
+                assert_eq!(&res[l-5..l], "[...]", "missing ellipsis in {}", &res);
            }
        }
    }
--- a/src/dehtml.rs
+++ b/src/dehtml.rs
@@ -3,7 +3,6 @@
 //! A module to remove HTML tags from the email text

 use lazy_static::lazy_static;
-use quick_xml;
 use quick_xml::events::{BytesEnd, BytesStart, BytesText};

 lazy_static! {
@@ -35,6 +34,7 @@ pub fn dehtml(buf: &str) -> String {
    };

    let mut reader = quick_xml::Reader::from_str(buf);
+    reader.check_end_names(false);

    let mut buf = Vec::new();

@@ -225,4 +225,23 @@ mod tests {
            "<>\"\'& äÄöÖüÜß fooÆçÇ \u{2666}\u{200e}\u{200f}\u{200c}&noent;\u{200d}"
        );
    }
+
+    #[test]
+    fn test_unclosed_tags() {
+        let input = r##"
+        <!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'
+        'http://www.w3.org/TR/html4/loose.dtd'>
+        <html>
+        <head>
+        <title>Hi</title>
+        <meta http-equiv='Content-Type' content='text/html; charset=iso-8859-1'>						
+        </head>
+        <body>
+        lots of text
+        </body>
+        </html>
+        "##;
+        let txt = dehtml(input);
+        assert_eq!(txt.trim(), "lots of text");
+    }
 }
--- a/src/e2ee.rs
+++ b/src/e2ee.rs
@@ -8,6 +8,7 @@ use num_traits::FromPrimitive;

 use crate::aheader::*;
 use crate::config::Config;
+use crate::constants::KeyGenType;
 use crate::context::Context;
 use crate::dc_tools::EmailAddress;
 use crate::error::*;
@@ -125,7 +126,7 @@ pub fn try_decrypt(
 ) -> Result<(Option<Vec<u8>>, HashSet<String>)> {
    let from = mail
        .headers
-        .get_header_value(HeaderDef::From_)?
+        .get_header_value(HeaderDef::From_)
        .and_then(|from_addr| mailparse::addrparse(&from_addr).ok())
        .and_then(|from| from.extract_single_info())
        .map(|from| from.addr)
@@ -199,23 +200,21 @@ fn load_or_generate_self_public_key(
    self_addr: impl AsRef<str>,
 ) -> Result<SignedPublicKey> {
    if let Some(key) = Key::from_self_public(context, &self_addr, &context.sql) {
-        return SignedPublicKey::try_from(key)
-            .map_err(|_| Error::Message("Not a public key".into()));
+        return SignedPublicKey::try_from(key).map_err(|_| format_err!("Not a public key"));
    }
    let _guard = context.generating_key_mutex.lock().unwrap();

    // Check again in case the key was generated while we were waiting for the lock.
    if let Some(key) = Key::from_self_public(context, &self_addr, &context.sql) {
-        return SignedPublicKey::try_from(key)
-            .map_err(|_| Error::Message("Not a public key".into()));
+        return SignedPublicKey::try_from(key).map_err(|_| format_err!("Not a public key"));
    }

    let start = std::time::Instant::now();
-    info!(
-        context,
-        "Generating keypair with {} bits, e={} ...", 2048, 65537,
-    );
-    let keypair = pgp::create_keypair(EmailAddress::new(self_addr.as_ref())?)?;
+
+    let keygen_type =
+        KeyGenType::from_i32(context.get_config_int(Config::KeyGenType)).unwrap_or_default();
+    info!(context, "Generating keypair with type {}", keygen_type);
+    let keypair = pgp::create_keypair(EmailAddress::new(self_addr.as_ref())?, keygen_type)?;
    key::store_self_keypair(context, &keypair, KeyPairUse::Default)?;
    info!(
        context,
@@ -416,7 +415,6 @@ Sent with my Delta Chat Messenger: https://delta.chat";
        }

        #[test]
-        #[ignore] // generating keys is expensive
        fn test_generate() {
            let t = dummy_context();
            let addr = "alice@example.org";
@@ -428,7 +426,6 @@ Sent with my Delta Chat Messenger: https://delta.chat";
        }

        #[test]
-        #[ignore]
        fn test_generate_concurrent() {
            use std::sync::Arc;
            use std::thread;
--- a/src/error.rs
+++ b/src/error.rs
@@ -1,189 +1,13 @@
 //! # Error handling

-use lettre_email::mime;
+pub use anyhow::{bail, ensure, format_err, Error, Result};

-#[derive(Debug, Fail)]
-pub enum Error {
-    #[fail(display = "{:?}", _0)]
-    Failure(failure::Error),
-
-    #[fail(display = "SQL error: {:?}", _0)]
-    SqlError(#[cause] crate::sql::Error),
-
-    #[fail(display = "{:?}", _0)]
-    Io(std::io::Error),
-
-    #[fail(display = "{:?}", _0)]
-    Message(String),
-
-    #[fail(display = "{:?}", _0)]
-    MessageWithCause(String, #[cause] failure::Error, failure::Backtrace),
-
-    #[fail(display = "{:?}", _0)]
-    Image(image_meta::ImageError),
-
-    #[fail(display = "{:?}", _0)]
-    Utf8(std::str::Utf8Error),
-
-    #[fail(display = "PGP: {:?}", _0)]
-    Pgp(pgp::errors::Error),
-
-    #[fail(display = "Base64Decode: {:?}", _0)]
-    Base64Decode(base64::DecodeError),
-
-    #[fail(display = "{:?}", _0)]
-    FromUtf8(std::string::FromUtf8Error),
-
-    #[fail(display = "{}", _0)]
-    BlobError(#[cause] crate::blob::BlobError),
-
-    #[fail(display = "Invalid Message ID.")]
-    InvalidMsgId,
-
-    #[fail(display = "Watch folder not found {:?}", _0)]
-    WatchFolderNotFound(String),
-
-    #[fail(display = "Invalid Email: {:?}", _0)]
-    MailParseError(#[cause] mailparse::MailParseError),
-
-    #[fail(display = "Building invalid Email: {:?}", _0)]
-    LettreError(#[cause] lettre_email::error::Error),
-
-    #[fail(display = "SMTP error: {:?}", _0)]
-    SmtpError(#[cause] async_smtp::error::Error),
-
-    #[fail(display = "FromStr error: {:?}", _0)]
-    FromStr(#[cause] mime::FromStrError),
-
-    #[fail(display = "Not Configured")]
-    NotConfigured,
-}
-
-pub type Result<T> = std::result::Result<T, Error>;
-
-impl From<crate::sql::Error> for Error {
-    fn from(err: crate::sql::Error) -> Error {
-        Error::SqlError(err)
-    }
-}
-
-impl From<base64::DecodeError> for Error {
-    fn from(err: base64::DecodeError) -> Error {
-        Error::Base64Decode(err)
-    }
-}
-
-impl From<failure::Error> for Error {
-    fn from(err: failure::Error) -> Error {
-        Error::Failure(err)
-    }
-}
-
-impl From<std::io::Error> for Error {
-    fn from(err: std::io::Error) -> Error {
-        Error::Io(err)
-    }
-}
-
-impl From<std::str::Utf8Error> for Error {
-    fn from(err: std::str::Utf8Error) -> Error {
-        Error::Utf8(err)
-    }
-}
-
-impl From<image_meta::ImageError> for Error {
-    fn from(err: image_meta::ImageError) -> Error {
-        Error::Image(err)
-    }
-}
-
-impl From<pgp::errors::Error> for Error {
-    fn from(err: pgp::errors::Error) -> Error {
-        Error::Pgp(err)
-    }
-}
-
-impl From<std::string::FromUtf8Error> for Error {
-    fn from(err: std::string::FromUtf8Error) -> Error {
-        Error::FromUtf8(err)
-    }
-}
-
-impl From<crate::blob::BlobError> for Error {
-    fn from(err: crate::blob::BlobError) -> Error {
-        Error::BlobError(err)
-    }
-}
-
-impl From<crate::message::InvalidMsgId> for Error {
-    fn from(_err: crate::message::InvalidMsgId) -> Error {
-        Error::InvalidMsgId
-    }
-}
-
-impl From<crate::key::SaveKeyError> for Error {
-    fn from(err: crate::key::SaveKeyError) -> Error {
-        Error::MessageWithCause(format!("{}", err), err.into(), failure::Backtrace::new())
-    }
-}
-
-impl From<crate::pgp::PgpKeygenError> for Error {
-    fn from(err: crate::pgp::PgpKeygenError) -> Error {
-        Error::MessageWithCause(format!("{}", err), err.into(), failure::Backtrace::new())
-    }
-}
-
-impl From<mailparse::MailParseError> for Error {
-    fn from(err: mailparse::MailParseError) -> Error {
-        Error::MailParseError(err)
-    }
-}
-
-impl From<lettre_email::error::Error> for Error {
-    fn from(err: lettre_email::error::Error) -> Error {
-        Error::LettreError(err)
-    }
-}
-
-impl From<mime::FromStrError> for Error {
-    fn from(err: mime::FromStrError) -> Error {
-        Error::FromStr(err)
-    }
-}
-
-#[macro_export]
-macro_rules! bail {
-    ($e:expr) => {
-        return Err($crate::error::Error::Message($e.to_string()));
-    };
-    ($fmt:expr, $($arg:tt)+) => {
-        return Err($crate::error::Error::Message(format!($fmt, $($arg)+)));
-    };
-}
-
-#[macro_export]
-macro_rules! format_err {
-    ($e:expr) => {
-        $crate::error::Error::Message($e.to_string());
-    };
-    ($fmt:expr, $($arg:tt)+) => {
-        $crate::error::Error::Message(format!($fmt, $($arg)+));
-    };
-}
-
-#[macro_export(local_inner_macros)]
-macro_rules! ensure {
-    ($cond:expr, $e:expr) => {
-        if !($cond) {
-            bail!($e);
-        }
-    };
-    ($cond:expr, $fmt:expr, $($arg:tt)+) => {
-        if !($cond) {
-            bail!($fmt, $($arg)+);
-        }
-    };
-}
+// #[fail(display = "Invalid Message ID.")]
+// InvalidMsgId,
+// #[fail(display = "Watch folder not found {:?}", _0)]
+// WatchFolderNotFound(String),
+// #[fail(display = "Not Configured")]
+// NotConfigured,

 #[macro_export]
 macro_rules! ensure_eq {
--- a/src/events.rs
+++ b/src/events.rs
@@ -207,4 +207,16 @@ pub enum Event {
    /// @param data2 (int) contact_id
    #[strum(props(id = "2062"))]
    SecurejoinMemberAdded { chat_id: ChatId, contact_id: u32 },
+
+    /// This event is sent for each contact added to a chat.
+    /// @param data1 (int) chat_id
+    /// @param data2 (int) contact_id
+    #[strum(props(id = "2063"))]
+    MemberAdded { chat_id: ChatId, contact_id: u32 },
+
+    /// This event is sent for each contact removed from a chat.
+    /// @param data1 (int) chat_id
+    /// @param data2 (int) contact_id
+    #[strum(props(id = "2064"))]
+    MemberRemoved { chat_id: ChatId, contact_id: u32 },
 }
--- a/src/headerdef.rs
+++ b/src/headerdef.rs
@@ -1,5 +1,5 @@
 use crate::strum::AsStaticRef;
-use mailparse::{MailHeader, MailHeaderMap, MailParseError};
+use mailparse::{MailHeader, MailHeaderMap};

 #[derive(Debug, Display, Clone, PartialEq, Eq, EnumVariantNames, AsStaticStr)]
 #[strum(serialize_all = "kebab_case")]
@@ -26,7 +26,6 @@ pub enum HeaderDef {
    ChatGroupName,
    ChatGroupNameChanged,
    ChatVerified,
-    ChatGroupImage, // deprecated
    ChatGroupAvatar,
    ChatUserAvatar,
    ChatVoiceMessage,
@@ -53,11 +52,11 @@ impl HeaderDef {
 }

 pub trait HeaderDefMap {
-    fn get_header_value(&self, headerdef: HeaderDef) -> Result<Option<String>, MailParseError>;
+    fn get_header_value(&self, headerdef: HeaderDef) -> Option<String>;
 }

 impl HeaderDefMap for [MailHeader<'_>] {
-    fn get_header_value(&self, headerdef: HeaderDef) -> Result<Option<String>, MailParseError> {
+    fn get_header_value(&self, headerdef: HeaderDef) -> Option<String> {
        self.get_first_value(headerdef.get_headername())
    }
 }
@@ -80,18 +79,13 @@ mod tests {
        let (headers, _) =
            mailparse::parse_headers(b"fRoM: Bob\naUtoCryPt-SeTup-MessAge: v99").unwrap();
        assert_eq!(
-            headers
-                .get_header_value(HeaderDef::AutocryptSetupMessage)
-                .unwrap(),
+            headers.get_header_value(HeaderDef::AutocryptSetupMessage),
            Some("v99".to_string())
        );
        assert_eq!(
-            headers.get_header_value(HeaderDef::From_).unwrap(),
+            headers.get_header_value(HeaderDef::From_),
            Some("Bob".to_string())
        );
-        assert_eq!(
-            headers.get_header_value(HeaderDef::Autocrypt).unwrap(),
-            None
-        );
+        assert_eq!(headers.get_header_value(HeaderDef::Autocrypt), None);
    }
 }
--- a/src/imap/client.rs
+++ b/src/imap/client.rs
@@ -0,0 +1,104 @@
+use async_imap::{
+    error::{Error as ImapError, Result as ImapResult},
+    Client as ImapClient,
+};
+use async_native_tls::TlsStream;
+use async_std::net::{self, TcpStream};
+
+use super::session::Session;
+use crate::login_param::{dc_build_tls, CertificateChecks};
+
+#[derive(Debug)]
+pub(crate) enum Client {
+    Secure(ImapClient<TlsStream<TcpStream>>),
+    Insecure(ImapClient<TcpStream>),
+}
+
+impl Client {
+    pub async fn connect_secure<A: net::ToSocketAddrs, S: AsRef<str>>(
+        addr: A,
+        domain: S,
+        certificate_checks: CertificateChecks,
+    ) -> ImapResult<Self> {
+        let stream = TcpStream::connect(addr).await?;
+        let tls = dc_build_tls(certificate_checks);
+        let tls_stream = tls.connect(domain.as_ref(), stream).await?;
+        let mut client = ImapClient::new(tls_stream);
+        if std::env::var(crate::DCC_IMAP_DEBUG).is_ok() {
+            client.debug = true;
+        }
+
+        let _greeting = client
+            .read_response()
+            .await
+            .ok_or_else(|| ImapError::Bad("failed to read greeting".to_string()))?;
+
+        Ok(Client::Secure(client))
+    }
+
+    pub async fn connect_insecure<A: net::ToSocketAddrs>(addr: A) -> ImapResult<Self> {
+        let stream = TcpStream::connect(addr).await?;
+
+        let mut client = ImapClient::new(stream);
+        if std::env::var(crate::DCC_IMAP_DEBUG).is_ok() {
+            client.debug = true;
+        }
+        let _greeting = client
+            .read_response()
+            .await
+            .ok_or_else(|| ImapError::Bad("failed to read greeting".to_string()))?;
+
+        Ok(Client::Insecure(client))
+    }
+
+    pub async fn secure<S: AsRef<str>>(
+        self,
+        domain: S,
+        certificate_checks: CertificateChecks,
+    ) -> ImapResult<Client> {
+        match self {
+            Client::Insecure(client) => {
+                let tls = dc_build_tls(certificate_checks);
+                let client_sec = client.secure(domain, tls).await?;
+
+                Ok(Client::Secure(client_sec))
+            }
+            // Nothing to do
+            Client::Secure(_) => Ok(self),
+        }
+    }
+
+    pub async fn authenticate<A: async_imap::Authenticator, S: AsRef<str>>(
+        self,
+        auth_type: S,
+        authenticator: &A,
+    ) -> Result<Session, (ImapError, Client)> {
+        match self {
+            Client::Secure(i) => match i.authenticate(auth_type, authenticator).await {
+                Ok(session) => Ok(Session::Secure(session)),
+                Err((err, c)) => Err((err, Client::Secure(c))),
+            },
+            Client::Insecure(i) => match i.authenticate(auth_type, authenticator).await {
+                Ok(session) => Ok(Session::Insecure(session)),
+                Err((err, c)) => Err((err, Client::Insecure(c))),
+            },
+        }
+    }
+
+    pub async fn login<U: AsRef<str>, P: AsRef<str>>(
+        self,
+        username: U,
+        password: P,
+    ) -> Result<Session, (ImapError, Client)> {
+        match self {
+            Client::Secure(i) => match i.login(username, password).await {
+                Ok(session) => Ok(Session::Secure(session)),
+                Err((err, c)) => Err((err, Client::Secure(c))),
+            },
+            Client::Insecure(i) => match i.login(username, password).await {
+                Ok(session) => Ok(Session::Insecure(session)),
+                Err((err, c)) => Err((err, Client::Insecure(c))),
+            },
+        }
+    }
+}
--- a/src/imap/idle.rs
+++ b/src/imap/idle.rs
@@ -1,42 +1,56 @@
 use super::Imap;

-use async_imap::extensions::idle::IdleResponse;
+use async_imap::extensions::idle::{Handle as ImapIdleHandle, IdleResponse};
+use async_native_tls::TlsStream;
+use async_std::net::TcpStream;
 use async_std::prelude::*;
 use async_std::task;
 use std::sync::atomic::Ordering;
 use std::time::{Duration, SystemTime};

 use crate::context::Context;
-use crate::imap_client::*;

 use super::select_folder;
+use super::session::Session;

 type Result<T> = std::result::Result<T, Error>;

-#[derive(Debug, Fail)]
+#[derive(Debug, thiserror::Error)]
 pub enum Error {
-    #[fail(display = "IMAP IDLE protocol failed to init/complete")]
-    IdleProtocolFailed(#[cause] async_imap::error::Error),
+    #[error("IMAP IDLE protocol failed to init/complete")]
+    IdleProtocolFailed(#[from] async_imap::error::Error),

-    #[fail(display = "IMAP IDLE protocol timed out")]
-    IdleTimeout(#[cause] async_std::future::TimeoutError),
+    #[error("IMAP IDLE protocol timed out")]
+    IdleTimeout(#[from] async_std::future::TimeoutError),

-    #[fail(display = "IMAP server does not have IDLE capability")]
+    #[error("IMAP server does not have IDLE capability")]
    IdleAbilityMissing,

-    #[fail(display = "IMAP select folder error")]
-    SelectFolderError(#[cause] select_folder::Error),
+    #[error("IMAP select folder error")]
+    SelectFolderError(#[from] select_folder::Error),

-    #[fail(display = "IMAP error")]
-    ImapError(#[cause] async_imap::error::Error),
-
-    #[fail(display = "Setup handle error")]
-    SetupHandleError(#[cause] super::Error),
+    #[error("Setup handle error")]
+    SetupHandleError(#[from] super::Error),
 }

-impl From<select_folder::Error> for Error {
-    fn from(err: select_folder::Error) -> Error {
-        Error::SelectFolderError(err)
+#[derive(Debug)]
+pub(crate) enum IdleHandle {
+    Secure(ImapIdleHandle<TlsStream<TcpStream>>),
+    Insecure(ImapIdleHandle<TcpStream>),
+}
+
+impl Session {
+    pub fn idle(self) -> IdleHandle {
+        match self {
+            Session::Secure(i) => {
+                let h = i.idle();
+                IdleHandle::Secure(h)
+            }
+            Session::Insecure(i) => {
+                let h = i.idle();
+                IdleHandle::Insecure(h)
+            }
+        }
    }
 }

@@ -51,9 +65,7 @@ impl Imap {
                return Err(Error::IdleAbilityMissing);
            }

-            self.setup_handle_if_needed(context)
-                .await
-                .map_err(Error::SetupHandleError)?;
+            self.setup_handle_if_needed(context).await?;

            self.select_folder(context, watch_folder.clone()).await?;

@@ -64,9 +76,7 @@ impl Imap {
                    // BEWARE: If you change the Secure branch you
                    // typically also need to change the Insecure branch.
                    IdleHandle::Secure(mut handle) => {
-                        if let Err(err) = handle.init().await {
-                            return Err(Error::IdleProtocolFailed(err));
-                        }
+                        handle.init().await?;

                        let (idle_wait, interrupt) = handle.wait_with_timeout(timeout);
                        *self.interrupt.lock().await = Some(interrupt);
@@ -121,9 +131,7 @@ impl Imap {
                        }
                    }
                    IdleHandle::Insecure(mut handle) => {
-                        if let Err(err) = handle.init().await {
-                            return Err(Error::IdleProtocolFailed(err));
-                        }
+                        handle.init().await?;

                        let (idle_wait, interrupt) = handle.wait_with_timeout(timeout);
                        *self.interrupt.lock().await = Some(interrupt);
--- a/src/imap/mod.rs
+++ b/src/imap/mod.rs
@@ -22,7 +22,6 @@ use crate::dc_receive_imf::{
 };
 use crate::events::Event;
 use crate::headerdef::{HeaderDef, HeaderDefMap};
-use crate::imap_client::*;
 use crate::job::{job_add, Action};
 use crate::login_param::{CertificateChecks, LoginParam};
 use crate::message::{self, update_server_uid};
@@ -30,85 +29,58 @@ use crate::oauth2::dc_get_oauth2_access_token;
 use crate::param::Params;
 use crate::stock::StockMessage;

+mod client;
 mod idle;
 pub mod select_folder;
+mod session;

-const DC_IMAP_SEEN: usize = 0x0001;
+use client::Client;
+use session::Session;

 type Result<T> = std::result::Result<T, Error>;

-#[derive(Debug, Fail)]
+#[derive(Debug, thiserror::Error)]
 pub enum Error {
-    #[fail(display = "IMAP Connect without configured params")]
+    #[error("IMAP Connect without configured params")]
    ConnectWithoutConfigure,

-    #[fail(display = "IMAP Connection Failed params: {}", _0)]
+    #[error("IMAP Connection Failed params: {0}")]
    ConnectionFailed(String),

-    #[fail(display = "IMAP No Connection established")]
+    #[error("IMAP No Connection established")]
    NoConnection,

-    #[fail(display = "IMAP Could not get OAUTH token")]
+    #[error("IMAP Could not get OAUTH token")]
    OauthError,

-    #[fail(display = "IMAP Could not login as {}", _0)]
+    #[error("IMAP Could not login as {0}")]
    LoginFailed(String),

-    #[fail(display = "IMAP Could not fetch")]
-    FetchFailed(#[cause] async_imap::error::Error),
+    #[error("IMAP Could not fetch")]
+    FetchFailed(#[from] async_imap::error::Error),

-    #[fail(display = "IMAP operation attempted while it is torn down")]
+    #[error("IMAP operation attempted while it is torn down")]
    InTeardown,

-    #[fail(display = "IMAP operation attempted while it is torn down")]
-    SqlError(#[cause] crate::sql::Error),
+    #[error("IMAP operation attempted while it is torn down")]
+    SqlError(#[from] crate::sql::Error),

-    #[fail(display = "IMAP got error from elsewhere")]
-    WrappedError(#[cause] crate::error::Error),
+    #[error("IMAP got error from elsewhere")]
+    WrappedError(#[from] crate::error::Error),

-    #[fail(display = "IMAP select folder error")]
-    SelectFolderError(#[cause] select_folder::Error),
+    #[error("IMAP select folder error")]
+    SelectFolderError(#[from] select_folder::Error),

-    #[fail(display = "Mail parse error")]
-    MailParseError(#[cause] mailparse::MailParseError),
+    #[error("Mail parse error")]
+    MailParseError(#[from] mailparse::MailParseError),

-    #[fail(display = "No mailbox selected, folder: {:?}", _0)]
+    #[error("No mailbox selected, folder: {0}")]
    NoMailbox(String),

-    #[fail(display = "IMAP other error: {:?}", _0)]
+    #[error("IMAP other error: {0}")]
    Other(String),
 }

-impl From<crate::sql::Error> for Error {
-    fn from(err: crate::sql::Error) -> Error {
-        Error::SqlError(err)
-    }
-}
-
-impl From<crate::error::Error> for Error {
-    fn from(err: crate::error::Error) -> Error {
-        Error::WrappedError(err)
-    }
-}
-
-impl From<Error> for crate::error::Error {
-    fn from(err: Error) -> crate::error::Error {
-        crate::error::Error::Message(err.to_string())
-    }
-}
-
-impl From<select_folder::Error> for Error {
-    fn from(err: select_folder::Error) -> Error {
-        Error::SelectFolderError(err)
-    }
-}
-
-impl From<mailparse::MailParseError> for Error {
-    fn from(err: mailparse::MailParseError) -> Error {
-        Error::MailParseError(err)
-    }
-}
-
 #[derive(Debug, Display, Clone, Copy, PartialEq, Eq)]
 pub enum ImapActionResult {
    Failed,
@@ -182,7 +154,10 @@ struct ImapConfig {
    pub selected_mailbox: Option<Mailbox>,
    pub selected_folder_needs_expunge: bool,
    pub can_idle: bool,
-    pub imap_delimiter: char,
+
+    /// True if the server has MOVE capability as defined in
+    /// https://tools.ietf.org/html/rfc6851
+    pub can_move: bool,
 }

 impl Default for ImapConfig {
@@ -199,7 +174,7 @@ impl Default for ImapConfig {
            selected_mailbox: None,
            selected_folder_needs_expunge: false,
            can_idle: false,
-            imap_delimiter: '.',
+            can_move: false,
        }
    }
 }
@@ -352,6 +327,7 @@ impl Imap {
        cfg.imap_port = 0;

        cfg.can_idle = false;
+        cfg.can_move = false;
    }

    /// Connects to imap account using already-configured parameters.
@@ -412,6 +388,7 @@ impl Imap {
                        true
                    } else {
                        let can_idle = caps.has_str("IDLE");
+                        let can_move = caps.has_str("MOVE");
                        let caps_list = caps.iter().fold(String::new(), |s, c| {
                            if let Capability::Atom(x) = c {
                                s + &format!(" {}", x)
@@ -421,6 +398,7 @@ impl Imap {
                        });

                        self.config.write().await.can_idle = can_idle;
+                        self.config.write().await.can_move = can_move;
                        *self.connected.lock().await = true;
                        emit_event!(
                            context,
@@ -588,7 +566,7 @@ impl Imap {

        let mut list = if let Some(ref mut session) = &mut *self.session.lock().await {
            // fetch messages with larger UID than the last one seen
-            // (`UID FETCH lastseenuid+1:*)`, see RFC 4549
+            // `(UID FETCH lastseenuid+1:*)`, see RFC 4549
            let set = format!("{}:*", last_seen_uid + 1);
            match session.uid_fetch(set, PREFETCH_FLAGS).await {
                Ok(list) => list,
@@ -745,32 +723,15 @@ impl Imap {
            return Err(Error::Other("Could not get IMAP session".to_string()));
        };

-        if msgs.is_empty() {
-            warn!(
-                context,
-                "Message #{} does not exist in folder \"{}\".",
-                server_uid,
-                folder.as_ref()
-            );
-        } else {
-            let msg = &msgs[0];
-
+        if let Some(msg) = msgs.first() {
            // XXX put flags into a set and pass them to dc_receive_imf
-            let is_deleted = msg.flags().any(|flag| match flag {
-                Flag::Deleted => true,
-                _ => false,
-            });
-            let is_seen = msg.flags().any(|flag| match flag {
-                Flag::Seen => true,
-                _ => false,
-            });
-
-            let flags = if is_seen { DC_IMAP_SEEN } else { 0 };
+            let is_deleted = msg.flags().any(|flag| flag == Flag::Deleted);
+            let is_seen = msg.flags().any(|flag| flag == Flag::Seen);

            if !is_deleted && msg.body().is_some() {
                let body = msg.body().unwrap_or_default();
                if let Err(err) =
-                    dc_receive_imf(context, &body, folder.as_ref(), server_uid, flags as u32)
+                    dc_receive_imf(context, &body, folder.as_ref(), server_uid, is_seen)
                {
                    warn!(
                        context,
@@ -781,18 +742,28 @@ impl Imap {
                    );
                }
            }
+        } else {
+            warn!(
+                context,
+                "Message #{} does not exist in folder \"{}\".",
+                server_uid,
+                folder.as_ref()
+            );
        }

        Ok(())
    }

+    pub fn can_move(&self) -> bool {
+        task::block_on(async move { self.config.read().await.can_move })
+    }
+
    pub fn mv(
        &self,
        context: &Context,
        folder: &str,
        uid: u32,
        dest_folder: &str,
-        dest_uid: &mut u32,
    ) -> ImapActionResult {
        task::block_on(async move {
            if folder == dest_folder {
@@ -809,72 +780,76 @@ impl Imap {
                return imapresult;
            }
            // we are connected, and the folder is selected
-
-            // XXX Rust-Imap provides no target uid on mv, so just set it to 0
-            *dest_uid = 0;
-
            let set = format!("{}", uid);
            let display_folder_id = format!("{}/{}", folder, uid);
-            if let Some(ref mut session) = &mut *self.session.lock().await {
-                match session.uid_mv(&set, &dest_folder).await {
-                    Ok(_) => {
-                        emit_event!(
-                            context,
-                            Event::ImapMessageMoved(format!(
-                                "IMAP Message {} moved to {}",
-                                display_folder_id, dest_folder
-                            ))
-                        );
-                        return ImapActionResult::Success;
-                    }
-                    Err(err) => {
-                        warn!(
-                            context,
-                            "Cannot move message, fallback to COPY/DELETE {}/{} to {}: {}",
-                            folder,
-                            uid,
-                            dest_folder,
-                            err
-                        );
-                    }
-                }
-            } else {
-                unreachable!();
-            };

-            if let Some(ref mut session) = &mut *self.session.lock().await {
-                match session.uid_copy(&set, &dest_folder).await {
-                    Ok(_) => {
-                        if !self.add_flag_finalized(context, uid, "\\Deleted").await {
-                            warn!(context, "Cannot mark {} as \"Deleted\" after copy.", uid);
+            if self.can_move() {
+                if let Some(ref mut session) = &mut *self.session.lock().await {
+                    match session.uid_mv(&set, &dest_folder).await {
+                        Ok(_) => {
                            emit_event!(
                                context,
                                Event::ImapMessageMoved(format!(
-                                    "IMAP Message {} copied to {} (delete FAILED)",
+                                    "IMAP Message {} moved to {}",
                                    display_folder_id, dest_folder
                                ))
                            );
-                            ImapActionResult::Failed
-                        } else {
-                            self.config.write().await.selected_folder_needs_expunge = true;
-                            emit_event!(
+                            return ImapActionResult::Success;
+                        }
+                        Err(err) => {
+                            warn!(
                                context,
-                                Event::ImapMessageMoved(format!(
-                                    "IMAP Message {} copied to {} (delete successfull)",
-                                    display_folder_id, dest_folder
-                                ))
+                                "Cannot move message, fallback to COPY/DELETE {}/{} to {}: {}",
+                                folder,
+                                uid,
+                                dest_folder,
+                                err
                            );
-                            ImapActionResult::Success
                        }
                    }
-                    Err(err) => {
-                        warn!(context, "Could not copy message: {}", err);
-                        ImapActionResult::Failed
-                    }
+                } else {
+                    unreachable!();
+                };
+            } else {
+                info!(
+                    context,
+                    "Server does not support MOVE, fallback to COPY/DELETE {}/{} to {}",
+                    folder,
+                    uid,
+                    dest_folder
+                );
+            }
+
+            if let Some(ref mut session) = &mut *self.session.lock().await {
+                if let Err(err) = session.uid_copy(&set, &dest_folder).await {
+                    warn!(context, "Could not copy message: {}", err);
+                    return ImapActionResult::Failed;
                }
            } else {
                unreachable!();
            }
+
+            if !self.add_flag_finalized(context, uid, "\\Deleted").await {
+                warn!(context, "Cannot mark {} as \"Deleted\" after copy.", uid);
+                emit_event!(
+                    context,
+                    Event::ImapMessageMoved(format!(
+                        "IMAP Message {} copied to {} (delete FAILED)",
+                        display_folder_id, dest_folder
+                    ))
+                );
+                ImapActionResult::Failed
+            } else {
+                self.config.write().await.selected_folder_needs_expunge = true;
+                emit_event!(
+                    context,
+                    Event::ImapMessageMoved(format!(
+                        "IMAP Message {} copied to {} (delete successfull)",
+                        display_folder_id, dest_folder
+                    ))
+                );
+                ImapActionResult::Success
+            }
        })
    }

@@ -979,16 +954,15 @@ impl Imap {
        })
    }

-    // only returns 0 on connection problems; we should try later again in this case *
    pub fn delete_msg(
        &self,
        context: &Context,
        message_id: &str,
        folder: &str,
-        uid: &mut u32,
+        uid: u32,
    ) -> ImapActionResult {
        task::block_on(async move {
-            if let Some(imapresult) = self.prepare_imap_operation_on_msg(context, folder, *uid) {
+            if let Some(imapresult) = self.prepare_imap_operation_on_msg(context, folder, uid) {
                return imapresult;
            }
            // we are connected, and the folder is selected
@@ -1010,7 +984,7 @@ impl Imap {
                                display_imap_id,
                                message_id,
                            );
-                            return ImapActionResult::Failed;
+                            return ImapActionResult::AlreadyDone;
                        };

                        let remote_message_id = get_fetch_headers(fetch)
@@ -1025,7 +999,7 @@ impl Imap {
                                remote_message_id,
                                message_id,
                            );
-                            *uid = 0;
+                            return ImapActionResult::Failed;
                        }
                    }
                    Err(err) => {
@@ -1033,18 +1007,18 @@ impl Imap {
                            context,
                            "Cannot delete {} on IMAP: {}", display_imap_id, err
                        );
-                        *uid = 0;
+                        return ImapActionResult::RetryLater;
                    }
                }
            }

            // mark the message for deletion
-            if !self.add_flag_finalized(context, *uid, "\\Deleted").await {
+            if !self.add_flag_finalized(context, uid, "\\Deleted").await {
                warn!(
                    context,
                    "Cannot mark message {} as \"Deleted\".", display_imap_id
                );
-                ImapActionResult::Failed
+                ImapActionResult::RetryLater
            } else {
                emit_event!(
                    context,
@@ -1063,12 +1037,14 @@ impl Imap {
        let folders_configured = context
            .sql
            .get_raw_config_int(context, "folders_configured");
-        if folders_configured.unwrap_or_default() >= 3 {
-            // the "3" here we increase if we have future updates to
-            // to folder configuration
+        if folders_configured.unwrap_or_default() >= DC_FOLDERS_CONFIGURED_VERSION {
            return Ok(());
        }

+        self.configure_folders(context, create_mvbox)
+    }
+
+    pub fn configure_folders(&self, context: &Context, create_mvbox: bool) -> Result<()> {
        task::block_on(async move {
            if !self.is_connected().await {
                return Err(Error::NoConnection);
@@ -1093,7 +1069,15 @@ impl Imap {
                        });
                info!(context, "sentbox folder is {:?}", sentbox_folder);

-                let delimiter = self.config.read().await.imap_delimiter;
+                let mut delimiter = ".";
+                if let Some(folder) = folders.first() {
+                    if let Some(d) = folder.delimiter() {
+                        if !d.is_empty() {
+                            delimiter = d;
+                        }
+                    }
+                }
+                info!(context, "Using \"{}\" as folder-delimiter.", delimiter);
                let fallback_folder = format!("INBOX{}DeltaChat", delimiter);

                let mut mvbox_folder = folders
@@ -1157,9 +1141,11 @@ impl Imap {
                        Some(sentbox_folder.name()),
                    )?;
                }
-                context
-                    .sql
-                    .set_raw_config_int(context, "folders_configured", 3)?;
+                context.sql.set_raw_config_int(
+                    context,
+                    "folders_configured",
+                    DC_FOLDERS_CONFIGURED_VERSION,
+                )?;
            }
            info!(context, "FINISHED configuring IMAP-folders.");
            Ok(())
@@ -1194,13 +1180,13 @@ impl Imap {
                return;
            }
            if let Err(err) = self.setup_handle_if_needed(context).await {
-                error!(context, "could not setup imap connection: {:?}", err);
+                error!(context, "could not setup imap connection: {}", err);
                return;
            }
            if let Err(err) = self.select_folder(context, Some(&folder)).await {
                error!(
                    context,
-                    "Could not select {} for expunging: {:?}", folder, err
+                    "Could not select {} for expunging: {}", folder, err
                );
                return;
            }
@@ -1220,9 +1206,21 @@ impl Imap {
                    emit_event!(context, Event::ImapFolderEmptied(folder.to_string()));
                }
                Err(err) => {
-                    error!(context, "expunge failed {}: {:?}", folder, err);
+                    error!(context, "expunge failed {}: {}", folder, err);
                }
            }
+
+            if let Err(err) = crate::sql::execute(
+                context,
+                &context.sql,
+                "UPDATE msgs SET server_folder='',server_uid=0 WHERE server_folder=?",
+                params![folder],
+            ) {
+                warn!(
+                    context,
+                    "Failed to reset server_uid and server_folder for deleted messages: {}", err
+                );
+            }
        });
    }
 }
@@ -1273,17 +1271,52 @@ fn precheck_imf(context: &Context, rfc724_mid: &str, server_folder: &str, server
        message::rfc724_mid_exists(context, &rfc724_mid)
    {
        if old_server_folder.is_empty() && old_server_uid == 0 {
-            info!(context, "[move] detected bbc-self {}", rfc724_mid,);
-            context.do_heuristics_moves(server_folder.as_ref(), msg_id);
-            job_add(
+            info!(
                context,
-                Action::MarkseenMsgOnImap,
-                msg_id.to_u32() as i32,
-                Params::new(),
-                0,
+                "[move] detected bcc-self {} as {}/{}", rfc724_mid, server_folder, server_uid
            );
+
+            let delete_server_after = context.get_config_delete_server_after();
+
+            if delete_server_after != Some(0) {
+                context.do_heuristics_moves(server_folder.as_ref(), msg_id);
+                job_add(
+                    context,
+                    Action::MarkseenMsgOnImap,
+                    msg_id.to_u32() as i32,
+                    Params::new(),
+                    0,
+                );
+            }
        } else if old_server_folder != server_folder {
-            info!(context, "[move] detected moved message {}", rfc724_mid,);
+            info!(
+                context,
+                "[move] detected message {} moved by other device from {}/{} to {}/{}",
+                rfc724_mid,
+                old_server_folder,
+                old_server_uid,
+                server_folder,
+                server_uid
+            );
+        } else if old_server_uid == 0 {
+            info!(
+                context,
+                "[move] detected message {} moved by us from {}/{} to {}/{}",
+                rfc724_mid,
+                old_server_folder,
+                old_server_uid,
+                server_folder,
+                server_uid
+            );
+        } else if old_server_uid != server_uid {
+            warn!(
+                context,
+                "UID for message {} in folder {} changed from {} to {}",
+                rfc724_mid,
+                server_folder,
+                old_server_uid,
+                server_uid
+            );
        }

        if old_server_folder != server_folder || old_server_uid != server_uid {
@@ -1295,17 +1328,6 @@ fn precheck_imf(context: &Context, rfc724_mid: &str, server_folder: &str, server
    }
 }

-fn parse_message_id(value: &str) -> crate::error::Result<String> {
-    let addrs = mailparse::addrparse(value)
-        .map_err(|err| format_err!("failed to parse message id {:?}", err))?;
-
-    if let Some(info) = addrs.extract_single_info() {
-        return Ok(info.addr);
-    }
-
-    bail!("could not parse message_id: {}", value);
-}
-
 fn get_fetch_headers(prefetch_msg: &Fetch) -> Result<Vec<mailparse::MailHeader>> {
    let header_bytes = match prefetch_msg.header() {
        Some(header_bytes) => header_bytes,
@@ -1316,30 +1338,27 @@ fn get_fetch_headers(prefetch_msg: &Fetch) -> Result<Vec<mailparse::MailHeader>>
 }

 fn prefetch_get_message_id(headers: &[mailparse::MailHeader]) -> Result<String> {
-    if let Some(message_id) = headers.get_header_value(HeaderDef::MessageId)? {
-        Ok(parse_message_id(&message_id)?)
+    if let Some(message_id) = headers.get_header_value(HeaderDef::MessageId) {
+        Ok(crate::mimeparser::parse_message_id(&message_id)?)
    } else {
        Err(Error::Other("prefetch: No message ID found".to_string()))
    }
 }

-fn prefetch_is_reply_to_chat_message(
-    context: &Context,
-    headers: &[mailparse::MailHeader],
-) -> Result<bool> {
-    if let Some(value) = headers.get_header_value(HeaderDef::InReplyTo)? {
+fn prefetch_is_reply_to_chat_message(context: &Context, headers: &[mailparse::MailHeader]) -> bool {
+    if let Some(value) = headers.get_header_value(HeaderDef::InReplyTo) {
        if is_msgrmsg_rfc724_mid_in_list(context, &value) {
-            return Ok(true);
+            return true;
        }
    }

-    if let Some(value) = headers.get_header_value(HeaderDef::References)? {
+    if let Some(value) = headers.get_header_value(HeaderDef::References) {
        if is_msgrmsg_rfc724_mid_in_list(context, &value) {
-            return Ok(true);
+            return true;
        }
    }

-    Ok(false)
+    false
 }

 fn prefetch_should_download(
@@ -1347,19 +1366,23 @@ fn prefetch_should_download(
    headers: &[mailparse::MailHeader],
    show_emails: ShowEmails,
 ) -> Result<bool> {
-    let is_chat_message = headers.get_header_value(HeaderDef::ChatVersion)?.is_some();
-    let is_reply_to_chat_message = prefetch_is_reply_to_chat_message(context, &headers)?;
+    let is_chat_message = headers.get_header_value(HeaderDef::ChatVersion).is_some();
+    let is_reply_to_chat_message = prefetch_is_reply_to_chat_message(context, &headers);

    // Autocrypt Setup Message should be shown even if it is from non-chat client.
    let is_autocrypt_setup_message = headers
-        .get_header_value(HeaderDef::AutocryptSetupMessage)?
+        .get_header_value(HeaderDef::AutocryptSetupMessage)
        .is_some();

    let from_field = headers
-        .get_header_value(HeaderDef::From_)?
+        .get_header_value(HeaderDef::From_)
        .unwrap_or_default();

-    let (_contact_id, blocked_contact, origin) = from_field_to_contact_id(context, &from_field)?;
+    let (_contact_id, blocked_contact, origin) = from_field_to_contact_id(
+        context,
+        &from_field,
+        headers.get_header_value(HeaderDef::ListId).as_ref(),
+    )?;
    let accepted_contact = origin.is_known();

    let show = is_autocrypt_setup_message
@@ -1373,20 +1396,3 @@ fn prefetch_should_download(
    let show = show && !blocked_contact;
    Ok(show)
 }
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-
-    #[test]
-    fn test_parse_message_id() {
-        assert_eq!(
-            parse_message_id("Mr.PRUe8HJBoaO.3whNvLCMFU0@testrun.org").unwrap(),
-            "Mr.PRUe8HJBoaO.3whNvLCMFU0@testrun.org"
-        );
-        assert_eq!(
-            parse_message_id("<Mr.PRUe8HJBoaO.3whNvLCMFU0@testrun.org>").unwrap(),
-            "Mr.PRUe8HJBoaO.3whNvLCMFU0@testrun.org"
-        );
-    }
-}
--- a/src/imap/select_folder.rs
+++ b/src/imap/select_folder.rs
@@ -4,21 +4,21 @@ use crate::context::Context;

 type Result<T> = std::result::Result<T, Error>;

-#[derive(Debug, Fail)]
+#[derive(Debug, thiserror::Error)]
 pub enum Error {
-    #[fail(display = "IMAP Could not obtain imap-session object.")]
+    #[error("IMAP Could not obtain imap-session object.")]
    NoSession,

-    #[fail(display = "IMAP Connection Lost or no connection established")]
+    #[error("IMAP Connection Lost or no connection established")]
    ConnectionLost,

-    #[fail(display = "IMAP Folder name invalid: {:?}", _0)]
+    #[error("IMAP Folder name invalid: {0}")]
    BadFolderName(String),

-    #[fail(display = "IMAP close/expunge failed: {}", _0)]
-    CloseExpungeFailed(#[cause] async_imap::error::Error),
+    #[error("IMAP close/expunge failed")]
+    CloseExpungeFailed(#[from] async_imap::error::Error),

-    #[fail(display = "IMAP other error: {:?}", _0)]
+    #[error("IMAP other error: {0}")]
    Other(String),
 }

--- a/src/imap/session.rs
+++ b/src/imap/session.rs
@@ -1,122 +1,18 @@
 use async_imap::{
-    error::{Error as ImapError, Result as ImapResult},
-    extensions::idle::Handle as ImapIdleHandle,
+    error::Result as ImapResult,
    types::{Capabilities, Fetch, Mailbox, Name},
-    Client as ImapClient, Session as ImapSession,
+    Session as ImapSession,
 };
 use async_native_tls::TlsStream;
-use async_std::net::{self, TcpStream};
+use async_std::net::TcpStream;
 use async_std::prelude::*;

-use crate::login_param::{dc_build_tls, CertificateChecks};
-
-#[derive(Debug)]
-pub(crate) enum Client {
-    Secure(ImapClient<TlsStream<TcpStream>>),
-    Insecure(ImapClient<TcpStream>),
-}
-
 #[derive(Debug)]
 pub(crate) enum Session {
    Secure(ImapSession<TlsStream<TcpStream>>),
    Insecure(ImapSession<TcpStream>),
 }

-#[derive(Debug)]
-pub(crate) enum IdleHandle {
-    Secure(ImapIdleHandle<TlsStream<TcpStream>>),
-    Insecure(ImapIdleHandle<TcpStream>),
-}
-
-impl Client {
-    pub async fn connect_secure<A: net::ToSocketAddrs, S: AsRef<str>>(
-        addr: A,
-        domain: S,
-        certificate_checks: CertificateChecks,
-    ) -> ImapResult<Self> {
-        let stream = TcpStream::connect(addr).await?;
-        let tls = dc_build_tls(certificate_checks);
-        let tls_stream = tls.connect(domain.as_ref(), stream).await?;
-        let mut client = ImapClient::new(tls_stream);
-        if std::env::var(crate::DCC_IMAP_DEBUG).is_ok() {
-            client.debug = true;
-        }
-
-        let _greeting = client
-            .read_response()
-            .await
-            .ok_or_else(|| ImapError::Bad("failed to read greeting".to_string()))?;
-
-        Ok(Client::Secure(client))
-    }
-
-    pub async fn connect_insecure<A: net::ToSocketAddrs>(addr: A) -> ImapResult<Self> {
-        let stream = TcpStream::connect(addr).await?;
-
-        let mut client = ImapClient::new(stream);
-        if std::env::var(crate::DCC_IMAP_DEBUG).is_ok() {
-            client.debug = true;
-        }
-        let _greeting = client
-            .read_response()
-            .await
-            .ok_or_else(|| ImapError::Bad("failed to read greeting".to_string()))?;
-
-        Ok(Client::Insecure(client))
-    }
-
-    pub async fn secure<S: AsRef<str>>(
-        self,
-        domain: S,
-        certificate_checks: CertificateChecks,
-    ) -> ImapResult<Client> {
-        match self {
-            Client::Insecure(client) => {
-                let tls = dc_build_tls(certificate_checks);
-                let client_sec = client.secure(domain, tls).await?;
-
-                Ok(Client::Secure(client_sec))
-            }
-            // Nothing to do
-            Client::Secure(_) => Ok(self),
-        }
-    }
-
-    pub async fn authenticate<A: async_imap::Authenticator, S: AsRef<str>>(
-        self,
-        auth_type: S,
-        authenticator: &A,
-    ) -> Result<Session, (ImapError, Client)> {
-        match self {
-            Client::Secure(i) => match i.authenticate(auth_type, authenticator).await {
-                Ok(session) => Ok(Session::Secure(session)),
-                Err((err, c)) => Err((err, Client::Secure(c))),
-            },
-            Client::Insecure(i) => match i.authenticate(auth_type, authenticator).await {
-                Ok(session) => Ok(Session::Insecure(session)),
-                Err((err, c)) => Err((err, Client::Insecure(c))),
-            },
-        }
-    }
-
-    pub async fn login<U: AsRef<str>, P: AsRef<str>>(
-        self,
-        username: U,
-        password: P,
-    ) -> Result<Session, (ImapError, Client)> {
-        match self {
-            Client::Secure(i) => match i.login(username, password).await {
-                Ok(session) => Ok(Session::Secure(session)),
-                Err((err, c)) => Err((err, Client::Secure(c))),
-            },
-            Client::Insecure(i) => match i.login(username, password).await {
-                Ok(session) => Ok(Session::Insecure(session)),
-                Err((err, c)) => Err((err, Client::Insecure(c))),
-            },
-        }
-    }
-}
-
 impl Session {
    pub async fn capabilities(&mut self) -> ImapResult<Capabilities> {
        let res = match self {
@@ -227,19 +123,6 @@ impl Session {
        Ok(res)
    }

-    pub fn idle(self) -> IdleHandle {
-        match self {
-            Session::Secure(i) => {
-                let h = i.idle();
-                IdleHandle::Secure(h)
-            }
-            Session::Insecure(i) => {
-                let h = i.idle();
-                IdleHandle::Insecure(h)
-            }
-        }
-    }
-
    pub async fn uid_store<S1, S2>(&mut self, uid_set: S1, query: S2) -> ImapResult<Vec<Fetch>>
    where
        S1: AsRef<str>,
--- a/src/imex.rs
+++ b/src/imex.rs
@@ -10,7 +10,6 @@ use crate::blob::BlobObject;
 use crate::chat;
 use crate::chat::delete_and_reset_all_device_msgs;
 use crate::config::Config;
-use crate::configure::*;
 use crate::constants::*;
 use crate::context::Context;
 use crate::dc_tools::*;
@@ -414,7 +413,7 @@ fn import_backup(context: &Context, backup_to_import: impl AsRef<Path>) -> Resul
    );

    ensure!(
-        !dc_is_configured(context),
+        !context.is_configured(),
        "Cannot import backups to accounts in use."
    );
    context.sql.close(&context);
@@ -757,7 +756,6 @@ mod tests {
        assert!(msg.contains("-----BEGIN PGP MESSAGE-----\r\n"));
        assert!(msg.contains("Passphrase-Format: numeric9x4\r\n"));
        assert!(msg.contains("Passphrase-Begin: he\n"));
-        assert!(msg.contains("==\n"));
        assert!(msg.contains("-----END PGP MESSAGE-----\n"));
    }

--- a/src/job.rs
+++ b/src/job.rs
@@ -9,6 +9,9 @@ use deltachat_derive::{FromSql, ToSql};
 use itertools::Itertools;
 use rand::{thread_rng, Rng};

+use async_smtp::smtp::response::Category;
+use async_smtp::smtp::response::Code;
+use async_smtp::smtp::response::Detail;
 use async_std::task;

 use crate::blob::BlobObject;
@@ -19,7 +22,7 @@ use crate::constants::*;
 use crate::contact::Contact;
 use crate::context::{Context, PerformJobsNeeded};
 use crate::dc_tools::*;
-use crate::error::{Error, Result};
+use crate::error::{bail, ensure, format_err, Error, Result};
 use crate::events::Event;
 use crate::imap::*;
 use crate::imex::*;
@@ -80,10 +83,14 @@ pub enum Action {
    // Jobs in the INBOX-thread, range from DC_IMAP_THREAD..DC_IMAP_THREAD+999
    Housekeeping = 105, // low priority ...
    EmptyServer = 107,
-    DeleteMsgOnImap = 110,
-    MarkseenMdnOnImap = 120,
+    OldDeleteMsgOnImap = 110,
    MarkseenMsgOnImap = 130,
+
+    // Moving message is prioritized lower than deletion so we don't
+    // bother moving message if it is already scheduled for deletion.
    MoveMsg = 200,
+
+    DeleteMsgOnImap = 210,
    ConfigureImap = 900,
    ImexImap = 910, // ... high priority

@@ -108,9 +115,9 @@ impl From<Action> for Thread {
            Unknown => Thread::Unknown,

            Housekeeping => Thread::Imap,
+            OldDeleteMsgOnImap => Thread::Imap,
            DeleteMsgOnImap => Thread::Imap,
            EmptyServer => Thread::Imap,
-            MarkseenMdnOnImap => Thread::Imap,
            MarkseenMsgOnImap => Thread::Imap,
            MoveMsg => Thread::Imap,
            ConfigureImap => Thread::Imap,
@@ -193,15 +200,66 @@ impl Job {
            Err(crate::smtp::send::Error::SendError(err)) => {
                // Remote error, retry later.
                warn!(context, "SMTP failed to send: {}", err);
-                smtp.disconnect();
                self.pending_error = Some(err.to_string());
-                Status::RetryLater
+
+                let res = match err {
+                    async_smtp::smtp::error::Error::Permanent(ref response) => {
+                        match response.code {
+                            // Sometimes servers send a permanent error when actually it is a temporary error
+                            // For documentation see https://tools.ietf.org/html/rfc3463
+
+                            // Code 5.5.0, see https://support.delta.chat/t/every-other-message-gets-stuck/877/2
+                            Code {
+                                category: Category::MailSystem,
+                                detail: Detail::Zero,
+                                ..
+                            } => Status::RetryLater,
+
+                            _ => {
+                                // If we do not retry, add an info message to the chat
+                                // Error 5.7.1 should definitely go here: Yandex sends 5.7.1 with a link when it thinks that the email is SPAM.
+                                match Message::load_from_db(context, MsgId::new(self.foreign_id)) {
+                                    Ok(message) => chat::add_info_msg(
+                                        context,
+                                        message.chat_id,
+                                        err.to_string(),
+                                    ),
+                                    Err(e) => warn!(
+                                        context,
+                                        "couldn't load chat_id to inform user about SMTP error: {}",
+                                        e
+                                    ),
+                                };
+
+                                Status::Finished(Err(format_err!("Permanent SMTP error: {}", err)))
+                            }
+                        }
+                    }
+                    async_smtp::smtp::error::Error::Transient(_) => {
+                        // We got a transient 4xx response from SMTP server.
+                        // Give some time until the server-side error maybe goes away.
+                        Status::RetryLater
+                    }
+                    _ => {
+                        if smtp.has_maybe_stale_connection() {
+                            info!(context, "stale connection? immediately reconnecting");
+                            Status::RetryNow
+                        } else {
+                            Status::RetryLater
+                        }
+                    }
+                };
+
+                // this clears last_success info
+                smtp.disconnect();
+
+                res
            }
            Err(crate::smtp::send::Error::EnvelopeError(err)) => {
                // Local error, job is invalid, do not retry.
                smtp.disconnect();
                warn!(context, "SMTP job is invalid: {}", err);
-                Status::Finished(Err(Error::SmtpError(err)))
+                Status::Finished(Err(err.into()))
            }
            Err(crate::smtp::send::Error::NoTransport) => {
                // Should never happen.
@@ -391,18 +449,12 @@ impl Job {

        if let Some(dest_folder) = dest_folder {
            let server_folder = msg.server_folder.as_ref().unwrap();
-            let mut dest_uid = 0;

-            match imap_inbox.mv(
-                context,
-                server_folder,
-                msg.server_uid,
-                &dest_folder,
-                &mut dest_uid,
-            ) {
+            match imap_inbox.mv(context, server_folder, msg.server_uid, &dest_folder) {
                ImapActionResult::RetryLater => Status::RetryLater,
                ImapActionResult::Success => {
-                    message::update_server_uid(context, &msg.rfc724_mid, &dest_folder, dest_uid);
+                    // XXX Rust-Imap provides no target uid on mv, so just set it to 0
+                    message::update_server_uid(context, &msg.rfc724_mid, &dest_folder, 0);
                    Status::Finished(Ok(()))
                }
                ImapActionResult::Failed => {
@@ -415,14 +467,29 @@ impl Job {
        }
    }

+    /// Deletes a message on the server.
+    ///
+    /// foreign_id is a MsgId pointing to a message in the trash chat
+    /// or a hidden message.
+    ///
+    /// This job removes the database record. If there are no more
+    /// records pointing to the same message on the server, the job
+    /// also removes the message on the server.
    #[allow(non_snake_case)]
    fn DeleteMsgOnImap(&mut self, context: &Context) -> Status {
        let imap_inbox = &context.inbox_thread.read().unwrap().imap;

-        let mut msg = job_try!(Message::load_from_db(context, MsgId::new(self.foreign_id)));
+        let msg = job_try!(Message::load_from_db(context, MsgId::new(self.foreign_id)));

        if !msg.rfc724_mid.is_empty() {
-            if message::rfc724_mid_cnt(context, &msg.rfc724_mid) > 1 {
+            let cnt = message::rfc724_mid_cnt(context, &msg.rfc724_mid);
+            info!(
+                context,
+                "Running delete job for message {} which has {} entries in the database",
+                &msg.rfc724_mid,
+                cnt
+            );
+            if cnt > 1 {
                info!(
                    context,
                    "The message is deleted from the server when all parts are deleted.",
@@ -432,13 +499,47 @@ impl Job {
                we delete the message from the server */
                let mid = msg.rfc724_mid;
                let server_folder = msg.server_folder.as_ref().unwrap();
-                let res = imap_inbox.delete_msg(context, &mid, server_folder, &mut msg.server_uid);
-                if res == ImapActionResult::RetryLater {
-                    // XXX RetryLater is converted to RetryNow here
-                    return Status::RetryNow;
+                let res = if msg.server_uid == 0 {
+                    // Message is already deleted on IMAP server.
+                    ImapActionResult::AlreadyDone
+                } else {
+                    imap_inbox.delete_msg(context, &mid, server_folder, msg.server_uid)
+                };
+                match res {
+                    ImapActionResult::AlreadyDone | ImapActionResult::Success => {}
+                    ImapActionResult::RetryLater | ImapActionResult::Failed => {
+                        // If job has failed, for example due to some
+                        // IMAP bug, we postpone it instead of failing
+                        // immediately. This will prevent adding it
+                        // immediately again if user has enabled
+                        // automatic message deletion. Without this,
+                        // we might waste a lot of traffic constantly
+                        // retrying message deletion.
+                        return Status::RetryLater;
+                    }
                }
            }
-            Message::delete_from_db(context, msg.id);
+            if msg.chat_id.is_trash() || msg.hidden {
+                // Messages are stored in trash chat only to keep
+                // their server UID and Message-ID. Once message is
+                // deleted from the server, database record can be
+                // removed as well.
+                //
+                // Hidden messages are similar to trashed, but are
+                // related to some chat. We also delete their
+                // database records.
+                job_try!(msg.id.delete_from_db(context))
+            } else {
+                // Remove server UID from the database record.
+                //
+                // We have either just removed the message from the
+                // server, in which case UID is not valid anymore, or
+                // we have more refernces to the same server UID, so
+                // we remove UID to reduce the number of messages
+                // pointing to the corresponding UID. Once the counter
+                // reaches zero, we will remove the message.
+                job_try!(msg.id.unlink(context));
+            }
            Status::Finished(Ok(()))
        } else {
            /* eg. device messages have no Message-ID */
@@ -490,43 +591,6 @@ impl Job {
            }
        }
    }
-
-    #[allow(non_snake_case)]
-    fn MarkseenMdnOnImap(&mut self, context: &Context) -> Status {
-        let folder = self
-            .param
-            .get(Param::ServerFolder)
-            .unwrap_or_default()
-            .to_string();
-        let uid = self.param.get_int(Param::ServerUid).unwrap_or_default() as u32;
-        let imap_inbox = &context.inbox_thread.read().unwrap().imap;
-        if imap_inbox.set_seen(context, &folder, uid) == ImapActionResult::RetryLater {
-            return Status::RetryLater;
-        }
-        if self.param.get_bool(Param::AlsoMove).unwrap_or_default() {
-            if let Err(err) = imap_inbox.ensure_configured_folders(context, true) {
-                warn!(context, "configuring folders failed: {:?}", err);
-                return Status::RetryLater;
-            }
-            let dest_folder = context
-                .sql
-                .get_raw_config(context, "configured_mvbox_folder");
-            if let Some(dest_folder) = dest_folder {
-                let mut dest_uid = 0;
-                if ImapActionResult::RetryLater
-                    == imap_inbox.mv(context, &folder, uid, &dest_folder, &mut dest_uid)
-                {
-                    Status::RetryLater
-                } else {
-                    Status::Finished(Ok(()))
-                }
-            } else {
-                Status::Finished(Err(format_err!("MVBOX is not configured")))
-            }
-        } else {
-            Status::Finished(Ok(()))
-        }
-    }
 }

 /* delete all pending jobs with the given action */
@@ -799,7 +863,11 @@ pub fn job_send_msg(context: &Context, msg_id: MsgId) -> Result<()> {
        .get_config(Config::ConfiguredAddr)
        .unwrap_or_default();
    let lowercase_from = from.to_lowercase();
+
+    // Send BCC to self if it is enabled and we are not going to
+    // delete it immediately.
    if context.get_config_bool(Config::BccSelf)
+        && context.get_config_delete_server_after() != Some(0)
        && !recipients
            .iter()
            .any(|x| x.to_lowercase() == lowercase_from)
@@ -875,6 +943,41 @@ pub fn job_send_msg(context: &Context, msg_id: MsgId) -> Result<()> {
    Ok(())
 }

+fn add_imap_deletion_jobs(context: &Context) -> sql::Result<()> {
+    if let Some(delete_server_after) = context.get_config_delete_server_after() {
+        let threshold_timestamp = time() - delete_server_after;
+
+        // Select all expired messages which don't have a
+        // corresponding message deletion job yet.
+        let msg_ids = context.sql.query_map(
+            "SELECT id FROM msgs \
+             WHERE timestamp < ? \
+             AND server_uid != 0 \
+             AND NOT EXISTS (SELECT 1 FROM jobs WHERE foreign_id = msgs.id \
+             AND action = ?)",
+            params![threshold_timestamp, Action::DeleteMsgOnImap],
+            |row| row.get::<_, MsgId>(0),
+            |ids| {
+                ids.collect::<std::result::Result<Vec<_>, _>>()
+                    .map_err(Into::into)
+            },
+        )?;
+
+        // Schedule IMAP deletion for expired messages.
+        for msg_id in msg_ids {
+            job_add(
+                context,
+                Action::DeleteMsgOnImap,
+                msg_id.to_u32() as i32,
+                Params::new(),
+                0,
+            )
+        }
+    }
+
+    Ok(())
+}
+
 pub fn perform_inbox_jobs(context: &Context) {
    info!(context, "dc_perform_inbox_jobs starting.",);

@@ -882,6 +985,9 @@ pub fn perform_inbox_jobs(context: &Context) {
    *context.probe_imap_network.write().unwrap() = false;
    *context.perform_inbox_jobs_needed.write().unwrap() = false;

+    if let Err(err) = add_imap_deletion_jobs(context) {
+        warn!(context, "Can't add IMAP message deletion jobs: {}", err);
+    }
    job_perform(context, Thread::Imap, probe_imap_network);
    info!(context, "dc_perform_inbox_jobs ended.",);
 }
@@ -919,52 +1025,10 @@ fn job_perform(context: &Context, thread: Thread, probe_network: bool) {
            suspend_smtp_thread(context, true);
        }

-        let try_res = (0..2)
-            .map(|tries| {
-                info!(
-                    context,
-                    "{} performs immediate try {} of job {}", thread, tries, job
-                );
-
-                let try_res = match job.action {
-                    Action::Unknown => Status::Finished(Err(format_err!("Unknown job id found"))),
-                    Action::SendMsgToSmtp => job.SendMsgToSmtp(context),
-                    Action::EmptyServer => job.EmptyServer(context),
-                    Action::DeleteMsgOnImap => job.DeleteMsgOnImap(context),
-                    Action::MarkseenMsgOnImap => job.MarkseenMsgOnImap(context),
-                    Action::MarkseenMdnOnImap => job.MarkseenMdnOnImap(context),
-                    Action::MoveMsg => job.MoveMsg(context),
-                    Action::SendMdn => job.SendMdn(context),
-                    Action::ConfigureImap => JobConfigureImap(context),
-                    Action::ImexImap => match JobImexImap(context, &job) {
-                        Ok(()) => Status::Finished(Ok(())),
-                        Err(err) => {
-                            error!(context, "{}", err);
-                            Status::Finished(Err(err))
-                        }
-                    },
-                    Action::MaybeSendLocations => location::JobMaybeSendLocations(context, &job),
-                    Action::MaybeSendLocationsEnded => {
-                        location::JobMaybeSendLocationsEnded(context, &mut job)
-                    }
-                    Action::Housekeeping => {
-                        sql::housekeeping(context);
-                        Status::Finished(Ok(()))
-                    }
-                };
-
-                info!(
-                    context,
-                    "{} finished immediate try {} of job {}", thread, tries, job
-                );
-
-                try_res
-            })
-            .find(|try_res| match try_res {
-                Status::RetryNow => false,
-                _ => true,
-            })
-            .unwrap_or(Status::RetryNow);
+        let try_res = match perform_job_action(context, &mut job, thread, 0) {
+            Status::RetryNow => perform_job_action(context, &mut job, thread, 1),
+            x => x,
+        };

        if Action::ConfigureImap == job.action || Action::ImexImap == job.action {
            context
@@ -1055,6 +1119,45 @@ fn job_perform(context: &Context, thread: Thread, probe_network: bool) {
    }
 }

+fn perform_job_action(context: &Context, mut job: &mut Job, thread: Thread, tries: u32) -> Status {
+    info!(
+        context,
+        "{} begin immediate try {} of job {}", thread, tries, job
+    );
+
+    let try_res = match job.action {
+        Action::Unknown => Status::Finished(Err(format_err!("Unknown job id found"))),
+        Action::SendMsgToSmtp => job.SendMsgToSmtp(context),
+        Action::EmptyServer => job.EmptyServer(context),
+        Action::OldDeleteMsgOnImap => job.DeleteMsgOnImap(context),
+        Action::DeleteMsgOnImap => job.DeleteMsgOnImap(context),
+        Action::MarkseenMsgOnImap => job.MarkseenMsgOnImap(context),
+        Action::MoveMsg => job.MoveMsg(context),
+        Action::SendMdn => job.SendMdn(context),
+        Action::ConfigureImap => JobConfigureImap(context),
+        Action::ImexImap => match JobImexImap(context, &job) {
+            Ok(()) => Status::Finished(Ok(())),
+            Err(err) => {
+                error!(context, "{}", err);
+                Status::Finished(Err(err))
+            }
+        },
+        Action::MaybeSendLocations => location::JobMaybeSendLocations(context, &job),
+        Action::MaybeSendLocationsEnded => location::JobMaybeSendLocationsEnded(context, &mut job),
+        Action::Housekeeping => {
+            sql::housekeeping(context);
+            Status::Finished(Ok(()))
+        }
+    };
+
+    info!(
+        context,
+        "{} finished immediate try {} of job {}", thread, tries, job
+    );
+
+    try_res
+}
+
 fn get_backoff_time_offset(tries: u32) -> i64 {
    let n = 2_i32.pow(tries - 1) * 60;
    let mut rng = thread_rng();
--- a/src/job_thread.rs
+++ b/src/job_thread.rs
@@ -1,7 +1,7 @@
 use std::sync::{Arc, Condvar, Mutex};

 use crate::context::Context;
-use crate::error::{Error, Result};
+use crate::error::{format_err, Result};
 use crate::imap::Imap;

 #[derive(Debug)]
@@ -99,25 +99,21 @@ impl JobThread {

    async fn connect_and_fetch(&mut self, context: &Context) -> Result<()> {
        let prefix = format!("{}-fetch", self.name);
-        match self.imap.connect_configured(context) {
-            Ok(()) => {
-                if let Some(watch_folder) = self.get_watch_folder(context) {
-                    let start = std::time::Instant::now();
-                    info!(context, "{} started...", prefix);
-                    let res = self
-                        .imap
-                        .fetch(context, &watch_folder)
-                        .await
-                        .map_err(Into::into);
-                    let elapsed = start.elapsed().as_millis();
-                    info!(context, "{} done in {:.3} ms.", prefix, elapsed);
+        self.imap.connect_configured(context)?;
+        if let Some(watch_folder) = self.get_watch_folder(context) {
+            let start = std::time::Instant::now();
+            info!(context, "{} started...", prefix);
+            let res = self
+                .imap
+                .fetch(context, &watch_folder)
+                .await
+                .map_err(Into::into);
+            let elapsed = start.elapsed().as_millis();
+            info!(context, "{} done in {:.3} ms.", prefix, elapsed);

-                    res
-                } else {
-                    Err(Error::WatchFolderNotFound("not-set".to_string()))
-                }
-            }
-            Err(err) => Err(crate::error::Error::Message(err.to_string())),
+            res
+        } else {
+            Err(format_err!("WatchFolder not found: not-set"))
        }
    }

--- a/src/key.rs
+++ b/src/key.rs
@@ -18,24 +18,12 @@ pub use crate::pgp::KeyPair;
 pub use pgp::composed::{SignedPublicKey, SignedSecretKey};

 /// Error type for deltachat key handling.
-#[derive(Fail, Debug)]
+#[derive(Debug, thiserror::Error)]
 pub enum Error {
-    #[fail(display = "Could not decode base64")]
-    Base64Decode(#[cause] base64::DecodeError, failure::Backtrace),
-    #[fail(display = "rPGP error: {}", _0)]
-    PgpError(#[cause] pgp::errors::Error, failure::Backtrace),
-}
-
-impl From<base64::DecodeError> for Error {
-    fn from(err: base64::DecodeError) -> Error {
-        Error::Base64Decode(err, failure::Backtrace::new())
-    }
-}
-
-impl From<pgp::errors::Error> for Error {
-    fn from(err: pgp::errors::Error) -> Error {
-        Error::PgpError(err, failure::Backtrace::new())
-    }
+    #[error("Could not decode base64")]
+    Base64Decode(#[from] base64::DecodeError),
+    #[error("rPGP error: {0}")]
+    PgpError(#[from] pgp::errors::Error),
 }

 pub type Result<T> = std::result::Result<T, Error>;
@@ -316,21 +304,19 @@ pub enum KeyPairUse {
 }

 /// Error saving a keypair to the database.
-#[derive(Fail, Debug)]
-#[fail(display = "SaveKeyError: {}", message)]
+#[derive(Debug, thiserror::Error)]
+#[error("SaveKeyError: {message}")]
 pub struct SaveKeyError {
    message: String,
-    #[cause]
-    cause: failure::Error,
-    backtrace: failure::Backtrace,
+    #[source]
+    cause: anyhow::Error,
 }

 impl SaveKeyError {
-    fn new(message: impl Into<String>, cause: impl Into<failure::Error>) -> Self {
+    fn new(message: impl Into<String>, cause: impl Into<anyhow::Error>) -> Self {
        Self {
            message: message.into(),
            cause: cause.into(),
-            backtrace: failure::Backtrace::new(),
        }
    }
 }
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -2,8 +2,6 @@
 #![deny(clippy::correctness, missing_debug_implementations, clippy::all)]
 #![allow(clippy::match_bool)]

-#[macro_use]
-extern crate failure_derive;
 #[macro_use]
 extern crate num_derive;
 #[macro_use]
@@ -27,23 +25,22 @@ pub(crate) mod events;
 pub use events::*;

 mod aheader;
-pub mod blob;
+mod blob;
 pub mod chat;
 pub mod chatlist;
 pub mod config;
-pub mod configure;
+mod configure;
 pub mod constants;
 pub mod contact;
 pub mod context;
 mod e2ee;
 mod imap;
-mod imap_client;
 pub mod imex;
 #[macro_use]
 pub mod job;
 mod job_thread;
 pub mod key;
-pub mod keyring;
+mod keyring;
 pub mod location;
 mod login_param;
 pub mod lot;
--- a/src/location.rs
+++ b/src/location.rs
@@ -1,7 +1,6 @@
 //! Location handling

 use bitflags::bitflags;
-use quick_xml;
 use quick_xml::events::{BytesEnd, BytesStart, BytesText};

 use crate::chat::{self, ChatId};
@@ -9,7 +8,7 @@ use crate::config::Config;
 use crate::constants::*;
 use crate::context::*;
 use crate::dc_tools::*;
-use crate::error::Error;
+use crate::error::{ensure, Error};
 use crate::events::Event;
 use crate::job::{self, job_action_exists, job_add, Job};
 use crate::message::{Message, MsgId};
@@ -64,11 +63,10 @@ impl Kml {
        Default::default()
    }

-    pub fn parse(context: &Context, content: &[u8]) -> Result<Self, Error> {
-        ensure!(content.len() <= 1024 * 1024, "kml-file is too large");
+    pub fn parse(context: &Context, to_parse: &[u8]) -> Result<Self, Error> {
+        ensure!(to_parse.len() <= 1024 * 1024, "kml-file is too large");

-        let to_parse = String::from_utf8_lossy(content);
-        let mut reader = quick_xml::Reader::from_str(&to_parse);
+        let mut reader = quick_xml::Reader::from_reader(to_parse);
        reader.trim_text(true);

        let mut kml = Kml::new();
@@ -124,9 +122,9 @@ impl Kml {
                }
            } else if self.tag.contains(KmlTag::COORDINATES) {
                let parts = val.splitn(2, ',').collect::<Vec<_>>();
-                if parts.len() == 2 {
-                    self.curr.longitude = parts[0].parse().unwrap_or_default();
-                    self.curr.latitude = parts[1].parse().unwrap_or_default();
+                if let [longitude, latitude] = &parts[..] {
+                    self.curr.longitude = longitude.parse().unwrap_or_default();
+                    self.curr.latitude = latitude.parse().unwrap_or_default();
                }
            }
        }
@@ -365,6 +363,7 @@ fn is_marker(txt: &str) -> bool {
    txt.len() == 1 && !txt.starts_with(' ')
 }

+/// Deletes all locations from the database.
 pub fn delete_all(context: &Context) -> Result<(), Error> {
    sql::execute(context, &context.sql, "DELETE FROM locations;", params![])?;
    context.call_cb(Event::LocationChanged(None));
@@ -548,7 +547,7 @@ pub fn save(
 }

 #[allow(non_snake_case)]
-pub fn JobMaybeSendLocations(context: &Context, _job: &Job) -> job::Status {
+pub(crate) fn JobMaybeSendLocations(context: &Context, _job: &Job) -> job::Status {
    let now = time();
    let mut continue_streaming = false;
    info!(
@@ -639,7 +638,7 @@ pub fn JobMaybeSendLocations(context: &Context, _job: &Job) -> job::Status {
 }

 #[allow(non_snake_case)]
-pub fn JobMaybeSendLocationsEnded(context: &Context, job: &mut Job) -> job::Status {
+pub(crate) fn JobMaybeSendLocationsEnded(context: &Context, job: &mut Job) -> job::Status {
    // this function is called when location-streaming _might_ have ended for a chat.
    // the function checks, if location-streaming is really ended;
    // if so, a device-message is added if not yet done.
--- a/src/lot.rs
+++ b/src/lot.rs
@@ -40,11 +40,11 @@ impl Lot {
    }

    pub fn get_text1(&self) -> Option<&str> {
-        self.text1.as_ref().map(|s| s.as_str())
+        self.text1.as_deref()
    }

    pub fn get_text2(&self) -> Option<&str> {
-        self.text2.as_ref().map(|s| s.as_str())
+        self.text2.as_deref()
    }

    pub fn get_text1_meaning(&self) -> Meaning {
--- a/src/message.rs
+++ b/src/message.rs
@@ -3,14 +3,15 @@
 use std::path::{Path, PathBuf};

 use deltachat_derive::{FromSql, ToSql};
-use failure::Fail;
+use lazy_static::lazy_static;
+use serde::{Deserialize, Serialize};

 use crate::chat::{self, Chat, ChatId};
 use crate::constants::*;
 use crate::contact::*;
 use crate::context::*;
 use crate::dc_tools::*;
-use crate::error::Error;
+use crate::error::{ensure, Error};
 use crate::events::Event;
 use crate::job::*;
 use crate::lot::{Lot, LotState, Meaning};
@@ -20,6 +21,10 @@ use crate::pgp::*;
 use crate::sql;
 use crate::stock::StockMessage;

+lazy_static! {
+    static ref UNWRAP_RE: regex::Regex = regex::Regex::new(r"\s+").unwrap();
+}
+
 // In practice, the user additionally cuts the string themselves
 // pixel-accurate.
 const SUMMARY_CHARACTERS: usize = 160;
@@ -29,7 +34,9 @@ const SUMMARY_CHARACTERS: usize = 160;
 /// Some message IDs are reserved to identify special message types.
 /// This type can represent both the special as well as normal
 /// messages.
-#[derive(Debug, Copy, Clone, Default, PartialEq, Eq)]
+#[derive(
+    Debug, Copy, Clone, Default, PartialEq, Eq, Hash, PartialOrd, Ord, Serialize, Deserialize,
+)]
 pub struct MsgId(u32);

 impl MsgId {
@@ -77,6 +84,55 @@ impl MsgId {
        self.0 == DC_MSG_ID_DAYMARKER
    }

+    /// Put message into trash chat and delete message text.
+    ///
+    /// It means the message is deleted locally, but not on the server
+    /// yet.
+    pub fn trash(self, context: &Context) -> crate::sql::Result<()> {
+        let chat_id = ChatId::new(DC_CHAT_ID_TRASH);
+        sql::execute(
+            context,
+            &context.sql,
+            "UPDATE msgs SET chat_id=?, txt='', txt_raw='' WHERE id=?",
+            params![chat_id, self],
+        )
+    }
+
+    /// Deletes a message and corresponding MDNs from the database.
+    pub fn delete_from_db(self, context: &Context) -> crate::sql::Result<()> {
+        // We don't use transactions yet, so remove MDNs first to make
+        // sure they are not left while the message is deleted.
+        sql::execute(
+            context,
+            &context.sql,
+            "DELETE FROM msgs_mdns WHERE msg_id=?;",
+            params![self],
+        )?;
+        sql::execute(
+            context,
+            &context.sql,
+            "DELETE FROM msgs WHERE id=?;",
+            params![self],
+        )?;
+        Ok(())
+    }
+
+    /// Removes IMAP server UID and folder from the database record.
+    ///
+    /// It is used to avoid trying to remove the message from the
+    /// server multiple times when there are multiple message records
+    /// pointing to the same server UID.
+    pub(crate) fn unlink(self, context: &Context) -> sql::Result<()> {
+        sql::execute(
+            context,
+            &context.sql,
+            "UPDATE msgs \
+             SET server_folder='', server_uid=0 \
+             WHERE id=?",
+            params![self],
+        )
+    }
+
    /// Bad evil escape hatch.
    ///
    /// Avoid using this, eventually types should be cleaned up enough
@@ -113,7 +169,7 @@ impl rusqlite::types::ToSql for MsgId {
    fn to_sql(&self) -> rusqlite::Result<rusqlite::types::ToSqlOutput> {
        if self.0 <= DC_MSG_ID_LAST_SPECIAL {
            return Err(rusqlite::Error::ToSqlConversionFailure(Box::new(
-                InvalidMsgId.compat(),
+                InvalidMsgId,
            )));
        }
        let val = rusqlite::types::Value::Integer(self.0 as i64);
@@ -141,13 +197,24 @@ impl rusqlite::types::FromSql for MsgId {
 /// This usually occurs when trying to use a message ID of
 /// [DC_MSG_ID_LAST_SPECIAL] or below in a situation where this is not
 /// possible.
-#[derive(Debug, Fail)]
-#[fail(display = "Invalid Message ID.")]
+#[derive(Debug, thiserror::Error)]
+#[error("Invalid Message ID.")]
 pub struct InvalidMsgId;

-#[derive(Debug, Copy, Clone, PartialEq, FromPrimitive, ToPrimitive, FromSql, ToSql)]
+#[derive(
+    Debug,
+    Copy,
+    Clone,
+    PartialEq,
+    FromPrimitive,
+    ToPrimitive,
+    FromSql,
+    ToSql,
+    Serialize,
+    Deserialize,
+)]
 #[repr(u8)]
-pub enum MessengerMessage {
+pub(crate) enum MessengerMessage {
    No = 0,
    Yes = 1,

@@ -168,7 +235,7 @@ impl Default for MessengerMessage {
 /// to check if a mail was sent, use dc_msg_is_sent()
 /// approx. max. length returned by dc_msg_get_text()
 /// approx. max. length returned by dc_get_msg_info()
-#[derive(Debug, Clone, Default)]
+#[derive(Debug, Clone, Default, Serialize, Deserialize)]
 pub struct Message {
    pub(crate) id: MsgId,
    pub(crate) from_id: u32,
@@ -286,25 +353,6 @@ impl Message {
            .map_err(Into::into)
    }

-    pub fn delete_from_db(context: &Context, msg_id: MsgId) {
-        if let Ok(msg) = Message::load_from_db(context, msg_id) {
-            sql::execute(
-                context,
-                &context.sql,
-                "DELETE FROM msgs WHERE id=?;",
-                params![msg.id],
-            )
-            .ok();
-            sql::execute(
-                context,
-                &context.sql,
-                "DELETE FROM msgs_mdns WHERE msg_id=?;",
-                params![msg.id],
-            )
-            .ok();
-        }
-    }
-
    pub fn get_filemime(&self) -> Option<String> {
        if let Some(m) = self.param.get(Param::MimeType) {
            return Some(m.to_string());
@@ -424,7 +472,7 @@ impl Message {
    pub fn get_text(&self) -> Option<String> {
        self.text
            .as_ref()
-            .map(|text| dc_truncate(text, 30000, false).to_string())
+            .map(|text| dc_truncate(text, 30000).to_string())
    }

    pub fn get_filename(&self) -> Option<String> {
@@ -607,7 +655,19 @@ impl Message {
    }
 }

-#[derive(Debug, Clone, Copy, PartialEq, Eq, FromPrimitive, ToPrimitive, ToSql, FromSql)]
+#[derive(
+    Debug,
+    Clone,
+    Copy,
+    PartialEq,
+    Eq,
+    FromPrimitive,
+    ToPrimitive,
+    ToSql,
+    FromSql,
+    Serialize,
+    Deserialize,
+)]
 #[repr(i32)]
 pub enum MessageState {
    Undefined = 0,
@@ -783,7 +843,7 @@ pub fn get_msg_info(context: &Context, msg_id: MsgId) -> String {
        return ret;
    }
    let rawtxt = rawtxt.unwrap_or_default();
-    let rawtxt = dc_truncate(rawtxt.trim(), 100_000, false);
+    let rawtxt = dc_truncate(rawtxt.trim(), 100_000);

    let fts = dc_timestamp_to_str(msg.get_timestamp());
    ret += &format!("Sent: {}", fts);
@@ -920,13 +980,15 @@ pub fn get_mime_headers(context: &Context, msg_id: MsgId) -> Option<String> {
 }

 pub fn delete_msgs(context: &Context, msg_ids: &[MsgId]) {
-    for msg_id in msg_ids.iter() {
+    for msg_id in msg_ids {
        if let Ok(msg) = Message::load_from_db(context, *msg_id) {
            if msg.location_id > 0 {
                delete_poi_location(context, msg.location_id);
            }
        }
-        update_msg_chat_id(context, *msg_id, ChatId::new(DC_CHAT_ID_TRASH));
+        if let Err(err) = msg_id.trash(context) {
+            error!(context, "Unable to trash message {}: {}", msg_id, err);
+        }
        job_add(
            context,
            Action::DeleteMsgOnImap,
@@ -946,16 +1008,6 @@ pub fn delete_msgs(context: &Context, msg_ids: &[MsgId]) {
    };
 }

-fn update_msg_chat_id(context: &Context, msg_id: MsgId, chat_id: ChatId) -> bool {
-    sql::execute(
-        context,
-        &context.sql,
-        "UPDATE msgs SET chat_id=? WHERE id=?;",
-        params![chat_id, msg_id],
-    )
-    .is_ok()
-}
-
 fn delete_poi_location(context: &Context, location_id: u32) -> bool {
    sql::execute(
        context,
@@ -1115,18 +1167,20 @@ pub fn get_summarytext_by_raw(
        return prefix;
    }

-    if let Some(text) = text {
+    let summary = if let Some(text) = text {
        if text.as_ref().is_empty() {
            prefix
        } else if prefix.is_empty() {
-            dc_truncate(text.as_ref(), approx_characters, true).to_string()
+            dc_truncate(text.as_ref(), approx_characters).to_string()
        } else {
            let tmp = format!("{} – {}", prefix, text.as_ref());
-            dc_truncate(&tmp, approx_characters, true).to_string()
+            dc_truncate(&tmp, approx_characters).to_string()
        }
    } else {
        prefix
-    }
+    };
+
+    UNWRAP_RE.replace_all(&summary, " ").to_string()
 }

 // as we do not cut inside words, this results in about 32-42 characters.
@@ -1314,10 +1368,55 @@ pub fn get_deaddrop_msg_cnt(context: &Context) -> usize {
    }
 }

+pub fn estimate_deletion_cnt(
+    context: &Context,
+    from_server: bool,
+    seconds: i64,
+) -> Result<usize, Error> {
+    let self_chat_id = chat::lookup_by_contact_id(context, DC_CONTACT_ID_SELF)
+        .unwrap_or_default()
+        .0;
+    let threshold_timestamp = time() - seconds;
+
+    let cnt: isize = if from_server {
+        context.sql.query_row(
+            "SELECT COUNT(*)
+             FROM msgs m
+             WHERE m.id > ?
+               AND timestamp < ?
+               AND chat_id != ?
+               AND server_uid != 0;",
+            params![DC_MSG_ID_LAST_SPECIAL, threshold_timestamp, self_chat_id],
+            |row| row.get(0),
+        )?
+    } else {
+        context.sql.query_row(
+            "SELECT COUNT(*)
+             FROM msgs m
+             WHERE m.id > ?
+               AND timestamp < ?
+               AND chat_id != ?
+               AND chat_id != ? AND hidden = 0;",
+            params![
+                DC_MSG_ID_LAST_SPECIAL,
+                threshold_timestamp,
+                self_chat_id,
+                ChatId::new(DC_CHAT_ID_TRASH)
+            ],
+            |row| row.get(0),
+        )?
+    };
+    Ok(cnt as usize)
+}
+
+/// Counts number of database records pointing to specified
+/// Message-ID.
+///
+/// Unlinked messages are excluded.
 pub fn rfc724_mid_cnt(context: &Context, rfc724_mid: &str) -> i32 {
    // check the number of messages with the same rfc724_mid
    match context.sql.query_row(
-        "SELECT COUNT(*) FROM msgs WHERE rfc724_mid=?;",
+        "SELECT COUNT(*) FROM msgs WHERE rfc724_mid=? AND NOT server_uid = 0",
        &[rfc724_mid],
        |row| row.get(0),
    ) {
@@ -1358,7 +1457,8 @@ pub fn update_server_uid(
    server_uid: u32,
 ) {
    match context.sql.execute(
-        "UPDATE msgs SET server_folder=?, server_uid=? WHERE rfc724_mid=?;",
+        "UPDATE msgs SET server_folder=?, server_uid=? \
+         WHERE rfc724_mid=?",
        params![server_folder.as_ref(), server_uid, rfc724_mid],
    ) {
        Ok(_) => {}
--- a/src/mimefactory.rs
+++ b/src/mimefactory.rs
@@ -9,7 +9,7 @@ use crate::contact::*;
 use crate::context::{get_version_str, Context};
 use crate::dc_tools::*;
 use crate::e2ee::*;
-use crate::error::Error;
+use crate::error::{bail, ensure, format_err, Error};
 use crate::location;
 use crate::message::{self, Message};
 use crate::mimeparser::SystemMessage;
@@ -68,7 +68,7 @@ impl<'a, 'b> MimeFactory<'a, 'b> {
    pub fn from_msg(
        context: &'a Context,
        msg: &'b Message,
-        add_selfavatar: bool,
+        attach_selfavatar: bool,
    ) -> Result<MimeFactory<'a, 'b>, Error> {
        let chat = Chat::load_from_db(context, msg.chat_id)?;

@@ -106,21 +106,6 @@ impl<'a, 'b> MimeFactory<'a, 'b> {

            let command = msg.param.get_cmd();

-            /* for added members, the list is just fine */
-            if command == SystemMessage::MemberRemovedFromGroup {
-                let email_to_remove = msg.param.get(Param::Arg).unwrap_or_default();
-
-                let self_addr = context
-                    .get_config(Config::ConfiguredAddr)
-                    .unwrap_or_default();
-
-                if !email_to_remove.is_empty()
-                    && !addr_cmp(email_to_remove, self_addr)
-                    && !recipients_contain_addr(&recipients, &email_to_remove)
-                {
-                    recipients.push(("".to_string(), email_to_remove.to_string()));
-                }
-            }
            if command != SystemMessage::AutocryptSetupMessage
                && command != SystemMessage::SecurejoinMessage
                && context.get_config_bool(Config::MdnsEnabled)
@@ -156,7 +141,7 @@ impl<'a, 'b> MimeFactory<'a, 'b> {
            references,
            req_mdn,
            last_added_location_id: 0,
-            attach_selfavatar: add_selfavatar,
+            attach_selfavatar,
            context,
        };
        Ok(factory)
@@ -368,7 +353,7 @@ impl<'a, 'b> MimeFactory<'a, 'b> {
            self.from_addr.clone(),
        );

-        let mut to = Vec::with_capacity(self.recipients.len());
+        let mut to = Vec::new();
        for (name, addr) in self.recipients.iter() {
            if name.is_empty() {
                to.push(Address::new_mailbox(addr.clone()));
@@ -380,6 +365,10 @@ impl<'a, 'b> MimeFactory<'a, 'b> {
            }
        }

+        if to.is_empty() {
+            to.push(from.clone());
+        }
+
        if !self.references.is_empty() {
            unprotected_headers.push(Header::new("References".into(), self.references.clone()));
        }
@@ -638,7 +627,6 @@ impl<'a, 'b> MimeFactory<'a, 'b> {
        let command = self.msg.param.get_cmd();
        let mut placeholdertext = None;
        let mut meta_part = None;
-        let mut add_compatibility_header = false;

        if chat.typ == Chattype::VerifiedGroup {
            protected_headers.push(Header::new("Chat-Verified".to_string(), "1".to_string()));
@@ -681,7 +669,6 @@ impl<'a, 'b> MimeFactory<'a, 'b> {
                            "vg-member-added".to_string(),
                        ));
                    }
-                    add_compatibility_header = true;
                }
                SystemMessage::GroupNameChanged => {
                    let value_to_add = self.msg.param.get(Param::Arg).unwrap_or_default();
@@ -702,7 +689,6 @@ impl<'a, 'b> MimeFactory<'a, 'b> {
                            "0".to_string(),
                        ));
                    }
-                    add_compatibility_header = true;
                }
                _ => {}
            }
@@ -770,18 +756,7 @@ impl<'a, 'b> MimeFactory<'a, 'b> {

            let (mail, filename_as_sent) = build_body_file(context, &meta, "group-image")?;
            meta_part = Some(mail);
-            protected_headers.push(Header::new(
-                "Chat-Group-Avatar".into(),
-                filename_as_sent.clone(),
-            ));
-
-            // add the old group-image headers for versions <=0.973 resp. <=beta.15 (december 2019)
-            // image deletion is not supported in the compatibility layer.
-            // this can be removed some time after releasing 1.0,
-            // grep for #DeprecatedAvatar to get the place where compatibility parsing takes place.
-            if add_compatibility_header {
-                protected_headers.push(Header::new("Chat-Group-Image".into(), filename_as_sent));
-            }
+            protected_headers.push(Header::new("Chat-Group-Avatar".into(), filename_as_sent));
        }

        if self.msg.viewtype == Viewtype::Sticker {
@@ -880,7 +855,7 @@ impl<'a, 'b> MimeFactory<'a, 'b> {

        if self.attach_selfavatar {
            match context.get_config(Config::Selfavatar) {
-                Some(path) => match build_selfavatar_file(context, path) {
+                Some(path) => match build_selfavatar_file(context, &path) {
                    Ok((part, filename)) => {
                        parts.push(part);
                        protected_headers.push(Header::new("Chat-User-Avatar".into(), filename))
@@ -1075,7 +1050,7 @@ fn build_body_file(
    Ok((mail, filename_to_send))
 }

-fn build_selfavatar_file(context: &Context, path: String) -> Result<(PartBuilder, String), Error> {
+fn build_selfavatar_file(context: &Context, path: &str) -> Result<(PartBuilder, String), Error> {
    let blob = BlobObject::from_path(context, path)?;
    let filename_to_send = match blob.suffix() {
        Some(suffix) => format!("avatar.{}", suffix),
@@ -1120,7 +1095,7 @@ fn is_file_size_okay(context: &Context, msg: &Message) -> bool {
 fn render_rfc724_mid(rfc724_mid: &str) -> String {
    let rfc724_mid = rfc724_mid.trim().to_string();

-    if rfc724_mid.chars().nth(0).unwrap_or_default() == '<' {
+    if rfc724_mid.chars().next().unwrap_or_default() == '<' {
        rfc724_mid
    } else {
        format!("<{}>", rfc724_mid)
--- a/src/mimeparser.rs
+++ b/src/mimeparser.rs
@@ -1,22 +1,21 @@
 use std::collections::{HashMap, HashSet};

+use anyhow::Context as _;
 use deltachat_derive::{FromSql, ToSql};
 use lettre_email::mime::{self, Mime};
 use mailparse::{DispositionType, MailAddr, MailHeaderMap};

 use crate::aheader::Aheader;
 use crate::blob::BlobObject;
-use crate::config::Config;
 use crate::constants::Viewtype;
 use crate::contact::*;
 use crate::context::Context;
 use crate::dc_tools::*;
 use crate::dehtml::dehtml;
 use crate::e2ee;
-use crate::error::Result;
+use crate::error::{bail, Result};
 use crate::events::Event;
 use crate::headerdef::{HeaderDef, HeaderDefMap};
-use crate::job::{job_add, Action};
 use crate::location;
 use crate::message;
 use crate::param::*;
@@ -24,7 +23,6 @@ use crate::peerstate::Peerstate;
 use crate::securejoin::handle_degrade_event;
 use crate::simplify::*;
 use crate::stock::StockMessage;
-use crate::{bail, ensure};

 /// A parsed MIME message.
 ///
@@ -46,28 +44,17 @@ pub struct MimeMessage {
    pub is_system_message: SystemMessage,
    pub location_kml: Option<location::Kml>,
    pub message_kml: Option<location::Kml>,
-    pub user_avatar: AvatarAction,
-    pub group_avatar: AvatarAction,
+    pub(crate) user_avatar: Option<AvatarAction>,
+    pub(crate) group_avatar: Option<AvatarAction>,
    pub(crate) reports: Vec<Report>,
 }

 #[derive(Debug, PartialEq)]
-pub enum AvatarAction {
-    None,
+pub(crate) enum AvatarAction {
    Delete,
    Change(String),
 }

-impl AvatarAction {
-    pub fn is_change(&self) -> bool {
-        match self {
-            AvatarAction::None => false,
-            AvatarAction::Delete => false,
-            AvatarAction::Change(_) => true,
-        }
-    }
-}
-
 #[derive(Debug, Display, Clone, Copy, PartialEq, Eq, FromPrimitive, ToPrimitive, ToSql, FromSql)]
 #[repr(i32)]
 pub enum SystemMessage {
@@ -96,7 +83,7 @@ impl MimeMessage {

        let message_time = mail
            .headers
-            .get_header_value(HeaderDef::Date)?
+            .get_header_value(HeaderDef::Date)
            .and_then(|v| mailparse::dateparse(&v).ok())
            .unwrap_or_default();

@@ -105,6 +92,9 @@ impl MimeMessage {
        // init known headers with what mailparse provided us
        MimeMessage::merge_headers(&mut headers, &mail.headers);

+        // remove headers that are allowed _only_ in the encrypted part
+        headers.remove("secure-join-fingerprint");
+
        // Memory location for a possible decrypted message.
        let mail_raw;
        let mut gossipped_addr = Default::default();
@@ -122,8 +112,7 @@ impl MimeMessage {

                    // Handle any gossip headers if the mail was encrypted.  See section
                    // "3.6 Key Gossip" of https://autocrypt.org/autocrypt-spec-1.1.0.pdf
-                    let gossip_headers =
-                        decrypted_mail.headers.get_all_values("Autocrypt-Gossip")?;
+                    let gossip_headers = decrypted_mail.headers.get_all_values("Autocrypt-Gossip");
                    gossipped_addr =
                        update_gossip_peerstates(context, message_time, &mail, gossip_headers)?;

@@ -163,8 +152,8 @@ impl MimeMessage {
            is_system_message: SystemMessage::Unknown,
            location_kml: None,
            message_kml: None,
-            user_avatar: AvatarAction::None,
-            group_avatar: AvatarAction::None,
+            user_avatar: None,
+            group_avatar: None,
        };
        parser.parse_mime_recursive(context, &mail)?;
        parser.parse_headers(context)?;
@@ -202,10 +191,6 @@ impl MimeMessage {
    fn parse_avatar_headers(&mut self) {
        if let Some(header_value) = self.get(HeaderDef::ChatGroupAvatar).cloned() {
            self.group_avatar = self.avatar_action_from_header(header_value);
-        } else if let Some(header_value) = self.get(HeaderDef::ChatGroupImage).cloned() {
-            // parse the old group-image headers for versions <=0.973 resp. <=beta.15 (december 2019)
-            // grep for #DeprecatedAvatar to get the place where a compatibility header is generated.
-            self.group_avatar = self.avatar_action_from_header(header_value);
        }

        if let Some(header_value) = self.get(HeaderDef::ChatUserAvatar).cloned() {
@@ -218,10 +203,8 @@ impl MimeMessage {
    /// Delta Chat sends attachments, such as images, in two-part messages, with the first message
    /// containing an explanation. If such a message is detected, first part can be safely dropped.
    fn squash_attachment_parts(&mut self) {
-        if self.has_chat_version() && self.parts.len() == 2 {
+        if let [textpart, filepart] = &self.parts[..] {
            let need_drop = {
-                let textpart = &self.parts[0];
-                let filepart = &self.parts[1];
                textpart.typ == Viewtype::Text
                    && (filepart.typ == Viewtype::Image
                        || filepart.typ == Viewtype::Gif
@@ -299,18 +282,16 @@ impl MimeMessage {
                    prepend_subject = false
                }
            }
+            // For mailing lists, always add the subject because sometimes there are different topics
+            // and otherwise it might be hard to keep track:
+            if self.get(HeaderDef::ListId).is_some() {
+                prepend_subject = true;
+            }
            if prepend_subject {
-                let subj = if let Some(n) = subject.find('[') {
-                    &subject[0..n]
-                } else {
-                    subject
-                }
-                .trim();
-
-                if !subj.is_empty() {
+                if !subject.is_empty() {
                    for part in self.parts.iter_mut() {
                        if part.typ == Viewtype::Text {
-                            part.msg = format!("{} – {}", subj, part.msg);
+                            part.msg = format!("{} – {}", subject, part.msg);
                            break;
                        }
                    }
@@ -360,9 +341,9 @@ impl MimeMessage {
        Ok(())
    }

-    fn avatar_action_from_header(&mut self, header_value: String) -> AvatarAction {
+    fn avatar_action_from_header(&mut self, header_value: String) -> Option<AvatarAction> {
        if header_value == "0" {
-            return AvatarAction::Delete;
+            Some(AvatarAction::Delete)
        } else {
            let mut i = 0;
            while i != self.parts.len() {
@@ -370,7 +351,7 @@ impl MimeMessage {
                if let Some(part_filename) = &part.org_filename {
                    if part_filename == &header_value {
                        if let Some(blob) = part.param.get(Param::File) {
-                            let res = AvatarAction::Change(blob.to_string());
+                            let res = Some(AvatarAction::Change(blob.to_string()));
                            self.parts.remove(i);
                            return res;
                        }
@@ -379,8 +360,8 @@ impl MimeMessage {
                }
                i += 1;
            }
+            None
        }
-        AvatarAction::None
    }

    pub fn was_encrypted(&self) -> bool {
@@ -489,7 +470,9 @@ impl MimeMessage {
            apple mail: "plaintext" as an alternative to "html+PDF attachment") */
            (mime::MULTIPART, "alternative") => {
                for cur_data in &mail.subparts {
-                    if get_mime_type(cur_data)?.0 == "multipart/mixed" {
+                    if get_mime_type(cur_data)?.0 == "multipart/mixed"
+                        || get_mime_type(cur_data)?.0 == "multipart/related"
+                    {
                        any_part_added = self.parse_mime_recursive(context, cur_data)?;
                        break;
                    }
@@ -513,15 +496,6 @@ impl MimeMessage {
                    }
                }
            }
-            (mime::MULTIPART, "related") => {
-                /* add the "root part" - the other parts may be referenced which is
-                not interesting for us (eg. embedded images) we assume he "root part"
-                being the first one, which may not be always true ...
-                however, most times it seems okay. */
-                if let Some(first) = mail.subparts.iter().next() {
-                    any_part_added = self.parse_mime_recursive(context, first)?;
-                }
-            }
            (mime::MULTIPART, "encrypted") => {
                // we currently do not try to decrypt non-autocrypt messages
                // at all. If we see an encrypted part, we set
@@ -560,6 +534,16 @@ impl MimeMessage {
                            if let Some(report) = self.process_report(context, mail)? {
                                self.reports.push(report);
                            }
+
+                            // Add MDN part so we can track it, avoid
+                            // downloading the message again and
+                            // delete if automatic message deletion is
+                            // enabled.
+                            let mut part = Part::default();
+                            part.typ = Viewtype::Unknown;
+                            self.parts.push(part);
+
+                            any_part_added = true;
                        } else {
                            /* eg. `report-type=delivery-status`;
                            maybe we should show them as a little error icon */
@@ -593,60 +577,64 @@ impl MimeMessage {
        let (mime_type, msg_type) = get_mime_type(mail)?;
        let raw_mime = mail.ctype.mimetype.to_lowercase();

-        let filename = get_attachment_filename(mail);
+        let filename = get_attachment_filename(mail)?;

        let old_part_count = self.parts.len();

-        if let Ok(filename) = filename {
-            self.do_add_single_file_part(
-                context,
-                msg_type,
-                mime_type,
-                &raw_mime,
-                &mail.get_body_raw()?,
-                &filename,
-            );
-        } else {
-            match mime_type.type_() {
-                mime::IMAGE | mime::AUDIO | mime::VIDEO | mime::APPLICATION => {
-                    bail!("missing attachment");
-                }
-                mime::TEXT | mime::HTML => {
-                    let decoded_data = match mail.get_body() {
-                        Ok(decoded_data) => decoded_data,
-                        Err(err) => {
-                            warn!(context, "Invalid body parsed {:?}", err);
-                            // Note that it's not always an error - might be no data
-                            return Ok(false);
-                        }
-                    };
-
-                    let (simplified_txt, is_forwarded) = if decoded_data.is_empty() {
-                        ("".into(), false)
-                    } else {
-                        let is_html = mime_type == mime::TEXT_HTML;
-                        let out = if is_html {
-                            dehtml(&decoded_data)
-                        } else {
-                            decoded_data.clone()
+        match filename {
+            Some(filename) => {
+                self.do_add_single_file_part(
+                    context,
+                    msg_type,
+                    mime_type,
+                    &raw_mime,
+                    &mail.get_body_raw()?,
+                    &filename,
+                );
+            }
+            None => {
+                match mime_type.type_() {
+                    mime::IMAGE | mime::AUDIO | mime::VIDEO | mime::APPLICATION => {
+                        warn!(context, "Missing attachment");
+                        return Ok(false);
+                    }
+                    mime::TEXT | mime::HTML => {
+                        let decoded_data = match mail.get_body() {
+                            Ok(decoded_data) => decoded_data,
+                            Err(err) => {
+                                warn!(context, "Invalid body parsed {:?}", err);
+                                // Note that it's not always an error - might be no data
+                                return Ok(false);
+                            }
                        };
-                        simplify(out, self.has_chat_version())
-                    };

-                    if !simplified_txt.is_empty() {
-                        let mut part = Part::default();
-                        part.typ = Viewtype::Text;
-                        part.mimetype = Some(mime_type);
-                        part.msg = simplified_txt;
-                        part.msg_raw = Some(decoded_data);
-                        self.do_add_single_part(part);
-                    }
+                        let (simplified_txt, is_forwarded) = if decoded_data.is_empty() {
+                            ("".into(), false)
+                        } else {
+                            let is_html = mime_type == mime::TEXT_HTML;
+                            let out = if is_html {
+                                dehtml(&decoded_data)
+                            } else {
+                                decoded_data.clone()
+                            };
+                            simplify(out, self.has_chat_version())
+                        };

-                    if is_forwarded {
-                        self.is_forwarded = true;
+                        if !simplified_txt.is_empty() {
+                            let mut part = Part::default();
+                            part.typ = Viewtype::Text;
+                            part.mimetype = Some(mime_type);
+                            part.msg = simplified_txt;
+                            part.msg_raw = Some(decoded_data);
+                            self.do_add_single_part(part);
+                        }
+
+                        if is_forwarded {
+                            self.is_forwarded = true;
+                        }
                    }
+                    _ => {}
                }
-                _ => {}
            }
        }

@@ -752,21 +740,18 @@ impl MimeMessage {

    pub fn get_rfc724_mid(&self) -> Option<String> {
        self.get(HeaderDef::MessageId)
-            .and_then(|msgid| parse_message_id(msgid))
+            .and_then(|msgid| parse_message_id(msgid).ok())
    }

    fn merge_headers(headers: &mut HashMap<String, String>, fields: &[mailparse::MailHeader<'_>]) {
        for field in fields {
-            if let Ok(key) = field.get_key() {
-                // lowercasing all headers is technically not correct, but makes things work better
-                let key = key.to_lowercase();
-                if !headers.contains_key(&key) || // key already exists, only overwrite known types (protected headers)
+            // lowercasing all headers is technically not correct, but makes things work better
+            let key = field.get_key().to_lowercase();
+            if !headers.contains_key(&key) || // key already exists, only overwrite known types (protected headers)
                    is_known(&key) || key.starts_with("chat-")
-                {
-                    if let Ok(value) = field.get_value() {
-                        headers.insert(key, value);
-                    }
-                }
+            {
+                let value = field.get_value();
+                headers.insert(key.to_string(), value);
            }
        }
    }
@@ -781,23 +766,17 @@ impl MimeMessage {
        let (report_fields, _) = mailparse::parse_headers(&report_body)?;

        // must be present
-        if let Some(_disposition) = report_fields
-            .get_header_value(HeaderDef::Disposition)
-            .ok()
-            .flatten()
-        {
+        if let Some(_disposition) = report_fields.get_header_value(HeaderDef::Disposition) {
            if let Some(original_message_id) = report_fields
                .get_header_value(HeaderDef::OriginalMessageId)
-                .ok()
-                .flatten()
-                .and_then(|v| parse_message_id(&v))
+                .and_then(|v| parse_message_id(&v).ok())
            {
                let additional_message_ids = report_fields
                    .get_header_value(HeaderDef::AdditionalMessageIds)
-                    .ok()
-                    .flatten()
                    .map_or_else(Vec::new, |v| {
-                        v.split(' ').filter_map(parse_message_id).collect()
+                        v.split(' ')
+                            .filter_map(|s| parse_message_id(s).ok())
+                            .collect()
                    });

                return Ok(Some(Report {
@@ -809,26 +788,18 @@ impl MimeMessage {
        warn!(
            context,
            "ignoring unknown disposition-notification, Message-Id: {:?}",
-            report_fields.get_header_value(HeaderDef::MessageId).ok()
+            report_fields.get_header_value(HeaderDef::MessageId)
        );

        Ok(None)
    }

    /// Handle reports (only MDNs for now)
-    pub fn handle_reports(
-        &self,
-        context: &Context,
-        from_id: u32,
-        sent_timestamp: i64,
-        server_folder: impl AsRef<str>,
-        server_uid: u32,
-    ) {
+    pub fn handle_reports(&self, context: &Context, from_id: u32, sent_timestamp: i64) {
        if self.reports.is_empty() {
            return;
        }

-        let mut mdn_recognized = false;
        for report in &self.reports {
            for original_message_id in
                std::iter::once(&report.original_message_id).chain(&report.additional_message_ids)
@@ -837,20 +808,9 @@ impl MimeMessage {
                    message::mdn_from_ext(context, from_id, original_message_id, sent_timestamp)
                {
                    context.call_cb(Event::MsgRead { chat_id, msg_id });
-                    mdn_recognized = true;
                }
            }
        }
-
-        if self.has_chat_version() || mdn_recognized {
-            let mut param = Params::new();
-            param.set(Param::ServerFolder, server_folder.as_ref());
-            param.set_int(Param::ServerUid, server_uid as i32);
-            if self.has_chat_version() && context.get_config_bool(Config::MvboxMove) {
-                param.set_int(Param::AlsoMove, 1);
-            }
-            job_add(context, Action::MarkseenMdnOnImap, 0, param, 0);
-        }
    }
 }

@@ -869,14 +829,9 @@ fn update_gossip_peerstates(

        if let Ok(ref header) = gossip_header {
            if recipients.is_none() {
-                recipients = Some(get_recipients(mail.headers.iter().filter_map(|v| {
-                    let key = v.get_key();
-                    let value = v.get_value();
-                    if key.is_err() || value.is_err() {
-                        return None;
-                    }
-                    Some((v.get_key().unwrap(), v.get_value().unwrap()))
-                })));
+                recipients = Some(get_recipients(
+                    mail.headers.iter().map(|v| (v.get_key(), v.get_value())),
+                ));
            }

            if recipients
@@ -920,14 +875,14 @@ pub(crate) struct Report {
    additional_message_ids: Vec<String>,
 }

-fn parse_message_id(field: &str) -> Option<String> {
-    if let Ok(addrs) = mailparse::addrparse(field) {
-        // Assume the message id is a single id in the form of <id>
-        if let mailparse::MailAddr::Single(mailparse::SingleInfo { ref addr, .. }) = addrs[0] {
-            return Some(addr.clone());
-        }
+pub(crate) fn parse_message_id(value: &str) -> crate::error::Result<String> {
+    let ids = mailparse::msgidparse(value).context("failed to parse message id")?;
+
+    if let Some(id) = ids.first() {
+        Ok(id.to_string())
+    } else {
+        bail!("could not parse message_id: {}", value);
    }
-    None
 }

 fn is_known(key: &str) -> bool {
@@ -990,56 +945,56 @@ fn get_mime_type(mail: &mailparse::ParsedMail<'_>) -> Result<(Mime, Viewtype)> {
 }

 fn is_attachment_disposition(mail: &mailparse::ParsedMail<'_>) -> bool {
-    if let Ok(ct) = mail.get_content_disposition() {
-        return ct.disposition == DispositionType::Attachment
-            && ct
-                .params
-                .iter()
-                .any(|(key, _value)| key.starts_with("filename"));
-    }
-
-    false
+    let ct = mail.get_content_disposition();
+    ct.disposition == DispositionType::Attachment
+        && ct
+            .params
+            .iter()
+            .any(|(key, _value)| key.starts_with("filename"))
 }

-fn get_attachment_filename(mail: &mailparse::ParsedMail) -> Result<String> {
+/// Tries to get attachment filename.
+///
+/// If filename is explitictly specified in Content-Disposition, it is
+/// returned. If Content-Disposition is "attachment" but filename is
+/// not specified, filename is guessed. If Content-Disposition cannot
+/// be parsed, returns an error.
+fn get_attachment_filename(mail: &mailparse::ParsedMail) -> Result<Option<String>> {
    // try to get file name from
    //    `Content-Disposition: ... filename*=...`
    // or `Content-Disposition: ... filename*0*=... filename*1*=... filename*2*=...`
    // or `Content-Disposition: ... filename=...`

-    let ct = mail.get_content_disposition()?;
-    ensure!(
-        ct.disposition == DispositionType::Attachment,
-        "disposition not an attachment: {:?}",
-        ct.disposition
-    );
+    let ct = mail.get_content_disposition();

-    let mut desired_filename = ct
+    let desired_filename: Option<String> = ct
        .params
        .iter()
        .filter(|(key, _value)| key.starts_with("filename"))
-        .fold(String::new(), |mut acc, (_key, value)| {
-            acc += value;
-            acc
+        .fold(None, |acc, (_key, value)| {
+            if let Some(acc) = acc {
+                Some(acc + value)
+            } else {
+                Some(value.to_string())
+            }
        });

-    if desired_filename.is_empty() {
-        if let Some(param) = ct.params.get("name") {
-            // might be a wrongly encoded filename
-            desired_filename = param.to_string();
-        }
-    }
+    let desired_filename =
+        desired_filename.or_else(|| ct.params.get("name").map(|s| s.to_string()));

-    // if there is still no filename, guess one
-    if desired_filename.is_empty() {
+    // If there is no filename, but part is an attachment, guess filename
+    if ct.disposition == DispositionType::Attachment && desired_filename.is_none() {
        if let Some(subtype) = mail.ctype.mimetype.split('/').nth(1) {
-            desired_filename = format!("file.{}", subtype,);
+            Ok(Some(format!("file.{}", subtype,)))
        } else {
-            bail!("could not determine filename: {:?}", ct.disposition);
+            bail!(
+                "could not determine attachment filename: {:?}",
+                ct.disposition
+            );
        }
+    } else {
+        Ok(desired_filename)
    }
-
-    Ok(desired_filename)
 }

 // returned addresses are normalized and lowercased.
@@ -1093,6 +1048,15 @@ mod tests {
    use super::*;
    use crate::test_utils::*;

+    impl AvatarAction {
+        pub fn is_change(&self) -> bool {
+            match self {
+                AvatarAction::Delete => false,
+                AvatarAction::Change(_) => true,
+            }
+        }
+    }
+
    #[test]
    fn test_dc_mimeparser_crash() {
        let context = dummy_context();
@@ -1151,10 +1115,12 @@ mod tests {
    fn test_get_attachment_filename() {
        let raw = include_bytes!("../test-data/message/html_attach.eml");
        let mail = mailparse::parse_mail(raw).unwrap();
-        assert!(get_attachment_filename(&mail).is_err());
-        assert!(get_attachment_filename(&mail.subparts[0]).is_err());
+        assert!(get_attachment_filename(&mail).unwrap().is_none());
+        assert!(get_attachment_filename(&mail.subparts[0])
+            .unwrap()
+            .is_none());
        let filename = get_attachment_filename(&mail.subparts[1]).unwrap();
-        assert_eq!(filename, "test.html")
+        assert_eq!(filename, Some("test.html".to_string()))
    }

    #[test]
@@ -1200,14 +1166,16 @@ mod tests {
                    Content-Type: multipart/mixed; boundary=\"==break==\";\n\
                    Subject: outer-subject\n\
                    Secure-Join-Group: no\n\
-                    Test-Header: Bar\nChat-Version: 0.0\n\
+                    Secure-Join-Fingerprint: 123456\n\
+                    Test-Header: Bar\n\
+                    chat-VERSION: 0.0\n\
                    \n\
                    --==break==\n\
                    Content-Type: text/plain; protected-headers=\"v1\";\n\
                    Subject: inner-subject\n\
                    SecureBar-Join-Group: yes\n\
                    Test-Header: Xy\n\
-                    Chat-Version: 1.0\n\
+                    chat-VERSION: 1.0\n\
                    \n\
                    test1\n\
                    \n\
@@ -1226,12 +1194,17 @@ mod tests {

        // the following fields would bubble up
        // if the test would really use encryption for the protected part
-        // however, as this is not the case, the outer things stay valid
+        // however, as this is not the case, the outer things stay valid.
+        // for Chat-Version, also the case-insensivity is tested.
        assert_eq!(mimeparser.get_subject(), Some("outer-subject".into()));

        let of = mimeparser.get(HeaderDef::ChatVersion).unwrap();
        assert_eq!(of, "0.0");
        assert_eq!(mimeparser.parts.len(), 1);
+
+        // make sure, headers that are only allowed in the encrypted part
+        // cannot be set from the outer part
+        assert!(mimeparser.get(HeaderDef::SecureJoinFingerprint).is_none());
    }

    #[test]
@@ -1240,29 +1213,29 @@ mod tests {

        let raw = include_bytes!("../test-data/message/mail_attach_txt.eml");
        let mimeparser = MimeMessage::from_bytes(&t.ctx, &raw[..]).unwrap();
-        assert_eq!(mimeparser.user_avatar, AvatarAction::None);
-        assert_eq!(mimeparser.group_avatar, AvatarAction::None);
+        assert_eq!(mimeparser.user_avatar, None);
+        assert_eq!(mimeparser.group_avatar, None);

        let raw = include_bytes!("../test-data/message/mail_with_user_avatar.eml");
        let mimeparser = MimeMessage::from_bytes(&t.ctx, &raw[..]).unwrap();
        assert_eq!(mimeparser.parts.len(), 1);
        assert_eq!(mimeparser.parts[0].typ, Viewtype::Text);
-        assert!(mimeparser.user_avatar.is_change());
-        assert_eq!(mimeparser.group_avatar, AvatarAction::None);
+        assert!(mimeparser.user_avatar.unwrap().is_change());
+        assert_eq!(mimeparser.group_avatar, None);

        let raw = include_bytes!("../test-data/message/mail_with_user_avatar_deleted.eml");
        let mimeparser = MimeMessage::from_bytes(&t.ctx, &raw[..]).unwrap();
        assert_eq!(mimeparser.parts.len(), 1);
        assert_eq!(mimeparser.parts[0].typ, Viewtype::Text);
-        assert_eq!(mimeparser.user_avatar, AvatarAction::Delete);
-        assert_eq!(mimeparser.group_avatar, AvatarAction::None);
+        assert_eq!(mimeparser.user_avatar, Some(AvatarAction::Delete));
+        assert_eq!(mimeparser.group_avatar, None);

        let raw = include_bytes!("../test-data/message/mail_with_user_and_group_avatars.eml");
        let mimeparser = MimeMessage::from_bytes(&t.ctx, &raw[..]).unwrap();
        assert_eq!(mimeparser.parts.len(), 1);
        assert_eq!(mimeparser.parts[0].typ, Viewtype::Text);
-        assert!(mimeparser.user_avatar.is_change());
-        assert!(mimeparser.group_avatar.is_change());
+        assert!(mimeparser.user_avatar.unwrap().is_change());
+        assert!(mimeparser.group_avatar.unwrap().is_change());

        // if the Chat-User-Avatar header is missing, the avatar become a normal attachment
        let raw = include_bytes!("../test-data/message/mail_with_user_and_group_avatars.eml");
@@ -1271,8 +1244,8 @@ mod tests {
        let mimeparser = MimeMessage::from_bytes(&t.ctx, raw.as_bytes()).unwrap();
        assert_eq!(mimeparser.parts.len(), 1);
        assert_eq!(mimeparser.parts[0].typ, Viewtype::Image);
-        assert_eq!(mimeparser.user_avatar, AvatarAction::None);
-        assert!(mimeparser.group_avatar.is_change());
+        assert_eq!(mimeparser.user_avatar, None);
+        assert!(mimeparser.group_avatar.unwrap().is_change());
    }

    #[test]
@@ -1358,7 +1331,7 @@ Disposition: manual-action/MDN-sent-automatically; displayed\n\
            Some("Chat: Message opened".to_string())
        );

-        assert_eq!(message.parts.len(), 0);
+        assert_eq!(message.parts.len(), 1);
        assert_eq!(message.reports.len(), 1);
    }

@@ -1436,7 +1409,7 @@ Disposition: manual-action/MDN-sent-automatically; displayed\n\
            Some("Chat: Message opened".to_string())
        );

-        assert_eq!(message.parts.len(), 0);
+        assert_eq!(message.parts.len(), 2);
        assert_eq!(message.reports.len(), 2);
    }

@@ -1481,7 +1454,7 @@ Additional-Message-IDs: <foo@example.com> <foo@example.net>\n\
            Some("Chat: Message opened".to_string())
        );

-        assert_eq!(message.parts.len(), 0);
+        assert_eq!(message.parts.len(), 1);
        assert_eq!(message.reports.len(), 1);
        assert_eq!(message.reports[0].original_message_id, "foo@example.org");
        assert_eq!(
@@ -1491,14 +1464,154 @@ Additional-Message-IDs: <foo@example.com> <foo@example.net>\n\
    }

    #[test]
-    fn mailparse_test() {
-        let body = b"From: =?UTF-8?B?0JjQvNGPLCDQpNCw0LzQuNC70LjRjw==?= <foobar@example.com>";
-        let mail = mailparse::parse_mail(body).unwrap();
+    fn test_parse_inline_attachment() {
+        let context = dummy_context();
+        let raw = br#"Date: Thu, 13 Feb 2020 22:41:20 +0000 (UTC)
+From: sender@example.com
+To: receiver@example.com
+Subject: Mail with inline attachment
+MIME-Version: 1.0
+Content-Type: multipart/mixed;
+	boundary="----=_Part_25_46172632.1581201680436"

-        let from = mail.headers[0].get_value().unwrap();
-        assert_eq!(&from, "Имя, Фамилия <foobar@example.com>");
+------=_Part_25_46172632.1581201680436
+Content-Type: text/plain; charset=utf-8

-        let parsed = mailparse::addrparse(&from).unwrap();
-        assert_eq!(parsed.len(), 1);
+Hello!
+
+------=_Part_25_46172632.1581201680436
+Content-Type: application/pdf; name="some_pdf.pdf"
+Content-Transfer-Encoding: base64
+Content-Disposition: inline; filename="some_pdf.pdf"
+
+JVBERi0xLjUKJcOkw7zDtsOfCjIgMCBvYmoKPDwvTGVuZ3RoIDMgMCBSL0ZpbHRlci9GbGF0ZURl
+Y29kZT4+CnN0cmVhbQp4nGVOuwoCMRDs8xVbC8aZvC4Hx4Hno7ATAhZi56MTtPH33YtXiLKQ3ZnM
+MDYyMDYxNTE1RTlDOEE4Cj4+CnN0YXJ0eHJlZgo4Mjc4CiUlRU9GCg==
+------=_Part_25_46172632.1581201680436--
+"#;
+
+        let message = MimeMessage::from_bytes(&context.ctx, &raw[..]).unwrap();
+        assert_eq!(
+            message.get_subject(),
+            Some("Mail with inline attachment".to_string())
+        );
+
+        assert_eq!(message.parts.len(), 1);
+        assert_eq!(message.parts[0].typ, Viewtype::File);
+        assert_eq!(message.parts[0].msg, "Hello!");
+    }
+
+    #[test]
+    fn parse_inline_image() {
+        let context = dummy_context();
+        let raw = br#"Message-ID: <foobar@example.org>
+From: foo <foo@example.org>
+Subject: example
+To: bar@example.org
+MIME-Version: 1.0
+Content-Type: multipart/mixed; boundary="--11019878869865180"
+
+----11019878869865180
+Content-Type: text/plain; charset=utf-8
+
+Test
+
+----11019878869865180
+Content-Type: image/jpeg;
+ name="JPEG_filename.jpg"
+Content-Transfer-Encoding: base64
+Content-Disposition: inline;
+ filename="JPEG_filename.jpg"
+
+ISVb1L3m7z15Wy5w97a2cJg6W8P8YKOYfWn3PJ/UCSFcvCPtvBhcXieiN3M3ljguzG4XK7BnGgxG
+acAQdY8e0cWz1n+zKPNeNn4Iu3GXAXz4/IPksHk54inl1//0Lv8ggZjljfjnf0q1SPftYI7lpZWT
+/4aTCkimRrAIcwrQJPnZJRb7BPSC6kfn1QJHMv77mRMz2+4WbdfpyPQQ0CWLJsgVXtBsSMf2Awal
+n+zZzhGpXyCbWTEw1ccqZcK5KaiKNqWv51N4yVXw9dzJoCvxbYtCFGZZJdx7c+ObDotaF1/9KY4C
+xJjgK9/NgTXCZP1jYm0XIBnJsFSNg0pnMRETttTuGbOVi1/s/F1RGv5RNZsCUt21d9FhkWQQXsd2
+rOzDgTdag6BQCN3hSU9eKW/GhNBuMibRN9eS7Sm1y2qFU1HgGJBQfPPRPLKxXaNi++Zt0tnon2IU
+8pg5rP/IvStXYQNUQ9SiFdfAUkLU5b1j8ltnka8xl+oXsleSG44GPz6kM0RmwUrGkl4z/+NfHSsI
+K+TuvC7qOah0WLFhcsXWn2+dDV1bXuAeC769TkqkpHhdXfUHnVgK3Pv7u3rVPT5AMeFUGxRB2dP4
+CWt6wx7fiLp0qS9RrX75g6Gqw7nfCs6EcBERcIPt7DTe8VStJwf3LWqVwxl4gQl46yhfoqwEO+I=
+
+
+----11019878869865180--
+"#;
+
+        let message = MimeMessage::from_bytes(&context.ctx, &raw[..]).unwrap();
+        assert_eq!(message.get_subject(), Some("example".to_string()));
+
+        assert_eq!(message.parts.len(), 1);
+        assert_eq!(message.parts[0].typ, Viewtype::Image);
+        assert_eq!(message.parts[0].msg, "Test");
+    }
+
+    #[test]
+    fn parse_thunderbird_html_embedded_image() {
+        let context = dummy_context();
+        let raw = br#"To: Alice <alice@example.org>
+From: Bob <bob@example.org>
+Subject: Test subject
+Message-ID: <foobarbaz@example.org>
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
+ Thunderbird/68.7.0
+MIME-Version: 1.0
+Content-Type: multipart/alternative;
+ boundary="------------779C1631600DF3DB8C02E53A"
+Content-Language: en-US
+
+This is a multi-part message in MIME format.
+--------------779C1631600DF3DB8C02E53A
+Content-Type: text/plain; charset=utf-8
+Content-Transfer-Encoding: 7bit
+
+Test
+
+
+--------------779C1631600DF3DB8C02E53A
+Content-Type: multipart/related;
+ boundary="------------10CC6C2609EB38DA782C5CA9"
+
+
+--------------10CC6C2609EB38DA782C5CA9
+Content-Type: text/html; charset=utf-8
+Content-Transfer-Encoding: 7bit
+
+<html>
+<head>
+<meta http-equiv="content-type" content="text/html; charset=UTF-8">
+</head>
+<body>
+Test<br>
+<p><img moz-do-not-send="false" src="cid:part1.9DFA679B.52A88D69@example.org" alt=""></p>
+</body>
+</html>
+
+--------------10CC6C2609EB38DA782C5CA9
+Content-Type: image/png;
+ name="1.png"
+Content-Transfer-Encoding: base64
+Content-ID: <part1.9DFA679B.52A88D69@example.org>
+Content-Disposition: inline;
+ filename="1.png"
+
+ISVb1L3m7z15Wy5w97a2cJg6W8P8YKOYfWn3PJ/UCSFcvCPtvBhcXieiN3M3ljguzG4XK7BnGgxG
+acAQdY8e0cWz1n+zKPNeNn4Iu3GXAXz4/IPksHk54inl1//0Lv8ggZjljfjnf0q1SPftYI7lpZWT
+/4aTCkimRrAIcwrQJPnZJRb7BPSC6kfn1QJHMv77mRMz2+4WbdfpyPQQ0CWLJsgVXtBsSMf2Awal
+n+zZzhGpXyCbWTEw1ccqZcK5KaiKNqWv51N4yVXw9dzJoCvxbYtCFGZZJdx7c+ObDotaF1/9KY4C
+xJjgK9/NgTXCZP1jYm0XIBnJsFSNg0pnMRETttTuGbOVi1/s/F1RGv5RNZsCUt21d9FhkWQQXsd2
+rOzDgTdag6BQCN3hSU9eKW/GhNBuMibRN9eS7Sm1y2qFU1HgGJBQfPPRPLKxXaNi++Zt0tnon2IU
+8pg5rP/IvStXYQNUQ9SiFdfAUkLU5b1j8ltnka8xl+oXsleSG44GPz6kM0RmwUrGkl4z/+NfHSsI
+K+TuvC7qOah0WLFhcsXWn2+dDV1bXuAeC769TkqkpHhdXfUHnVgK3Pv7u3rVPT5AMeFUGxRB2dP4
+CWt6wx7fiLp0qS9RrX75g6Gqw7nfCs6EcBERcIPt7DTe8VStJwf3LWqVwxl4gQl46yhfoqwEO+I=
+--------------10CC6C2609EB38DA782C5CA9--
+
+--------------779C1631600DF3DB8C02E53A--"#;
+
+        let message = MimeMessage::from_bytes(&context.ctx, &raw[..]).unwrap();
+        assert_eq!(message.get_subject(), Some("Test subject".to_string()));
+
+        assert_eq!(message.parts.len(), 1);
+        assert_eq!(message.parts[0].typ, Viewtype::Image);
+        assert_eq!(message.parts[0].msg, "Test");
    }
 }
--- a/src/param.rs
+++ b/src/param.rs
@@ -4,15 +4,18 @@ use std::path::PathBuf;
 use std::str;

 use num_traits::FromPrimitive;
+use serde::{Deserialize, Serialize};

 use crate::blob::{BlobError, BlobObject};
 use crate::context::Context;
-use crate::error;
+use crate::error::{self, bail, ensure};
 use crate::message::MsgId;
 use crate::mimeparser::SystemMessage;

 /// Available param keys.
-#[derive(PartialEq, Eq, Debug, Clone, Copy, Hash, PartialOrd, Ord, FromPrimitive)]
+#[derive(
+    PartialEq, Eq, Debug, Clone, Copy, Hash, PartialOrd, Ord, FromPrimitive, Serialize, Deserialize,
+)]
 #[repr(u8)]
 pub enum Param {
    /// For messages and jobs
@@ -85,12 +88,6 @@ pub enum Param {
    /// For Jobs
    SetLongitude = b'n',

-    /// For Jobs
-    ServerFolder = b'Z',
-
-    /// For Jobs
-    ServerUid = b'z',
-
    /// For Jobs
    AlsoMove = b'M',

@@ -120,6 +117,8 @@ pub enum Param {

    /// For MDN-sending job
    MsgId = b'I',
+
+    MailingList = b't',
 }

 /// Possible values for `Param::ForcePlaintext`.
@@ -135,7 +134,7 @@ pub enum ForcePlaintext {
 /// The structure is serialized by calling `to_string()` on it.
 ///
 /// Only for library-internal use.
-#[derive(Debug, Clone, PartialEq, Eq, Default)]
+#[derive(Debug, Clone, PartialEq, Eq, Default, Serialize, Deserialize)]
 pub struct Params {
    inner: BTreeMap<Param, String>,
 }
--- a/src/peerstate.rs
+++ b/src/peerstate.rs
@@ -316,6 +316,25 @@ impl<'a> Peerstate<'a> {
                self.recalc_fingerprint();
                self.to_save = Some(ToSave::All)
            }
+
+            // This is non-standard.
+            //
+            // According to Autocrypt 1.1.0 gossip headers SHOULD NOT
+            // contain encryption preference, but we include it into
+            // Autocrypt-Gossip and apply it one way (from
+            // "nopreference" to "mutual").
+            //
+            // This is compatible to standard clients, because they
+            // can't distinguish it from the case where we have
+            // contacted the client in the past and received this
+            // preference via Autocrypt header.
+            if self.last_seen_autocrypt == 0
+                && self.prefer_encrypt == EncryptPreference::NoPreference
+                && gossip_header.prefer_encrypt == EncryptPreference::Mutual
+            {
+                self.prefer_encrypt = EncryptPreference::Mutual;
+                self.to_save = Some(ToSave::All);
+            }
        };
    }

@@ -326,7 +345,15 @@ impl<'a> Peerstate<'a> {
            let header = Aheader::new(
                self.addr.clone(),
                public_key,
-                EncryptPreference::NoPreference,
+                // Autocrypt 1.1.0 specification says that
+                // `prefer-encrypt` attribute SHOULD NOT be included,
+                // but we include it anyway to propagate encryption
+                // preference to new members in group chats.
+                if self.last_seen_autocrypt > 0 {
+                    self.prefer_encrypt
+                } else {
+                    EncryptPreference::NoPreference
+                },
            );
            Some(header.to_string())
        } else {
--- a/src/pgp.rs
+++ b/src/pgp.rs
@@ -16,8 +16,9 @@ use pgp::types::{
 };
 use rand::{thread_rng, CryptoRng, Rng};

+use crate::constants::KeyGenType;
 use crate::dc_tools::EmailAddress;
-use crate::error::Result;
+use crate::error::{bail, ensure, format_err, Result};
 use crate::key::*;
 use crate::keyring::*;

@@ -116,21 +117,19 @@ pub fn split_armored_data(buf: &[u8]) -> Result<(BlockType, BTreeMap<String, Str
 ///
 /// Most of these are likely coding errors rather than user errors
 /// since all variability is hardcoded.
-#[derive(Fail, Debug)]
-#[fail(display = "PgpKeygenError: {}", message)]
+#[derive(Debug, thiserror::Error)]
+#[error("PgpKeygenError: {message}")]
 pub(crate) struct PgpKeygenError {
    message: String,
-    #[cause]
-    cause: failure::Error,
-    backtrace: failure::Backtrace,
+    #[source]
+    cause: anyhow::Error,
 }

 impl PgpKeygenError {
-    fn new(message: impl Into<String>, cause: impl Into<failure::Error>) -> Self {
+    fn new(message: impl Into<String>, cause: impl Into<anyhow::Error>) -> Self {
        Self {
            message: message.into(),
            cause: cause.into(),
-            backtrace: failure::Backtrace::new(),
        }
    }
 }
@@ -147,10 +146,18 @@ pub struct KeyPair {
 }

 /// Create a new key pair.
-pub(crate) fn create_keypair(addr: EmailAddress) -> std::result::Result<KeyPair, PgpKeygenError> {
+pub(crate) fn create_keypair(
+    addr: EmailAddress,
+    keygen_type: KeyGenType,
+) -> std::result::Result<KeyPair, PgpKeygenError> {
+    let (secret_key_type, public_key_type) = match keygen_type {
+        KeyGenType::Rsa2048 => (PgpKeyType::Rsa(2048), PgpKeyType::Rsa(2048)),
+        KeyGenType::Ed25519 | KeyGenType::Default => (PgpKeyType::EdDSA, PgpKeyType::ECDH),
+    };
+
    let user_id = format!("<{}>", addr);
    let key_params = SecretKeyParamsBuilder::default()
-        .key_type(PgpKeyType::Rsa(2048))
+        .key_type(secret_key_type)
        .can_create_certificates(true)
        .can_sign(true)
        .primary_user_id(user_id)
@@ -173,14 +180,14 @@ pub(crate) fn create_keypair(addr: EmailAddress) -> std::result::Result<KeyPair,
        ])
        .subkey(
            SubkeyParamsBuilder::default()
-                .key_type(PgpKeyType::Rsa(2048))
+                .key_type(public_key_type)
                .can_encrypt(true)
                .passphrase(None)
                .build()
                .unwrap(),
        )
        .build()
-        .map_err(|err| PgpKeygenError::new("invalid key params", failure::err_msg(err)))?;
+        .map_err(|err| PgpKeygenError::new("invalid key params", format_err!(err)))?;
    let key = key_params
        .generate()
        .map_err(|err| PgpKeygenError::new("invalid params", err))?;
@@ -385,10 +392,17 @@ mod tests {
    }

    #[test]
-    #[ignore] // is too expensive
    fn test_create_keypair() {
-        let keypair0 = create_keypair(EmailAddress::new("foo@bar.de").unwrap()).unwrap();
-        let keypair1 = create_keypair(EmailAddress::new("two@zwo.de").unwrap()).unwrap();
+        let keypair0 = create_keypair(
+            EmailAddress::new("foo@bar.de").unwrap(),
+            KeyGenType::Default,
+        )
+        .unwrap();
+        let keypair1 = create_keypair(
+            EmailAddress::new("two@zwo.de").unwrap(),
+            KeyGenType::Default,
+        )
+        .unwrap();
        assert_ne!(keypair0.public, keypair1.public);
    }

--- a/src/provider/data.rs
+++ b/src/provider/data.rs
@@ -20,6 +20,16 @@ lazy_static::lazy_static! {
        ],
    };

+    // aol.md: aol.com
+    static ref P_AOL: Provider = Provider {
+        status: Status::PREPARATION,
+        before_login_hint: "To log in to AOL with Delta Chat, you need to set up an app password in the AOL web interface.",
+        after_login_hint: "",
+        overview_page: "https://providers.delta.chat/aol",
+        server: vec![
+        ],
+    };
+
    // autistici.org.md: autistici.org
    static ref P_AUTISTICI_ORG: Provider = Provider {
        status: Status::OK,
@@ -65,6 +75,16 @@ lazy_static::lazy_static! {
        ],
    };

+    // fastmail.md: fastmail.com
+    static ref P_FASTMAIL: Provider = Provider {
+        status: Status::PREPARATION,
+        before_login_hint: "You must create an app-specific password for Delta Chat before you can log in.",
+        after_login_hint: "",
+        overview_page: "https://providers.delta.chat/fastmail",
+        server: vec![
+        ],
+    };
+
    // freenet.de.md: freenet.de
    static ref P_FREENET_DE: Provider = Provider {
        status: Status::OK,
@@ -165,12 +185,45 @@ lazy_static::lazy_static! {
        ],
    };

+    // protonmail.md: protonmail.com, protonmail.ch
+    static ref P_PROTONMAIL: Provider = Provider {
+        status: Status::BROKEN,
+        before_login_hint: "Protonmail does not offer the standard IMAP e-mail protocol, so you cannot log in with Delta Chat to Protonmail.",
+        after_login_hint: "To use Delta Chat with Protonmail, the IMAP bridge must be running in the background. If you have connectivity issues, double check whether it works as expected.",
+        overview_page: "https://providers.delta.chat/protonmail",
+        server: vec![
+        ],
+    };
+
    // riseup.net.md: riseup.net
    // - skipping provider with status OK and no special things to do

    // rogers.com.md: rogers.com
    // - skipping provider with status OK and no special things to do

+    // t-online.md: t-online.de, magenta.de
+    static ref P_T_ONLINE: Provider = Provider {
+        status: Status::PREPARATION,
+        before_login_hint: "To use Delta Chat with a T-Online email address, you need to create an app password in the web interface.",
+        after_login_hint: "",
+        overview_page: "https://providers.delta.chat/t-online",
+        server: vec![
+        ],
+    };
+
+    // testrun.md: testrun.org
+    static ref P_TESTRUN: Provider = Provider {
+        status: Status::OK,
+        before_login_hint: "",
+        after_login_hint: "",
+        overview_page: "https://providers.delta.chat/testrun",
+        server: vec![
+            Server { protocol: IMAP, socket: SSL, hostname: "testrun.org", port: 993, username_pattern: EMAIL },
+            Server { protocol: IMAP, socket: STARTTLS, hostname: "testrun.org", port: 143, username_pattern: EMAIL },
+            Server { protocol: SMTP, socket: STARTTLS, hostname: "testrun.org", port: 587, username_pattern: EMAIL },
+        ],
+    };
+
    // tiscali.it.md: tiscali.it
    static ref P_TISCALI_IT: Provider = Provider {
        status: Status::OK,
@@ -229,15 +282,14 @@ lazy_static::lazy_static! {
        ],
    };

-    // zoho.com.md: zoho.com
-    // - skipping provider with status OK and no special things to do
-
    pub static ref PROVIDER_DATA: HashMap<&'static str, &'static Provider> = [
        ("aktivix.org", &*P_AKTIVIX_ORG),
+        ("aol.com", &*P_AOL),
        ("autistici.org", &*P_AUTISTICI_ORG),
        ("bluewin.ch", &*P_BLUEWIN_CH),
        ("example.com", &*P_EXAMPLE_COM),
        ("example.org", &*P_EXAMPLE_COM),
+        ("fastmail.com", &*P_FASTMAIL),
        ("freenet.de", &*P_FREENET_DE),
        ("gmail.com", &*P_GMAIL),
        ("googlemail.com", &*P_GMAIL),
@@ -260,6 +312,11 @@ lazy_static::lazy_static! {
        ("outlook.com.tr", &*P_OUTLOOK_COM),
        ("live.com", &*P_OUTLOOK_COM),
        ("posteo.de", &*P_POSTEO),
+        ("protonmail.com", &*P_PROTONMAIL),
+        ("protonmail.ch", &*P_PROTONMAIL),
+        ("t-online.de", &*P_T_ONLINE),
+        ("magenta.de", &*P_T_ONLINE),
+        ("testrun.org", &*P_TESTRUN),
        ("tiscali.it", &*P_TISCALI_IT),
        ("web.de", &*P_WEB_DE),
        ("email.de", &*P_WEB_DE),
--- a/src/provider/mod.rs
+++ b/src/provider/mod.rs
@@ -1,3 +1,5 @@
+//! [Provider database](https://providers.delta.chat/) module
+
 mod data;

 use crate::dc_tools::EmailAddress;
--- a/src/qr.rs
+++ b/src/qr.rs
@@ -2,20 +2,20 @@

 use lazy_static::lazy_static;
 use percent_encoding::percent_decode_str;
+use reqwest::Url;
+use serde::Deserialize;

 use crate::chat;
 use crate::config::*;
 use crate::constants::Blocked;
 use crate::contact::*;
 use crate::context::Context;
-use crate::error::Error;
+use crate::error::{bail, ensure, format_err, Error};
 use crate::key::dc_format_fingerprint;
 use crate::key::dc_normalize_fingerprint;
 use crate::lot::{Lot, LotState};
 use crate::param::*;
 use crate::peerstate::*;
-use reqwest::Url;
-use serde::Deserialize;

 const OPENPGP4FPR_SCHEME: &str = "OPENPGP4FPR:"; // yes: uppercase
 const DCACCOUNT_SCHEME: &str = "DCACCOUNT:";
@@ -221,27 +221,20 @@ pub fn set_config_from_qr(context: &Context, qr: &str) -> Result<(), Error> {

    let response = reqwest::blocking::Client::new().post(url_str).send();
    if response.is_err() {
-        return Err(format_err!(
-            "Cannot create account, request to {} failed",
-            url_str
-        ));
+        bail!("Cannot create account, request to {} failed", url_str);
    }
    let response = response.unwrap();
    if !response.status().is_success() {
-        return Err(format_err!(
-            "Request to {} unsuccessful: {:?}",
-            url_str,
-            response
-        ));
+        bail!("Request to {} unsuccessful: {:?}", url_str, response);
    }

    let parsed: reqwest::Result<CreateAccountResponse> = response.json();
    if parsed.is_err() {
-        return Err(format_err!(
+        bail!(
            "Failed to parse JSON response from {}: error: {:?}",
            url_str,
            parsed
-        ));
+        );
    }
    println!("response: {:?}", &parsed);
    let parsed = parsed.unwrap();
@@ -289,7 +282,6 @@ fn decode_smtp(context: &Context, qr: &str) -> Lot {
        Ok(addr) => addr,
        Err(err) => return err.into(),
    };
-
    let name = "".to_string();
    Lot::from_address(context, name, addr)
 }
--- a/src/securejoin.rs
+++ b/src/securejoin.rs
@@ -9,7 +9,7 @@ use crate::constants::*;
 use crate::contact::*;
 use crate::context::Context;
 use crate::e2ee::*;
-use crate::error::Error;
+use crate::error::{bail, Error};
 use crate::events::Event;
 use crate::headerdef::HeaderDef;
 use crate::key::{dc_normalize_fingerprint, Key};
@@ -343,24 +343,21 @@ fn fingerprint_equals_sender(
    }
    false
 }
-#[derive(Fail, Debug)]
+#[derive(Debug, thiserror::Error)]
 pub(crate) enum HandshakeError {
-    #[fail(display = "Can not be called with special contact ID")]
+    #[error("Can not be called with special contact ID")]
    SpecialContactId,
-    #[fail(display = "Not a Secure-Join message")]
+    #[error("Not a Secure-Join message")]
    NotSecureJoinMsg,
-    #[fail(
-        display = "Failed to look up or create chat for contact #{}",
-        contact_id
-    )]
+    #[error("Failed to look up or create chat for contact #{contact_id}")]
    NoChat {
        contact_id: u32,
-        #[cause]
+        #[source]
        cause: Error,
    },
-    #[fail(display = "Chat for group {} not found", group)]
+    #[error("Chat for group {group} not found")]
    ChatNotFound { group: String },
-    #[fail(display = "No configured self address found")]
+    #[error("No configured self address found")]
    NoSelfAddr,
 }

@@ -393,8 +390,6 @@ pub(crate) fn handle_securejoin_handshake(
    mime_message: &MimeMessage,
    contact_id: u32,
 ) -> Result<HandshakeMessage, HandshakeError> {
-    let own_fingerprint: String;
-
    if contact_id <= DC_CONTACT_ID_LAST_SPECIAL {
        return Err(HandshakeError::SpecialContactId);
    }
@@ -510,7 +505,7 @@ pub(crate) fn handle_securejoin_handshake(
                return Ok(HandshakeMessage::Ignore);
            }
            info!(context, "Fingerprint verified.",);
-            own_fingerprint = get_self_fingerprint(context).unwrap();
+            let own_fingerprint = get_self_fingerprint(context).unwrap();
            joiner_progress!(context, contact_id, 400);
            context.bob.write().unwrap().expects = DC_VC_CONTACT_CONFIRM;

@@ -622,10 +617,17 @@ pub(crate) fn handle_securejoin_handshake(
                }
            } else {
                // Alice -> Bob
-                send_handshake_msg(context, contact_chat_id, "vc-contact-confirm", "", None, "");
+                send_handshake_msg(
+                    context,
+                    contact_chat_id,
+                    "vc-contact-confirm",
+                    "",
+                    Some(fingerprint.clone()),
+                    "",
+                );
                inviter_progress!(context, contact_id, 1000);
            }
-            Ok(HandshakeMessage::Done)
+            Ok(HandshakeMessage::Ignore) // "Done" would delete the message and break multi-device (the key from Autocrypt-header is needed)
        }
        "vg-member-added" | "vc-contact-confirm" => {
            /*=======================================================
@@ -710,26 +712,30 @@ pub(crate) fn handle_securejoin_handshake(
            }
            secure_connection_established(context, contact_chat_id);
            context.bob.write().unwrap().expects = 0;
-            if join_vg {
-                // Bob -> Alice
-                send_handshake_msg(
-                    context,
-                    contact_chat_id,
-                    "vg-member-added-received",
-                    "",
-                    None,
-                    "",
-                );
-            }
+
+            // Bob -> Alice
+            send_handshake_msg(
+                context,
+                contact_chat_id,
+                if join_vg {
+                    "vg-member-added-received"
+                } else {
+                    "vc-contact-confirm-received" // only for observe_securejoin_on_other_device()
+                },
+                "",
+                Some(scanned_fingerprint_of_alice),
+                "",
+            );
+
            context.bob.write().unwrap().status = 1;
            context.stop_ongoing();
            Ok(if join_vg {
                HandshakeMessage::Propagate
            } else {
-                HandshakeMessage::Done
+                HandshakeMessage::Ignore // "Done" deletes the message and breaks multi-device
            })
        }
-        "vg-member-added-received" => {
+        "vg-member-added-received" | "vc-contact-confirm-received" => {
            /*==========================================================
            ====              Alice - the inviter side              ====
            ====  Step 8 in "Out-of-band verified groups" protocol  ====
@@ -737,29 +743,31 @@ pub(crate) fn handle_securejoin_handshake(

            if let Ok(contact) = Contact::get_by_id(context, contact_id) {
                if contact.is_verified(context) == VerifiedStatus::Unverified {
-                    warn!(context, "vg-member-added-received invalid.",);
+                    warn!(context, "{} invalid.", step);
                    return Ok(HandshakeMessage::Ignore);
                }
-                inviter_progress!(context, contact_id, 800);
-                inviter_progress!(context, contact_id, 1000);
-                let field_grpid = mime_message
-                    .get(HeaderDef::SecureJoinGroup)
-                    .map(|s| s.as_str())
-                    .unwrap_or_else(|| "");
-                let (group_chat_id, _, _) = chat::get_chat_id_by_grpid(context, &field_grpid)
-                    .map_err(|err| {
+                if join_vg {
+                    inviter_progress!(context, contact_id, 800);
+                    inviter_progress!(context, contact_id, 1000);
+                    let field_grpid = mime_message
+                        .get(HeaderDef::SecureJoinGroup)
+                        .map(|s| s.as_str())
+                        .unwrap_or_else(|| "");
+                    let (group_chat_id, _, _) = chat::get_chat_id_by_grpid(context, &field_grpid)
+                        .map_err(|err| {
                        warn!(context, "Failed to lookup chat_id from grpid: {}", err);
                        HandshakeError::ChatNotFound {
                            group: field_grpid.to_string(),
                        }
                    })?;
-                context.call_cb(Event::SecurejoinMemberAdded {
-                    chat_id: group_chat_id,
-                    contact_id,
-                });
-                Ok(HandshakeMessage::Done)
+                    context.call_cb(Event::MemberAdded {
+                        chat_id: group_chat_id,
+                        contact_id,
+                    });
+                }
+                Ok(HandshakeMessage::Ignore) // "Done" deletes the message and breaks multi-device
            } else {
-                warn!(context, "vg-member-added-received invalid.",);
+                warn!(context, "{} invalid.", step);
                Ok(HandshakeMessage::Ignore)
            }
        }
@@ -770,6 +778,98 @@ pub(crate) fn handle_securejoin_handshake(
    }
 }

+/// observe_securejoin_on_other_device() must be called when a self-sent securejoin message is seen.
+///
+/// in a multi-device-setup, there may be other devices that "see" the handshake messages.
+/// if the seen messages seen are self-sent messages encrypted+signed correctly with our key,
+/// we can make some conclusions of it:
+///
+/// - if we see the self-sent-message vg-member-added/vc-contact-confirm,
+///   we know that we're an inviter-observer.
+///   the inviting device has marked a peer as verified on vg-request-with-auth/vc-request-with-auth
+///   before sending vg-member-added/vc-contact-confirm - so, if we observe vg-member-added/vc-contact-confirm,
+///   we can mark the peer as verified as well.
+///
+/// - if we see the self-sent-message vg-member-added-received
+///   we know that we're an joiner-observer.
+///   the joining device has marked the peer as verified on vg-member-added/vc-contact-confirm
+///   before sending vg-member-added-received - so, if we observe vg-member-added-received,
+///   we can mark the peer as verified as well.
+pub(crate) fn observe_securejoin_on_other_device(
+    context: &Context,
+    mime_message: &MimeMessage,
+    contact_id: u32,
+) -> Result<HandshakeMessage, HandshakeError> {
+    if contact_id <= DC_CONTACT_ID_LAST_SPECIAL {
+        return Err(HandshakeError::SpecialContactId);
+    }
+    let step = mime_message
+        .get(HeaderDef::SecureJoin)
+        .ok_or(HandshakeError::NotSecureJoinMsg)?;
+    info!(context, "observing secure-join message \'{}\'", step);
+
+    let contact_chat_id =
+        match chat::create_or_lookup_by_contact_id(context, contact_id, Blocked::Not) {
+            Ok((chat_id, blocked)) => {
+                if blocked != Blocked::Not {
+                    chat_id.unblock(context);
+                }
+                chat_id
+            }
+            Err(err) => {
+                return Err(HandshakeError::NoChat {
+                    contact_id,
+                    cause: err,
+                });
+            }
+        };
+
+    match step.as_str() {
+        "vg-member-added"
+        | "vc-contact-confirm"
+        | "vg-member-added-received"
+        | "vc-contact-confirm-received" => {
+            if !encrypted_and_signed(
+                context,
+                mime_message,
+                get_self_fingerprint(context).unwrap_or_default(),
+            ) {
+                could_not_establish_secure_connection(
+                    context,
+                    contact_chat_id,
+                    "Message not encrypted correctly.",
+                );
+                return Ok(HandshakeMessage::Ignore);
+            }
+            let fingerprint = match mime_message.get(HeaderDef::SecureJoinFingerprint) {
+                Some(fp) => fp,
+                None => {
+                    could_not_establish_secure_connection(
+                        context,
+                        contact_chat_id,
+                        "Fingerprint not provided, please update Delta Chat on all your devices.",
+                    );
+                    return Ok(HandshakeMessage::Ignore);
+                }
+            };
+            if mark_peer_as_verified(context, fingerprint).is_err() {
+                could_not_establish_secure_connection(
+                    context,
+                    contact_chat_id,
+                    format!("Fingerprint mismatch on observing {}.", step).as_ref(),
+                );
+                return Ok(HandshakeMessage::Ignore);
+            }
+            Ok(if step.as_str() == "vg-member-added" {
+                HandshakeMessage::Propagate
+            } else {
+                HandshakeMessage::Ignore
+            })
+        }
+        _ => Ok(HandshakeMessage::Ignore),
+    }
+}
+
 fn secure_connection_established(context: &Context, contact_chat_id: ChatId) {
    let contact_id: u32 = chat_id_2_contact_id(context, contact_chat_id);
    let contact = Contact::get_by_id(context, contact_id);
--- a/src/simplify.rs
+++ b/src/simplify.rs
@@ -67,14 +67,13 @@ pub fn simplify(mut input: String, is_chat_message: bool) -> (String, bool) {
 /// Returns message body lines and a boolean indicating whether
 /// a message is forwarded or not.
 fn skip_forward_header<'a>(lines: &'a [&str]) -> (&'a [&'a str], bool) {
-    if lines.len() >= 3
-        && lines[0] == "---------- Forwarded message ----------"
-        && lines[1].starts_with("From: ")
-        && lines[2].is_empty()
-    {
-        (&lines[3..], true)
-    } else {
-        (lines, false)
+    match lines {
+        ["---------- Forwarded message ----------", first_line, "", rest @ ..]
+            if first_line.starts_with("From: ") =>
+        {
+            (rest, true)
+        }
+        _ => (lines, false),
    }
 }

--- a/src/smtp/mod.rs
+++ b/src/smtp/mod.rs
@@ -2,7 +2,7 @@

 pub mod send;

-use std::time::Duration;
+use std::time::{Duration, Instant};

 use async_smtp::smtp::client::net::*;
 use async_smtp::*;
@@ -16,35 +16,29 @@ use crate::oauth2::*;
 /// SMTP write and read timeout in seconds.
 const SMTP_TIMEOUT: u64 = 30;

-#[derive(Debug, Fail)]
+#[derive(Debug, thiserror::Error)]
 pub enum Error {
-    #[fail(display = "Bad parameters")]
+    #[error("Bad parameters")]
    BadParameters,

-    #[fail(display = "Invalid login address {}: {}", address, error)]
+    #[error("Invalid login address {address}: {error}")]
    InvalidLoginAddress {
        address: String,
-        #[cause]
+        #[source]
        error: error::Error,
    },

-    #[fail(display = "SMTP failed to connect: {:?}", _0)]
-    ConnectionFailure(#[cause] smtp::error::Error),
+    #[error("SMTP: failed to connect: {0:?}")]
+    ConnectionFailure(#[source] smtp::error::Error),

-    #[fail(display = "SMTP: failed to setup connection {:?}", _0)]
-    ConnectionSetupFailure(#[cause] smtp::error::Error),
+    #[error("SMTP: failed to setup connection {0:?}")]
+    ConnectionSetupFailure(#[source] smtp::error::Error),

-    #[fail(display = "SMTP: oauth2 error {:?}", _0)]
+    #[error("SMTP: oauth2 error {address}")]
    Oauth2Error { address: String },

-    #[fail(display = "TLS error")]
-    Tls(#[cause] async_native_tls::Error),
-}
-
-impl From<async_native_tls::Error> for Error {
-    fn from(err: async_native_tls::Error) -> Error {
-        Error::Tls(err)
-    }
+    #[error("TLS error")]
+    Tls(#[from] async_native_tls::Error),
 }

 pub type Result<T> = std::result::Result<T, Error>;
@@ -53,8 +47,14 @@ pub type Result<T> = std::result::Result<T, Error>;
 pub struct Smtp {
    #[debug_stub(some = "SmtpTransport")]
    transport: Option<smtp::SmtpTransport>,
+
    /// Email address we are sending from.
    from: Option<EmailAddress>,
+
+    /// Timestamp of last successful send/receive network interaction
+    /// (eg connect or send succeeded). On initialization and disconnect
+    /// it is set to None.
+    last_success: Option<Instant>,
 }

 impl Smtp {
@@ -68,6 +68,17 @@ impl Smtp {
        if let Some(mut transport) = self.transport.take() {
            async_std::task::block_on(transport.close()).ok();
        }
+        self.last_success = None;
+    }
+
+    /// Return true if smtp was connected but is not known to
+    /// have been successfully used the last 60 seconds
+    pub fn has_maybe_stale_connection(&self) -> bool {
+        if let Some(last_success) = self.last_success {
+            Instant::now().duration_since(last_success).as_secs() > 60
+        } else {
+            false
+        }
    }

    /// Check whether we are connected.
@@ -158,9 +169,14 @@ impl Smtp {
            .timeout(Some(Duration::from_secs(SMTP_TIMEOUT)));

        let mut trans = client.into_transport();
-        trans.connect().await.map_err(Error::ConnectionFailure)?;
+
+        trans.connect().await.map_err(|err| {
+            emit_event!(context, Event::ErrorNetwork(err.to_string()));
+            Error::ConnectionFailure(err)
+        })?;

        self.transport = Some(trans);
+        self.last_success = Some(Instant::now());
        context.call_cb(Event::SmtpConnected(format!(
            "SMTP-LOGIN as {} ok",
            lp.send_user,
--- a/src/smtp/send.rs
+++ b/src/smtp/send.rs
@@ -8,15 +8,15 @@ use crate::events::Event;

 pub type Result<T> = std::result::Result<T, Error>;

-#[derive(Debug, Fail)]
+#[derive(Debug, thiserror::Error)]
 pub enum Error {
-    #[fail(display = "Envelope error: {}", _0)]
-    EnvelopeError(#[cause] async_smtp::error::Error),
+    #[error("Envelope error: {}", _0)]
+    EnvelopeError(#[from] async_smtp::error::Error),

-    #[fail(display = "Send error: {}", _0)]
-    SendError(#[cause] async_smtp::smtp::error::Error),
+    #[error("Send error: {}", _0)]
+    SendError(#[from] async_smtp::smtp::error::Error),

-    #[fail(display = "SMTP has no transport")]
+    #[error("SMTP has no transport")]
    NoTransport,
 }

@@ -53,6 +53,8 @@ impl Smtp {
                "Message len={} was smtp-sent to {}",
                message_len, recipients_display
            )));
+            self.last_success = Some(std::time::Instant::now());
+
            Ok(())
        } else {
            warn!(
--- a/Show More
+++ b/Show More