move pthreads to buildInputs

build(nix): nix flake update nixpkgs
build(nix): move pthreads to nativeBuildInputs for windows builds
2026-04-05 23:22:11 +03:00 · 2025-11-17 09:42:30 +00:00 · 2025-11-17 09:21:21 +00:00 · 2025-11-17 08:32:03 +00:00 · 2025-11-16 19:25:24 +00:00 · 2025-11-16 15:29:51 +00:00
109 changed files with 1568 additions and 2927 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -29,9 +29,8 @@ jobs:
  lint_rust:
    name: Lint Rust
    runs-on: ubuntu-latest
-    timeout-minutes: 60
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -53,9 +52,8 @@ jobs:
  cargo_deny:
    name: cargo deny
    runs-on: ubuntu-latest
-    timeout-minutes: 60
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -68,9 +66,8 @@ jobs:
  provider_database:
    name: Check provider database
    runs-on: ubuntu-latest
-    timeout-minutes: 60
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -82,11 +79,10 @@ jobs:
  docs:
    name: Rust doc comments
    runs-on: ubuntu-latest
-    timeout-minutes: 60
    env:
      RUSTDOCFLAGS: -Dwarnings
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -111,7 +107,6 @@ jobs:
          - os: ubuntu-latest
            rust: minimum
    runs-on: ${{ matrix.os }}
-    timeout-minutes: 60
    steps:
      - run:
          echo "RUSTUP_TOOLCHAIN=$MSRV" >> $GITHUB_ENV
@@ -122,7 +117,7 @@ jobs:
        shell: bash
        if: matrix.rust == 'latest'

-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -160,9 +155,8 @@ jobs:
      matrix:
        os: [ubuntu-latest, macos-latest]
    runs-on: ${{ matrix.os }}
-    timeout-minutes: 60
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -186,9 +180,8 @@ jobs:
      matrix:
        os: [ubuntu-latest, macos-latest, windows-latest]
    runs-on: ${{ matrix.os }}
-    timeout-minutes: 60
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -209,9 +202,8 @@ jobs:
  python_lint:
    name: Python lint
    runs-on: ubuntu-latest
-    timeout-minutes: 60
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -227,38 +219,6 @@ jobs:
        working-directory: deltachat-rpc-client
        run: tox -e lint

-  # mypy does not work with PyPy since mypy 1.19
-  # as it introduced native `librt` dependency
-  # that uses CPython internals.
-  # We only run mypy with CPython because of this.
-  cffi_python_mypy:
-    name: CFFI Python mypy
-    needs: ["c_library", "python_lint"]
-    runs-on: ubuntu-latest
-    timeout-minutes: 60
-    steps:
-      - uses: actions/checkout@v6
-        with:
-          show-progress: false
-          persist-credentials: false
-
-      - name: Download libdeltachat.a
-        uses: actions/download-artifact@v6
-        with:
-          name: ubuntu-latest-libdeltachat.a
-          path: target/debug
-
-      - name: Install tox
-        run: pip install tox
-
-      - name: Run mypy
-        env:
-          DCC_RS_TARGET: debug
-          DCC_RS_DEV: ${{ github.workspace }}
-        working-directory: python
-        run: tox -e mypy
-
-
  cffi_python_tests:
    name: CFFI Python tests
    needs: ["c_library", "python_lint"]
@@ -278,16 +238,15 @@ jobs:
          - os: macos-latest
            python: pypy3.10

-          # Minimum Supported Python Version = 3.10
+          # Minimum Supported Python Version = 3.8
          # This is the minimum version for which manylinux Python wheels are
          # built. Test it with minimum supported Rust version.
          - os: ubuntu-latest
-            python: "3.10"
+            python: 3.8

    runs-on: ${{ matrix.os }}
-    timeout-minutes: 60
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -312,7 +271,7 @@ jobs:
          DCC_RS_TARGET: debug
          DCC_RS_DEV: ${{ github.workspace }}
        working-directory: python
-        run: tox -e doc,py
+        run: tox -e mypy,doc,py

  rpc_python_tests:
    name: JSON-RPC Python tests
@@ -334,14 +293,13 @@ jobs:
          - os: macos-latest
            python: pypy3.10

-          # Minimum Supported Python Version = 3.10
+          # Minimum Supported Python Version = 3.8
          - os: ubuntu-latest
-            python: "3.10"
+            python: 3.8

    runs-on: ${{ matrix.os }}
-    timeout-minutes: 60
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
--- a/.github/workflows/deltachat-rpc-server.yml
+++ b/.github/workflows/deltachat-rpc-server.yml
@@ -30,11 +30,11 @@ jobs:
        arch: [aarch64, armv7l, armv6l, i686, x86_64]
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@0b0e072294b088b73964f1d72dfdac0951439dbd # v31
+      - uses: cachix/install-nix-action@fd24c48048070c1be9acd18c9d369a83f0fe94d7 # v31

      - name: Build deltachat-rpc-server binaries
        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-linux
@@ -46,30 +46,6 @@ jobs:
          path: result/bin/deltachat-rpc-server
          if-no-files-found: error

-  build_linux_wheel:
-    name: Linux wheel
-    strategy:
-      fail-fast: false
-      matrix:
-        arch: [aarch64, armv7l, armv6l, i686, x86_64]
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v6
-        with:
-          show-progress: false
-          persist-credentials: false
-      - uses: cachix/install-nix-action@0b0e072294b088b73964f1d72dfdac0951439dbd # v31
-
-      - name: Build deltachat-rpc-server wheels
-        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-linux-wheel
-
-      - name: Upload wheel
-        uses: actions/upload-artifact@v5
-        with:
-          name: deltachat-rpc-server-${{ matrix.arch }}-linux-wheel
-          path: result/*.whl
-          if-no-files-found: error
-
  build_windows:
    name: Windows
    strategy:
@@ -78,11 +54,11 @@ jobs:
        arch: [win32, win64]
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@0b0e072294b088b73964f1d72dfdac0951439dbd # v31
+      - uses: cachix/install-nix-action@fd24c48048070c1be9acd18c9d369a83f0fe94d7 # v31

      - name: Build deltachat-rpc-server binaries
        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}
@@ -94,30 +70,6 @@ jobs:
          path: result/bin/deltachat-rpc-server.exe
          if-no-files-found: error

-  build_windows_wheel:
-    name: Windows wheel
-    strategy:
-      fail-fast: false
-      matrix:
-        arch: [win32, win64]
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v6
-        with:
-          show-progress: false
-          persist-credentials: false
-      - uses: cachix/install-nix-action@0b0e072294b088b73964f1d72dfdac0951439dbd # v31
-
-      - name: Build deltachat-rpc-server wheels
-        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-wheel
-
-      - name: Upload wheel
-        uses: actions/upload-artifact@v5
-        with:
-          name: deltachat-rpc-server-${{ matrix.arch }}-wheel
-          path: result/*.whl
-          if-no-files-found: error
-
  build_macos:
    name: macOS
    strategy:
@@ -127,7 +79,7 @@ jobs:

    runs-on: macos-latest
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -153,11 +105,11 @@ jobs:
        arch: [arm64-v8a, armeabi-v7a]
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@0b0e072294b088b73964f1d72dfdac0951439dbd # v31
+      - uses: cachix/install-nix-action@fd24c48048070c1be9acd18c9d369a83f0fe94d7 # v31

      - name: Build deltachat-rpc-server binaries
        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-android
@@ -169,33 +121,9 @@ jobs:
          path: result/bin/deltachat-rpc-server
          if-no-files-found: error

-  build_android_wheel:
-    name: Android wheel
-    strategy:
-      fail-fast: false
-      matrix:
-        arch: [arm64-v8a, armeabi-v7a]
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v6
-        with:
-          show-progress: false
-          persist-credentials: false
-      - uses: cachix/install-nix-action@0b0e072294b088b73964f1d72dfdac0951439dbd # v31
-
-      - name: Build deltachat-rpc-server wheels
-        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-android-wheel
-
-      - name: Upload wheel
-        uses: actions/upload-artifact@v5
-        with:
-          name: deltachat-rpc-server-${{ matrix.arch }}-android-wheel
-          path: result/*.whl
-          if-no-files-found: error
-
  publish:
    name: Build wheels and upload binaries to the release
-    needs: ["build_linux", "build_linux_wheel", "build_windows", "build_windows_wheel", "build_macos", "build_android", "build_android_wheel"]
+    needs: ["build_linux", "build_windows", "build_macos"]
    environment:
      name: pypi
      url: https://pypi.org/p/deltachat-rpc-server
@@ -204,11 +132,11 @@ jobs:
      contents: write
    runs-on: "ubuntu-latest"
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@0b0e072294b088b73964f1d72dfdac0951439dbd # v31
+      - uses: cachix/install-nix-action@fd24c48048070c1be9acd18c9d369a83f0fe94d7 # v31

      - name: Download Linux aarch64 binary
        uses: actions/download-artifact@v6
@@ -216,84 +144,42 @@ jobs:
          name: deltachat-rpc-server-aarch64-linux
          path: deltachat-rpc-server-aarch64-linux.d

-      - name: Download Linux aarch64 wheel
-        uses: actions/download-artifact@v6
-        with:
-          name: deltachat-rpc-server-aarch64-linux-wheel
-          path: deltachat-rpc-server-aarch64-linux-wheel.d
-
      - name: Download Linux armv7l binary
        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-armv7l-linux
          path: deltachat-rpc-server-armv7l-linux.d

-      - name: Download Linux armv7l wheel
-        uses: actions/download-artifact@v6
-        with:
-          name: deltachat-rpc-server-armv7l-linux-wheel
-          path: deltachat-rpc-server-armv7l-linux-wheel.d
-
      - name: Download Linux armv6l binary
        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-armv6l-linux
          path: deltachat-rpc-server-armv6l-linux.d

-      - name: Download Linux armv6l wheel
-        uses: actions/download-artifact@v6
-        with:
-          name: deltachat-rpc-server-armv6l-linux-wheel
-          path: deltachat-rpc-server-armv6l-linux-wheel.d
-
      - name: Download Linux i686 binary
        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-i686-linux
          path: deltachat-rpc-server-i686-linux.d

-      - name: Download Linux i686 wheel
-        uses: actions/download-artifact@v6
-        with:
-          name: deltachat-rpc-server-i686-linux-wheel
-          path: deltachat-rpc-server-i686-linux-wheel.d
-
      - name: Download Linux x86_64 binary
        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-x86_64-linux
          path: deltachat-rpc-server-x86_64-linux.d

-      - name: Download Linux x86_64 wheel
-        uses: actions/download-artifact@v6
-        with:
-          name: deltachat-rpc-server-x86_64-linux-wheel
-          path: deltachat-rpc-server-x86_64-linux-wheel.d
-
      - name: Download Win32 binary
        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-win32
          path: deltachat-rpc-server-win32.d

-      - name: Download Win32 wheel
-        uses: actions/download-artifact@v6
-        with:
-          name: deltachat-rpc-server-win32-wheel
-          path: deltachat-rpc-server-win32-wheel.d
-
      - name: Download Win64 binary
        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-win64
          path: deltachat-rpc-server-win64.d

-      - name: Download Win64 wheel
-        uses: actions/download-artifact@v6
-        with:
-          name: deltachat-rpc-server-win64-wheel
-          path: deltachat-rpc-server-win64-wheel.d
-
      - name: Download macOS binary for x86_64
        uses: actions/download-artifact@v6
        with:
@@ -312,24 +198,12 @@ jobs:
          name: deltachat-rpc-server-arm64-v8a-android
          path: deltachat-rpc-server-arm64-v8a-android.d

-      - name: Download Android wheel for arm64-v8a
-        uses: actions/download-artifact@v6
-        with:
-          name: deltachat-rpc-server-arm64-v8a-android-wheel
-          path: deltachat-rpc-server-arm64-v8a-android-wheel.d
-
      - name: Download Android binary for armeabi-v7a
        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-armeabi-v7a-android
          path: deltachat-rpc-server-armeabi-v7a-android.d

-      - name: Download Android wheel for armeabi-v7a
-        uses: actions/download-artifact@v6
-        with:
-          name: deltachat-rpc-server-armeabi-v7a-android-wheel
-          path: deltachat-rpc-server-armeabi-v7a-android-wheel.d
-
      - name: Create bin/ directory
        run: |
          mkdir -p bin
@@ -348,21 +222,38 @@ jobs:
      - name: List binaries
        run: ls -l bin/

+      # Python 3.11 is needed for tomllib used in scripts/wheel-rpc-server.py
+      - name: Install python 3.12
+        uses: actions/setup-python@v6
+        with:
+          python-version: 3.12
+
      - name: Install wheel
        run: pip install wheel

-      - name: Build deltachat-rpc-server Python wheels
+      - name: Build deltachat-rpc-server Python wheels and source package
        run: |
          mkdir -p dist
-          mv deltachat-rpc-server-aarch64-linux-wheel.d/*.whl dist/
-          mv deltachat-rpc-server-armv7l-linux-wheel.d/*.whl dist/
-          mv deltachat-rpc-server-armv6l-linux-wheel.d/*.whl dist/
-          mv deltachat-rpc-server-i686-linux-wheel.d/*.whl dist/
-          mv deltachat-rpc-server-x86_64-linux-wheel.d/*.whl dist/
-          mv deltachat-rpc-server-win64-wheel.d/*.whl dist/
-          mv deltachat-rpc-server-win32-wheel.d/*.whl dist/
-          mv deltachat-rpc-server-arm64-v8a-android-wheel.d/*.whl dist/
-          mv deltachat-rpc-server-armeabi-v7a-android-wheel.d/*.whl dist/
+          nix build .#deltachat-rpc-server-x86_64-linux-wheel
+          cp result/*.whl dist/
+          nix build .#deltachat-rpc-server-armv7l-linux-wheel
+          cp result/*.whl dist/
+          nix build .#deltachat-rpc-server-armv6l-linux-wheel
+          cp result/*.whl dist/
+          nix build .#deltachat-rpc-server-aarch64-linux-wheel
+          cp result/*.whl dist/
+          nix build .#deltachat-rpc-server-i686-linux-wheel
+          cp result/*.whl dist/
+          nix build .#deltachat-rpc-server-win64-wheel
+          cp result/*.whl dist/
+          nix build .#deltachat-rpc-server-win32-wheel
+          cp result/*.whl dist/
+          nix build .#deltachat-rpc-server-arm64-v8a-android-wheel
+          cp result/*.whl dist/
+          nix build .#deltachat-rpc-server-armeabi-v7a-android-wheel
+          cp result/*.whl dist/
+          nix build .#deltachat-rpc-server-source
+          cp result/*.tar.gz dist/
          python3 scripts/wheel-rpc-server.py x86_64-darwin bin/deltachat-rpc-server-x86_64-macos
          python3 scripts/wheel-rpc-server.py aarch64-darwin bin/deltachat-rpc-server-aarch64-macos
          mv *.whl dist/
@@ -380,7 +271,7 @@ jobs:
            --repo ${{ github.repository }} \
            bin/* dist/*

-      - name: Publish deltachat-rpc-server to PyPI
+      - name: Publish deltachat-rpc-client to PyPI
        if: github.event_name == 'release'
        uses: pypa/gh-action-pypi-publish@release/v1

@@ -388,16 +279,13 @@ jobs:
    name: Build & Publish npm prebuilds and deltachat-rpc-server
    needs: ["build_linux", "build_windows", "build_macos"]
    runs-on: "ubuntu-latest"
-    environment:
-      name: npm-stdio-rpc-server
-      url: https://www.npmjs.com/package/@deltachat/stdio-rpc-server
    permissions:
      id-token: write

      # Needed to publish the binaries to the release.
      contents: write
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -518,14 +406,11 @@ jobs:
          node-version: 20
          registry-url: "https://registry.npmjs.org"

-      # Ensure npm 11.5.1 or later is installed.
-      # It is needed for <https://docs.npmjs.com/trusted-publishers>
-      - name: Update npm
-        run: npm install -g npm@latest
-
      - name: Publish npm packets for prebuilds and `@deltachat/stdio-rpc-server`
        if: github.event_name == 'release'
        working-directory: deltachat-rpc-server/npm-package
        run: |
          ls -lah platform_package
          for platform in *.tgz; do npm publish --provenance "$platform" --access public; done
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
--- a/.github/workflows/jsonrpc-client-npm-package.yml
+++ b/.github/workflows/jsonrpc-client-npm-package.yml
@@ -10,14 +10,11 @@ jobs:
  pack-module:
    name: "Publish @deltachat/jsonrpc-client"
    runs-on: ubuntu-latest
-    environment:
-      name: npm-jsonrpc-client
-      url: https://www.npmjs.com/package/@deltachat/jsonrpc-client
    permissions:
      id-token: write
      contents: read
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -27,11 +24,6 @@ jobs:
          node-version: 20
          registry-url: "https://registry.npmjs.org"

-      # Ensure npm 11.5.1 or later is installed.
-      # It is needed for <https://docs.npmjs.com/trusted-publishers>
-      - name: Update npm
-        run: npm install -g npm@latest
-
      - name: Install dependencies without running scripts
        working-directory: deltachat-jsonrpc/typescript
        run: npm install --ignore-scripts
@@ -45,3 +37,5 @@ jobs:
      - name: Publish
        working-directory: deltachat-jsonrpc/typescript
        run: npm publish --provenance deltachat-jsonrpc-client-* --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
--- a/.github/workflows/jsonrpc.yml
+++ b/.github/workflows/jsonrpc.yml
@@ -16,7 +16,7 @@ jobs:
  build_and_test:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
--- a/.github/workflows/nix.yml
+++ b/.github/workflows/nix.yml
@@ -21,11 +21,11 @@ jobs:
    name: check flake formatting
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@0b0e072294b088b73964f1d72dfdac0951439dbd # v31
+      - uses: cachix/install-nix-action@fd24c48048070c1be9acd18c9d369a83f0fe94d7 # v31
      - run: nix fmt flake.nix -- --check

  build:
@@ -80,11 +80,11 @@ jobs:
          #- deltachat-rpc-server-x86_64-android
          #- deltachat-rpc-server-x86-android
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@0b0e072294b088b73964f1d72dfdac0951439dbd # v31
+      - uses: cachix/install-nix-action@fd24c48048070c1be9acd18c9d369a83f0fe94d7 # v31
      - run: nix build .#${{ matrix.installable }}

  build-macos:
@@ -101,9 +101,9 @@ jobs:
          # because of <https://github.com/NixOS/nixpkgs/issues/413910>.
          # - deltachat-rpc-server-aarch64-darwin
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@0b0e072294b088b73964f1d72dfdac0951439dbd # v31
+      - uses: cachix/install-nix-action@fd24c48048070c1be9acd18c9d369a83f0fe94d7 # v31
      - run: nix build .#${{ matrix.installable }}
--- a/.github/workflows/publish-deltachat-rpc-client-pypi.yml
+++ b/.github/workflows/publish-deltachat-rpc-client-pypi.yml
@@ -13,7 +13,7 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
--- a/.github/workflows/repl.yml
+++ b/.github/workflows/repl.yml
@@ -14,11 +14,11 @@ jobs:
    name: Build REPL example
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@0b0e072294b088b73964f1d72dfdac0951439dbd # v31
+      - uses: cachix/install-nix-action@fd24c48048070c1be9acd18c9d369a83f0fe94d7 # v31
      - name: Build
        run: nix build .#deltachat-repl-win64
      - name: Upload binary
--- a/.github/workflows/upload-docs.yml
+++ b/.github/workflows/upload-docs.yml
@@ -13,7 +13,7 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -31,12 +31,12 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
          fetch-depth: 0 # Fetch history to calculate VCS version number.
-      - uses: cachix/install-nix-action@0b0e072294b088b73964f1d72dfdac0951439dbd # v31
+      - uses: cachix/install-nix-action@fd24c48048070c1be9acd18c9d369a83f0fe94d7 # v31
      - name: Build Python documentation
        run: nix build .#python-docs
      - name: Upload to py.delta.chat
@@ -50,12 +50,12 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
          fetch-depth: 0 # Fetch history to calculate VCS version number.
-      - uses: cachix/install-nix-action@0b0e072294b088b73964f1d72dfdac0951439dbd # v31
+      - uses: cachix/install-nix-action@fd24c48048070c1be9acd18c9d369a83f0fe94d7 # v31
      - name: Build C documentation
        run: nix build .#docs
      - name: Upload to c.delta.chat
@@ -72,7 +72,7 @@ jobs:
        working-directory: ./deltachat-jsonrpc/typescript

    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
--- a/.github/workflows/upload-ffi-docs.yml
+++ b/.github/workflows/upload-ffi-docs.yml
@@ -16,7 +16,7 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
--- a/.github/workflows/zizmor-scan.yml
+++ b/.github/workflows/zizmor-scan.yml
@@ -14,12 +14,12 @@ jobs:
      security-events: write
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
        with:
          persist-credentials: false

      - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244
+        uses: astral-sh/setup-uv@85856786d1ce8acfbcc2f13a5f3fbd6b938f9f41

      - name: Run zizmor
        run: uvx zizmor --format sarif . > results.sarif
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,166 +1,5 @@
 # Changelog

-## [2.31.0] - 2025-12-04
-
-### CI
-
- Update npm before publishing packages.
-
-### Features / Changes
-
- Use v2 SEIPD when sending messages to self.
-
-## [2.30.0] - 2025-12-04
-
-### Features / Changes
-
- Disable SNI for STARTTLS ([#7499](https://github.com/chatmail/core/pull/7499)).
- Introduce cross-core testing along with improvements to test frameworking.
- Synchronize transports via sync messages.
-
-### Fixes
-
- Fix shutdown shortly after call.
-
-### API-Changes
-
- Add `TransportsModified` event (for tests).
-
-### CI
-
- Use "trusted publishing" for NPM packages.
-
-### Miscellaneous Tasks
-
- deps: Bump actions/checkout from 5 to 6.
- cargo: Bump syn from 2.0.110 to 2.0.111.
- deps: Bump astral-sh/setup-uv from 7.1.3 to 7.1.4.
- cargo: Bump sdp from 0.8.0 to 0.10.0.
- Remove two outdated todo comments ([#7550](https://github.com/chatmail/core/pull/7550)).
-
-## [2.29.0] - 2025-12-01
-
-### API-Changes
-
- deltachat-rpc-client: Add Message.exists().
-
-### Features / Changes
-
- [**breaking**] Increase backup version from 3 to 4.
- Hide `To` header in encrypted messages.
- `deltachat_rpc_client.Rpc` accepts `rpc_server_path` for using a particular deltachat-rpc-server ([#7493](https://github.com/chatmail/core/pull/7493)).
- Don't send `Chat-Group-Avatar` header in unencrypted groups.
- Don't update `self-{avatar,status}` from received messages ([#7002](https://github.com/chatmail/core/pull/7002)).
-
-### Fixes
-
- `CREATE INDEX imap_only_rfc724_mid ON imap(rfc724_mid)` ([#7490](https://github.com/chatmail/core/pull/7490)).
- Use the same webxdc ratelimit for all email servers.
- Handle the case when account does not exist in `get_existing_msg_ids()`.
- Don't send self-avatar in unencrypted messages ([#7136](https://github.com/chatmail/core/pull/7136)).
- Do not configure folders during transport configuration.
- Upload sync messages only with the primary transport.
- Do not use deprecated ConfiguredProvider in get_configured_provider.
-
-### Build system
-
- Make scripts for remote testing usable.
- Increase minimum supported Python version to 3.10.
- Use SPDX license expression in Python package metadata.
-
-### CI
-
- Set timeout-minutes for all jobs in ci.yaml workflow.
- Do not install Python manually to bulid RPC server wheels.
- Do not build fake RPC server source packages.
- Build Python wheels in separate jobs.
-
-### Refactor
-
- [**breaking**] Remove some unneeded stock strings ([#7496](https://github.com/chatmail/core/pull/7496)).
- Strike events in rpc-client request handling, get result from queue.
- Use ConfiguredProvider config directly when loading legacy settings.
- Remove update_icons and disable_server_delete migrations.
- Use `SYMMETRIC_KEY_ALGORITHM` constant in `symm_encrypt_message()`.
- Make signing key non-optional for `pk_encrypt`.
-
-### Tests
-
- `test_remove_member_bcc`: Test unencrypted group as it was initially.
-
-### Miscellaneous Tasks
-
- deps: Bump cachix/install-nix-action from 31.8.1 to 31.8.4.
- cargo: Bump hyper from 1.7.0 to 1.8.1.
- cargo: Bump human-panic from 2.0.3 to 2.0.4.
- cargo: Bump hyper-util from 0.1.17 to 0.1.18.
- cargo: Bump rusqlite from 0.36.0 to 0.37.0.
- cargo: Bump tokio-util from 0.7.16 to 0.7.17.
- cargo: Bump toml from 0.9.7 to 0.9.8.
- cargo: Bump proptest from 1.8.0 to 1.9.0.
- cargo: Bump parking_lot from 0.12.4 to 0.12.5.
- cargo: Bump syn from 2.0.106 to 2.0.110.
- cargo: Bump quick-xml from 0.38.3 to 0.38.4.
- cargo: Bump rustls-pki-types from 1.12.0 to 1.13.0.
- cargo: Bump nu-ansi-term from 0.50.1 to 0.50.3.
- cargo: Bump sanitize-filename from 0.5.0 to 0.6.0.
- cargo: Bump quote from 1.0.41 to 1.0.42.
- cargo: Bump libc from 0.2.176 to 0.2.177.
- cargo: Bump bytes from 1.10.1 to 1.11.0.
- cargo: Bump image from 0.25.8 to 0.25.9.
- cargo: Bump rand from 0.9.0 to 0.9.2 ([#7501](https://github.com/chatmail/core/pull/7501)).
- cargo: Bump tokio from 1.45.1 to 1.48.0.
-
-## [2.28.0] - 2025-11-23
-
-### API-Changes
-
- New API `get_existing_msg_ids()` to check if the messages with given IDs exist.
- Add API to get storage usage information. (JSON-RPC method: `get_storage_usage_report_string`) ([#7486](https://github.com/chatmail/core/pull/7486)).
-
-### Features / Changes
-
- Experimentaly allow adding second transport.
-  There is no synchronization yet, so UIs should not allow the user to change the address manually and only expose the ability to add transports if `bcc_self` is disabled.
- Default `bcc_self` to 0 for all new accounts.
- Rephrase "Establishing end-to-end encryption" -> "Establishing connection".
- Stock string for joining a channel ([#7480](https://github.com/chatmail/core/pull/7480)).
-
-### Fixes
-
- Limit the range of `Date` to up to 6 days in the past.
- `ContactId::set_name_ex()`: Emit ContactsChanged when transaction is completed.
- Set SQLite busy timeout to 1 minute on iOS.
- Sort system messages to the bottom of the chat.
- Assign outgoing self-sent unencrypted messages to ad-hoc groups with only SELF ([#7409](https://github.com/chatmail/core/pull/7409)).
- Add missing stock strings.
- Look up or create ad-hoc group if there are duplicate addresses in "To".
-
-### Documentation
-
- Add missing RFC 9788, link 'Header Protection for Cryptographically Protected Email' as other RFC.
- Remove unsupported RFC 3503 (`$MDNSent` flag) from the list of standards.
- Mark database encryption support as deprecated ([#7403](https://github.com/chatmail/core/pull/7403)).
-
-### Build system
-
- Increase Minimum Supported Rust Version to 1.88.0.
- Update rPGP from 0.17.0 to 0.18.0.
- nix: Update `fenix` and use it for all Rust builds.
-
-### CI
-
- Do not use --encoding option for rst-lint.
-
-### Refactor
-
- Use `HashMap::extract_if()` stabilized in Rust 1.88.0.
- Remove some easy to remove unwrap() calls.
-
-### Tests
-
- Contact shalln't be verified by another having unknown verifier.
-
 ## [2.27.0] - 2025-11-16

 ### API-Changes
@@ -7346,7 +7185,3 @@ https://github.com/chatmail/core/pulls?q=is%3Apr+is%3Aclosed
 [2.25.0]: https://github.com/chatmail/core/compare/v2.24.0..v2.25.0
 [2.26.0]: https://github.com/chatmail/core/compare/v2.25.0..v2.26.0
 [2.27.0]: https://github.com/chatmail/core/compare/v2.26.0..v2.27.0
-[2.28.0]: https://github.com/chatmail/core/compare/v2.27.0..v2.28.0
-[2.29.0]: https://github.com/chatmail/core/compare/v2.28.0..v2.29.0
-[2.30.0]: https://github.com/chatmail/core/compare/v2.29.0..v2.30.0
-[2.31.0]: https://github.com/chatmail/core/compare/v2.30.0..v2.31.0
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,4 +1,4 @@
-# Contributing to chatmail core
+# Contributing to Delta Chat

 ## Bug reports

--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat"
-version = "2.31.0"
+version = "2.27.0"
 edition = "2024"
 license = "MPL-2.0"
 rust-version = "1.88"
@@ -78,7 +78,7 @@ num-derive = "0.4"
 num-traits = { workspace = true }
 parking_lot = "0.12.4"
 percent-encoding = "2.3"
-pgp = { version = "0.18.0", default-features = false }
+pgp = { version = "0.17.0", default-features = false }
 pin-project = "1"
 qrcodegen = "1.7.0"
 quick-xml = { version = "0.38", features = ["escape-html"] }
@@ -88,7 +88,7 @@ regex = { workspace = true }
 rusqlite = { workspace = true, features = ["sqlcipher"] }
 rustls-pki-types = "1.12.0"
 sanitize-filename = { workspace = true }
-sdp = "0.10.0"
+sdp = "0.8.0"
 serde_json = { workspace = true }
 serde_urlencoded = "0.7.1"
 serde = { workspace = true, features = ["derive"] }
@@ -194,14 +194,14 @@ nu-ansi-term = "0.50"
 num-traits = "0.2"
 rand = "0.9"
 regex = "1.10"
-rusqlite = "0.37"
-sanitize-filename = "0.6"
+rusqlite = "0.36"
+sanitize-filename = "0.5"
 serde = "1.0"
 serde_json = "1"
 tempfile = "3.23.0"
 thiserror = "2"
 tokio = "1"
-tokio-util = "0.7.17"
+tokio-util = "0.7.16"
 tracing-subscriber = "0.3"
 yerpc = "0.6.4"

--- a/benches/decrypting.rs
+++ b/benches/decrypting.rs
@@ -38,7 +38,7 @@ use deltachat::{
    internals_for_benches::key_from_asc,
    internals_for_benches::parse_and_get_text,
    internals_for_benches::store_self_keypair,
-    pgp::{KeyPair, SeipdVersion, decrypt, pk_encrypt, symm_encrypt_message},
+    pgp::{KeyPair, decrypt, pk_encrypt, symm_encrypt_message},
    stock_str::StockStrings,
 };
 use rand::{Rng, rng};
@@ -108,10 +108,9 @@ fn criterion_benchmark(c: &mut Criterion) {
            pk_encrypt(
                plain.clone(),
                vec![black_box(key_pair.public.clone())],
-                key_pair.secret.clone(),
+                Some(key_pair.secret.clone()),
                true,
                true,
-                SeipdVersion::V2,
            )
            .await
            .unwrap()
--- a/deltachat-ffi/Cargo.toml
+++ b/deltachat-ffi/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat_ffi"
-version = "2.31.0"
+version = "2.27.0"
 description = "Deltachat FFI"
 edition = "2018"
 readme = "README.md"
--- a/deltachat-ffi/deltachat.h
+++ b/deltachat-ffi/deltachat.h
@@ -247,7 +247,7 @@ typedef struct _dc_event_emitter dc_accounts_event_emitter_t;
 // create/open/config/information

 /**
- * Create a new context object and try to open it. If
+ * Create a new context object and try to open it without passphrase. If
 * database is encrypted, the result is the same as using
 * dc_context_new_closed() and the database should be opened with
 * dc_context_open() before using.
@@ -283,13 +283,8 @@ dc_context_t*   dc_context_new_closed        (const char* dbfile);


 /**
- * Opens the database with the given passphrase.
- * NB: Nonempty passphrase (db encryption) is deprecated 2025-11:
- * - Db encryption does nothing with blobs, so fs/disk encryption is recommended.
- * - Isolation from other apps is needed anyway.
- *
- * This can only be used on closed context, such as
- * created by dc_context_new_closed(). If the database
+ * Opens the database with the given passphrase. This can only be used on
+ * closed context, such as created by dc_context_new_closed(). If the database
 * is new, this operation sets the database passphrase. For existing databases
 * the passphrase should be the one used to encrypt the database the first
 * time.
@@ -306,8 +301,6 @@ int             dc_context_open              (dc_context_t *context, const char*

 /**
 * Changes the passphrase on the open database.
- * Deprecated 2025-11, see `dc_context_open()` for reasoning.
- *
 * Existing database must already be encrypted and the passphrase cannot be NULL or empty.
 * It is impossible to encrypt unencrypted database with this method and vice versa.
 *
@@ -7215,6 +7208,11 @@ void dc_event_unref(dc_event_t* event);
 /// Used as device message text.
 #define DC_STR_SELF_DELETED_MSG_BODY      91

+/// "'Delete messages from server' turned off as now all folders are affected."
+///
+/// Used as device message text.
+#define DC_STR_SERVER_TURNED_OFF          92
+
 /// "Message deletion timer is set to %1$s minutes."
 ///
 /// Used in status messages.
@@ -7411,6 +7409,19 @@ void dc_event_unref(dc_event_t* event);
 /// @deprecated 2025-06-05
 #define DC_STR_AEAP_ADDR_CHANGED          122

+/// "You changed your email address from %1$s to %2$s.
+/// If you now send a message to a group, contacts there will automatically
+/// replace the old with your new address.\n\n It's highly advised to set up 
+/// your old email provider to forward all emails to your new email address. 
+/// Otherwise you might miss messages of contacts who did not get your new 
+/// address yet." + the link to the AEAP blog post
+/// 
+/// As soon as there is a post about AEAP, the UIs should add it:
+/// set_stock_translation(123, getString(aeap_explanation) + "\n\n" + AEAP_BLOG_LINK)
+///
+/// Used in a device message that explains AEAP.
+#define DC_STR_AEAP_EXPLANATION_AND_LINK  123
+
 /// "You changed group name from \"%1$s\" to \"%2$s\"."
 ///
 /// `%1$s` will be replaced by the old group name.
@@ -7659,6 +7670,12 @@ void dc_event_unref(dc_event_t* event);
 /// Used in info messages.
 #define DC_STR_CHAT_PROTECTION_ENABLED 170

+/// "%1$s sent a message from another device."
+///
+/// Used in info messages.
+/// @deprecated 2025-07
+#define DC_STR_CHAT_PROTECTION_DISABLED 171
+
 /// "Others will only see this group after you sent a first message."
 ///
 /// Used as the first info messages in newly created groups.
@@ -7695,12 +7712,7 @@ void dc_event_unref(dc_event_t* event);
 /// Used in summaries.
 #define DC_STR_REACTED_BY 177

-/// "Member %1$s removed."
-///
-/// `%1$s` will be replaced by name of the removed contact.
-#define DC_STR_REMOVE_MEMBER 178
-
-/// "Establishing connection, please wait…"
+/// "Establishing guaranteed end-to-end encryption, please wait…"
 ///
 /// Used as info message.
 #define DC_STR_SECUREJOIN_WAIT 190
@@ -7744,22 +7756,7 @@ void dc_event_unref(dc_event_t* event);
 /// Subtitle for channel join qrcode svg image generated by the core.
 ///
 /// `%1$s` will be replaced with the channel name.
-#define DC_STR_SECURE_JOIN_CHANNEL_QR_DESC 201
-
-/// "You joined the channel."
-#define DC_STR_MSG_YOU_JOINED_CHANNEL 202
-
-/// "%1$s invited you to join this channel. Waiting for the device of %2$s to reply…"
-///
-/// Added as an info-message directly after scanning a QR code for joining a broadcast channel.
-///
-/// `%1$s` and `%2$s` will both be replaced by the name of the inviter.
-#define DC_STR_SECURE_JOIN_CHANNEL_STARTED 203
-
-/// "The attachment contains anonymous usage statistics, which help us improve Delta Chat. Thank you!"
-///
-/// Used as the message body for statistics sent out.
-#define DC_STR_STATS_MSG_BODY 210
+#define DC_STR_SECURE_JOIN_CHANNEL_QR_DESC  201

 /// "Proxy Enabled"
 ///
--- a/deltachat-ffi/src/lib.rs
+++ b/deltachat-ffi/src/lib.rs
@@ -559,7 +559,6 @@ pub unsafe extern "C" fn dc_event_get_id(event: *mut dc_event_t) -> libc::c_int
        EventType::IncomingCallAccepted { .. } => 2560,
        EventType::OutgoingCallAccepted { .. } => 2570,
        EventType::CallEnded { .. } => 2580,
-        EventType::TransportsModified => 2600,
        #[allow(unreachable_patterns)]
        #[cfg(test)]
        _ => unreachable!("This is just to silence a rust_analyzer false-positive"),
@@ -594,8 +593,7 @@ pub unsafe extern "C" fn dc_event_get_data1_int(event: *mut dc_event_t) -> libc:
        | EventType::AccountsBackgroundFetchDone
        | EventType::ChatlistChanged
        | EventType::AccountsChanged
-        | EventType::AccountsItemChanged
-        | EventType::TransportsModified => 0,
+        | EventType::AccountsItemChanged => 0,
        EventType::IncomingReaction { contact_id, .. }
        | EventType::IncomingWebxdcNotify { contact_id, .. } => contact_id.to_u32() as libc::c_int,
        EventType::MsgsChanged { chat_id, .. }
@@ -683,8 +681,7 @@ pub unsafe extern "C" fn dc_event_get_data2_int(event: *mut dc_event_t) -> libc:
        | EventType::IncomingCallAccepted { .. }
        | EventType::OutgoingCallAccepted { .. }
        | EventType::CallEnded { .. }
-        | EventType::EventChannelOverflow { .. }
-        | EventType::TransportsModified => 0,
+        | EventType::EventChannelOverflow { .. } => 0,
        EventType::MsgsChanged { msg_id, .. }
        | EventType::ReactionsChanged { msg_id, .. }
        | EventType::IncomingReaction { msg_id, .. }
@@ -783,8 +780,7 @@ pub unsafe extern "C" fn dc_event_get_data2_str(event: *mut dc_event_t) -> *mut
        | EventType::AccountsChanged
        | EventType::AccountsItemChanged
        | EventType::IncomingCallAccepted { .. }
-        | EventType::WebxdcRealtimeAdvertisementReceived { .. }
-        | EventType::TransportsModified => ptr::null_mut(),
+        | EventType::WebxdcRealtimeAdvertisementReceived { .. } => ptr::null_mut(),
        EventType::IncomingCall {
            place_call_info, ..
        } => {
--- a/deltachat-jsonrpc/Cargo.toml
+++ b/deltachat-jsonrpc/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-jsonrpc"
-version = "2.31.0"
+version = "2.27.0"
 description = "DeltaChat JSON-RPC API"
 edition = "2021"
 license = "MPL-2.0"
--- a/deltachat-jsonrpc/src/api.rs
+++ b/deltachat-jsonrpc/src/api.rs
@@ -21,9 +21,9 @@ use deltachat::context::get_info;
 use deltachat::ephemeral::Timer;
 use deltachat::imex;
 use deltachat::location;
+use deltachat::message::get_msg_read_receipts;
 use deltachat::message::{
-    self, delete_msgs_ex, get_existing_msg_ids, get_msg_read_receipts, markseen_msgs, Message,
-    MessageState, MsgId, Viewtype,
+    self, delete_msgs_ex, markseen_msgs, Message, MessageState, MsgId, Viewtype,
 };
 use deltachat::peer_channels::{
    leave_webxdc_realtime, send_webxdc_realtime_advertisement, send_webxdc_realtime_data,
@@ -34,7 +34,6 @@ use deltachat::qr_code_generator::{generate_backup_qr, get_securejoin_qr_svg};
 use deltachat::reaction::{get_msg_reactions, send_reaction};
 use deltachat::securejoin;
 use deltachat::stock_str::StockMessage;
-use deltachat::storage_usage::get_storage_usage;
 use deltachat::webxdc::StatusUpdateSerial;
 use deltachat::EventEmitter;
 use sanitize_filename::is_sanitized;
@@ -121,14 +120,14 @@ impl CommandApi {
        }
    }

-    async fn get_context_opt(&self, id: u32) -> Option<deltachat::context::Context> {
-        self.accounts.read().await.get_account(id)
-    }
-
    async fn get_context(&self, id: u32) -> Result<deltachat::context::Context> {
-        self.get_context_opt(id)
+        let sc = self
+            .accounts
+            .read()
            .await
-            .ok_or_else(|| anyhow!("account with id {id} not found"))
+            .get_account(id)
+            .ok_or_else(|| anyhow!("account with id {id} not found"))?;
+        Ok(sc)
    }

    async fn with_state<F, T>(&self, id: u32, with_state: F) -> T
@@ -367,13 +366,6 @@ impl CommandApi {
        ctx.get_info().await
    }

-    /// Get storage usage report as formatted string
-    async fn get_storage_usage_report_string(&self, account_id: u32) -> Result<String> {
-        let ctx = self.get_context(account_id).await?;
-        let storage_usage = get_storage_usage(&ctx).await?;
-        Ok(storage_usage.to_string())
-    }
-
    /// Get the blob dir.
    async fn get_blob_dir(&self, account_id: u32) -> Result<Option<String>> {
        let ctx = self.get_context(account_id).await?;
@@ -1303,24 +1295,6 @@ impl CommandApi {
            .collect())
    }

-    /// Checks if the messages with given IDs exist.
-    ///
-    /// Returns IDs of existing messages.
-    async fn get_existing_msg_ids(&self, account_id: u32, msg_ids: Vec<u32>) -> Result<Vec<u32>> {
-        if let Some(context) = self.get_context_opt(account_id).await {
-            let msg_ids: Vec<MsgId> = msg_ids.into_iter().map(MsgId::new).collect();
-            let existing_msg_ids = get_existing_msg_ids(&context, &msg_ids).await?;
-            Ok(existing_msg_ids
-                .into_iter()
-                .map(|msg_id| msg_id.to_u32())
-                .collect())
-        } else {
-            // Account does not exist, so messages do not exist either,
-            // but this is not an error.
-            Ok(Vec::new())
-        }
-    }
-
    async fn get_message_list_items(
        &self,
        account_id: u32,
--- a/deltachat-jsonrpc/src/api/types/account.rs
+++ b/deltachat-jsonrpc/src/api/types/account.rs
@@ -15,7 +15,7 @@ pub enum Account {
        display_name: Option<String>,
        addr: Option<String>,
        // size: u32,
-        profile_image: Option<String>,
+        profile_image: Option<String>, // TODO: This needs to be converted to work with blob http server.
        color: String,
        /// Optional tag as "Work", "Family".
        /// Meant to help profile owner to differ between profiles with similar names.
--- a/deltachat-jsonrpc/src/api/types/chat.rs
+++ b/deltachat-jsonrpc/src/api/types/chat.rs
@@ -69,7 +69,7 @@ pub struct FullChat {
    // but that would be an extra DB query.
    self_in_group: bool,
    is_muted: bool,
-    ephemeral_timer: u32,
+    ephemeral_timer: u32, //TODO look if there are more important properties in newer core versions
    can_send: bool,
    was_seen_recently: bool,
    mailing_list_address: Option<String>,
--- a/deltachat-jsonrpc/src/api/types/events.rs
+++ b/deltachat-jsonrpc/src/api/types/events.rs
@@ -460,15 +460,6 @@ pub enum EventType {
        /// ID of the chat which the message belongs to.
        chat_id: u32,
    },
-
-    /// One or more transports has changed.
-    ///
-    /// This event is used for tests to detect when transport
-    /// synchronization messages arrives.
-    /// UIs don't need to use it, it is unlikely
-    /// that user modifies transports on multiple
-    /// devices simultaneously.
-    TransportsModified,
 }

 impl From<CoreEventType> for EventType {
@@ -651,8 +642,6 @@ impl From<CoreEventType> for EventType {
                msg_id: msg_id.to_u32(),
                chat_id: chat_id.to_u32(),
            },
-            CoreEventType::TransportsModified => TransportsModified,
-
            #[allow(unreachable_patterns)]
            #[cfg(test)]
            _ => unreachable!("This is just to silence a rust_analyzer false-positive"),
--- a/deltachat-jsonrpc/typescript/package.json
+++ b/deltachat-jsonrpc/typescript/package.json
@@ -54,5 +54,5 @@
  },
  "type": "module",
  "types": "dist/deltachat.d.ts",
-  "version": "2.31.0"
+  "version": "2.27.0"
 }
--- a/deltachat-jsonrpc/typescript/test/online.ts
+++ b/deltachat-jsonrpc/typescript/test/online.ts
@@ -64,7 +64,6 @@ describe("online tests", function () {
    await dc.rpc.setConfig(accountId1, "addr", account1.email);
    await dc.rpc.setConfig(accountId1, "mail_pw", account1.password);
    await dc.rpc.configure(accountId1);
-    await waitForEvent(dc, "ImapInboxIdle", accountId1);

    accountId2 = await dc.rpc.addAccount();
    await dc.rpc.batchSetConfig(accountId2, {
@@ -72,7 +71,6 @@ describe("online tests", function () {
      mail_pw: account2.password,
    });
    await dc.rpc.configure(accountId2);
-    await waitForEvent(dc, "ImapInboxIdle", accountId2);
    accountsConfigured = true;
  });

--- a/deltachat-repl/Cargo.toml
+++ b/deltachat-repl/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-repl"
-version = "2.31.0"
+version = "2.27.0"
 license = "MPL-2.0"
 edition = "2021"
 repository = "https://github.com/chatmail/core"
--- a/deltachat-rpc-client/README.md
+++ b/deltachat-rpc-client/README.md
@@ -30,15 +30,6 @@ $ pip install .

 Additional arguments to `tox` are passed to pytest, e.g. `tox -- -s` does not capture test output.

-
-## Activating current checkout of deltachat-rpc-client and -server for development 
-
-Go to root repository directory and run: 
-```
-$ scripts/make-rpc-testenv.sh 
-$ source venv/bin/activate 
-```
-
 ## Using in REPL

 Setup a development environment:
--- a/deltachat-rpc-client/pyproject.toml
+++ b/deltachat-rpc-client/pyproject.toml
@@ -1,18 +1,20 @@
 [build-system]
-requires = ["setuptools>=77"]
+requires = ["setuptools>=45"]
 build-backend = "setuptools.build_meta"

 [project]
 name = "deltachat-rpc-client"
-version = "2.31.0"
-license = "MPL-2.0"
+version = "2.27.0"
 description = "Python client for Delta Chat core JSON-RPC interface"
 classifiers = [
    "Development Status :: 5 - Production/Stable",
    "Intended Audience :: Developers",
+    "License :: OSI Approved :: Mozilla Public License 2.0 (MPL 2.0)",
    "Operating System :: POSIX :: Linux",
    "Operating System :: MacOS :: MacOS X",
    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.8",
+    "Programming Language :: Python :: 3.9",
    "Programming Language :: Python :: 3.10",
    "Programming Language :: Python :: 3.11",
    "Programming Language :: Python :: 3.12",
@@ -22,7 +24,7 @@ classifiers = [
    "Topic :: Communications :: Email"
 ]
 readme = "README.md"
-requires-python = ">=3.10"
+requires-python = ">=3.8"

 [tool.setuptools.package-data]
 deltachat_rpc_client = [
--- a/deltachat-rpc-client/src/deltachat_rpc_client/account.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/account.py
@@ -130,10 +130,6 @@ class Account:
        """Add a new transport using a QR code."""
        yield self._rpc.add_transport_from_qr.future(self.id, qr)

-    def delete_transport(self, addr: str):
-        """Delete a transport."""
-        self._rpc.delete_transport(self.id, addr)
-
    @futuremethod
    def list_transports(self):
        """Return the list of all email accounts that are used as a transport in the current profile."""
--- a/deltachat-rpc-client/src/deltachat_rpc_client/const.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/const.py
@@ -80,7 +80,6 @@ class EventType(str, Enum):
    CONFIG_SYNCED = "ConfigSynced"
    WEBXDC_REALTIME_DATA = "WebxdcRealtimeData"
    WEBXDC_REALTIME_ADVERTISEMENT_RECEIVED = "WebxdcRealtimeAdvertisementReceived"
-    TRANSPORTS_MODIFIED = "TransportsModified"


 class ChatId(IntEnum):
--- a/deltachat-rpc-client/src/deltachat_rpc_client/message.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/message.py
@@ -60,10 +60,6 @@ class Message:
        """Mark the message as seen."""
        self._rpc.markseen_msgs(self.account.id, [self.id])

-    def exists(self) -> bool:
-        """Return True if the message exists."""
-        return bool(self._rpc.get_existing_msg_ids(self.account.id, [self.id]))
-
    def continue_autocrypt_key_transfer(self, setup_code: str) -> None:
        """Continue the Autocrypt Setup Message key transfer.

--- a/deltachat-rpc-client/src/deltachat_rpc_client/pytestplugin.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/pytestplugin.py
@@ -3,14 +3,9 @@
 from __future__ import annotations

 import os
-import pathlib
-import platform
 import random
-import subprocess
-import sys
 from typing import AsyncGenerator, Optional

-import execnet
 import py
 import pytest

@@ -25,18 +20,6 @@ Currently this is "End-to-end encryption available".
 """


-def pytest_report_header():
-    for base in os.get_exec_path():
-        fn = pathlib.Path(base).joinpath(base, "deltachat-rpc-server")
-        if fn.exists():
-            proc = subprocess.Popen([str(fn), "--version"], stderr=subprocess.PIPE)
-            proc.wait()
-            version = proc.stderr.read().decode().strip()
-            return f"deltachat-rpc-server: {fn} [{version}]"
-
-    return None
-
-
 class ACFactory:
    """Test account factory."""

@@ -57,17 +40,12 @@ class ACFactory:
        username = "ci-" + "".join(random.choice("2345789acdefghjkmnpqrstuvwxyz") for i in range(6))
        return f"{username}@{domain}", f"{username}${username}"

-    def get_account_qr(self):
-        """Return "dcaccount:" QR code for testing chatmail relay."""
-        domain = os.getenv("CHATMAIL_DOMAIN")
-        return f"dcaccount:{domain}"
-
    @futuremethod
    def new_configured_account(self):
        """Create a new configured account."""
        account = self.get_unconfigured_account()
-        qr = self.get_account_qr()
-        yield account.add_transport_from_qr.future(qr)
+        domain = os.getenv("CHATMAIL_DOMAIN")
+        yield account.add_transport_from_qr.future(f"dcaccount:{domain}")

        assert account.is_configured()
        return account
@@ -99,7 +77,6 @@ class ACFactory:
        ac_clone = self.get_unconfigured_account()
        for transport in transports:
            ac_clone.add_or_update_transport(transport)
-        ac_clone.bring_online()
        return ac_clone

    def get_accepted_chat(self, ac1: Account, ac2: Account) -> Chat:
@@ -214,134 +191,3 @@ def log():
            print("  " + msg)

    return Printer()
-
-
-#
-# support for testing against different deltachat-rpc-server/clients
-# installed into a temporary virtualenv and connected via 'execnet' channels
-#
-
-
-def find_path(venv, name):
-    is_windows = platform.system() == "Windows"
-    bin = venv / ("bin" if not is_windows else "Scripts")
-
-    tryadd = [""]
-    if is_windows:
-        tryadd += os.environ["PATHEXT"].split(os.pathsep)
-    for ext in tryadd:
-        p = bin.joinpath(name + ext)
-        if p.exists():
-            return str(p)
-
-    return None
-
-
-@pytest.fixture(scope="session")
-def get_core_python_env(tmp_path_factory):
-    """Return a factory to create virtualenv environments with rpc server/client packages
-    installed.
-
-    The factory takes a version and returns a (python_path, rpc_server_path) tuple
-    of the respective binaries in the virtualenv.
-    """
-
-    envs = {}
-
-    def get_versioned_venv(core_version):
-        venv = envs.get(core_version)
-        if not venv:
-            venv = tmp_path_factory.mktemp(f"temp-{core_version}")
-            subprocess.check_call([sys.executable, "-m", "venv", venv])
-
-            python = find_path(venv, "python")
-            pkgs = [f"deltachat-rpc-server=={core_version}", f"deltachat-rpc-client=={core_version}", "pytest"]
-            subprocess.check_call([python, "-m", "pip", "install"] + pkgs)
-
-            envs[core_version] = venv
-        python = find_path(venv, "python")
-        rpc_server_path = find_path(venv, "deltachat-rpc-server")
-        print(f"python={python}\nrpc_server={rpc_server_path}")
-        return python, rpc_server_path
-
-    return get_versioned_venv
-
-
-@pytest.fixture
-def alice_and_remote_bob(tmp_path, acfactory, get_core_python_env):
-    """return local Alice account, a contact to bob, and a remote 'eval' function for bob.
-
-    The 'eval' function allows to remote-execute arbitrary expressions
-    that can use the `bob` online account, and the `bob_contact_alice`.
-    """
-
-    def factory(core_version):
-        python, rpc_server_path = get_core_python_env(core_version)
-        gw = execnet.makegateway(f"popen//python={python}")
-
-        accounts_dir = str(tmp_path.joinpath("account1_venv1"))
-        channel = gw.remote_exec(remote_bob_loop)
-        cm = os.environ.get("CHATMAIL_DOMAIN")
-
-        # trigger getting an online account on bob's side
-        channel.send((accounts_dir, str(rpc_server_path), cm))
-
-        # meanwhile get a local alice account
-        alice = acfactory.get_online_account()
-        channel.send(alice.self_contact.make_vcard())
-
-        # wait for bob to have started
-        sysinfo = channel.receive()
-        assert sysinfo == f"v{core_version}"
-        bob_vcard = channel.receive()
-        [alice_contact_bob] = alice.import_vcard(bob_vcard)
-
-        def eval(eval_str):
-            channel.send(eval_str)
-            return channel.receive()
-
-        return alice, alice_contact_bob, eval
-
-    return factory
-
-
-def remote_bob_loop(channel):
-    # This function executes with versioned
-    # deltachat-rpc-client/server packages
-    # installed into the virtualenv.
-    #
-    # The "channel" argument is a send/receive pipe
-    # to the process that runs the corresponding remote_exec(remote_bob_loop)
-
-    import os
-
-    from deltachat_rpc_client import DeltaChat, Rpc
-    from deltachat_rpc_client.pytestplugin import ACFactory
-
-    accounts_dir, rpc_server_path, chatmail_domain = channel.receive()
-    os.environ["CHATMAIL_DOMAIN"] = chatmail_domain
-
-    # older core versions don't support specifying rpc_server_path
-    # so we can't just pass `rpc_server_path` argument to Rpc constructor
-    basepath = os.path.dirname(rpc_server_path)
-    os.environ["PATH"] = os.pathsep.join([basepath, os.environ["PATH"]])
-    rpc = Rpc(accounts_dir=accounts_dir)
-
-    with rpc:
-        dc = DeltaChat(rpc)
-        channel.send(dc.rpc.get_system_info()["deltachat_core_version"])
-        acfactory = ACFactory(dc)
-        bob = acfactory.get_online_account()
-        alice_vcard = channel.receive()
-        [alice_contact] = bob.import_vcard(alice_vcard)
-        ns = {"bob": bob, "bob_contact_alice": alice_contact}
-        channel.send(bob.self_contact.make_vcard())
-
-        while 1:
-            eval_str = channel.receive()
-            res = eval(eval_str, ns)
-            try:
-                channel.send(res)
-            except Exception:
-                # some unserializable result
-                channel.send(None)
--- a/deltachat-rpc-client/src/deltachat_rpc_client/rpc.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/rpc.py
@@ -9,7 +9,7 @@ import os
 import subprocess
 import sys
 from queue import Empty, Queue
-from threading import Thread
+from threading import Event, Thread
 from typing import Any, Iterator, Optional


@@ -17,6 +17,25 @@ class JsonRpcError(Exception):
    """JSON-RPC error."""


+class RpcFuture:
+    """RPC future waiting for RPC call result."""
+
+    def __init__(self, rpc: "Rpc", request_id: int, event: Event):
+        self.rpc = rpc
+        self.request_id = request_id
+        self.event = event
+
+    def __call__(self):
+        """Wait for the future to return the result."""
+        self.event.wait()
+        response = self.rpc.request_results.pop(self.request_id)
+        if "error" in response:
+            raise JsonRpcError(response["error"])
+        if "result" in response:
+            return response["result"]
+        return None
+
+
 class RpcMethod:
    """RPC method."""

@@ -38,26 +57,20 @@ class RpcMethod:
            "params": args,
            "id": request_id,
        }
-        self.rpc.request_results[request_id] = queue = Queue()
+        event = Event()
+        self.rpc.request_events[request_id] = event
        self.rpc.request_queue.put(request)

-        def rpc_future():
-            """Wait for the request to receive a result."""
-            response = queue.get()
-            if "error" in response:
-                raise JsonRpcError(response["error"])
-            return response.get("result", None)
-
-        return rpc_future
+        return RpcFuture(self.rpc, request_id, event)


 class Rpc:
    """RPC client."""

-    def __init__(self, accounts_dir: Optional[str] = None, rpc_server_path="deltachat-rpc-server", **kwargs):
+    def __init__(self, accounts_dir: Optional[str] = None, **kwargs):
        """Initialize RPC client.

-        The 'kwargs' arguments will be passed to subprocess.Popen().
+        The given arguments will be passed to subprocess.Popen().
        """
        if accounts_dir:
            kwargs["env"] = {
@@ -66,12 +79,13 @@ class Rpc:
            }

        self._kwargs = kwargs
-        self.rpc_server_path = rpc_server_path
        self.process: subprocess.Popen
        self.id_iterator: Iterator[int]
        self.event_queues: dict[int, Queue]
-        # Map from request ID to a Queue which provides a single result
-        self.request_results: dict[int, Queue]
+        # Map from request ID to `threading.Event`.
+        self.request_events: dict[int, Event]
+        # Map from request ID to the result.
+        self.request_results: dict[int, Any]
        self.request_queue: Queue[Any]
        self.closing: bool
        self.reader_thread: Thread
@@ -80,18 +94,27 @@ class Rpc:

    def start(self) -> None:
        """Start RPC server subprocess."""
-        popen_kwargs = {"stdin": subprocess.PIPE, "stdout": subprocess.PIPE}
        if sys.version_info >= (3, 11):
-            # Prevent subprocess from capturing SIGINT.
-            popen_kwargs["process_group"] = 0
+            self.process = subprocess.Popen(
+                "deltachat-rpc-server",
+                stdin=subprocess.PIPE,
+                stdout=subprocess.PIPE,
+                # Prevent subprocess from capturing SIGINT.
+                process_group=0,
+                **self._kwargs,
+            )
        else:
-            # `process_group` is not supported before Python 3.11.
-            popen_kwargs["preexec_fn"] = os.setpgrp  # noqa: PLW1509
-
-        popen_kwargs.update(self._kwargs)
-        self.process = subprocess.Popen(self.rpc_server_path, **popen_kwargs)
+            self.process = subprocess.Popen(
+                "deltachat-rpc-server",
+                stdin=subprocess.PIPE,
+                stdout=subprocess.PIPE,
+                # `process_group` is not supported before Python 3.11.
+                preexec_fn=os.setpgrp,  # noqa: PLW1509
+                **self._kwargs,
+            )
        self.id_iterator = itertools.count(start=1)
        self.event_queues = {}
+        self.request_events = {}
        self.request_results = {}
        self.request_queue = Queue()
        self.closing = False
@@ -126,7 +149,9 @@ class Rpc:
                response = json.loads(line)
                if "id" in response:
                    response_id = response["id"]
-                    self.request_results.pop(response_id).put(response)
+                    event = self.request_events.pop(response_id)
+                    self.request_results[response_id] = response
+                    event.set()
                else:
                    logging.warning("Got a response without ID: %s", response)
        except Exception:
--- a/deltachat-rpc-client/tests/test_cross_core.py
+++ b/deltachat-rpc-client/tests/test_cross_core.py
@@ -1,44 +0,0 @@
-import subprocess
-
-import pytest
-
-from deltachat_rpc_client import DeltaChat, Rpc
-
-
-def test_install_venv_and_use_other_core(tmp_path, get_core_python_env):
-    python, rpc_server_path = get_core_python_env("2.24.0")
-    subprocess.check_call([python, "-m", "pip", "install", "deltachat-rpc-server==2.24.0"])
-    rpc = Rpc(accounts_dir=tmp_path.joinpath("accounts"), rpc_server_path=rpc_server_path)
-
-    with rpc:
-        dc = DeltaChat(rpc)
-        assert dc.rpc.get_system_info()["deltachat_core_version"] == "v2.24.0"
-
-
-@pytest.mark.parametrize("version", ["2.24.0"])
-def test_qr_setup_contact(alice_and_remote_bob, version) -> None:
-    """Test other-core Bob profile can do securejoin with Alice on current core."""
-    alice, alice_contact_bob, remote_eval = alice_and_remote_bob(version)
-
-    qr_code = alice.get_qr_code()
-    remote_eval(f"bob.secure_join({qr_code!r})")
-    alice.wait_for_securejoin_inviter_success()
-
-    # Test that Alice verified Bob's profile.
-    alice_contact_bob_snapshot = alice_contact_bob.get_snapshot()
-    assert alice_contact_bob_snapshot.is_verified
-
-    remote_eval("bob.wait_for_securejoin_joiner_success()")
-
-    # Test that Bob verified Alice's profile.
-    assert remote_eval("bob_contact_alice.get_snapshot().is_verified")
-
-
-def test_send_and_receive_message(alice_and_remote_bob) -> None:
-    """Test other-core Bob profile can send a message to Alice on current core."""
-    alice, alice_contact_bob, remote_eval = alice_and_remote_bob("2.20.0")
-
-    remote_eval("bob_contact_alice.create_chat().send_text('hello')")
-
-    msg = alice.wait_for_incoming_msg()
-    assert msg.get_snapshot().text == "hello"
--- a/deltachat-rpc-client/tests/test_folders.py
+++ b/deltachat-rpc-client/tests/test_folders.py
@@ -143,7 +143,7 @@ def test_delete_deltachat_folder(acfactory, direct_imap):
    # Wait until new folder is created and UIDVALIDITY is updated.
    while True:
        event = ac1.wait_for_event()
-        if event.kind == EventType.INFO and "transport 1: UID validity for folder DeltaChat changed from " in event.msg:
+        if event.kind == EventType.INFO and "uid/validity change folder DeltaChat" in event.msg:
            break

    ac2 = acfactory.get_online_account()
--- a/deltachat-rpc-client/tests/test_multitransport.py
+++ b/deltachat-rpc-client/tests/test_multitransport.py
@@ -1,203 +0,0 @@
-import pytest
-
-from deltachat_rpc_client import EventType
-from deltachat_rpc_client.rpc import JsonRpcError
-
-
-def test_add_second_address(acfactory) -> None:
-    account = acfactory.new_configured_account()
-    assert len(account.list_transports()) == 1
-
-    # When the first transport is created,
-    # mvbox_move and only_fetch_mvbox should be disabled.
-    assert account.get_config("mvbox_move") == "0"
-    assert account.get_config("only_fetch_mvbox") == "0"
-    assert account.get_config("show_emails") == "2"
-
-    qr = acfactory.get_account_qr()
-    account.add_transport_from_qr(qr)
-    assert len(account.list_transports()) == 2
-
-    account.add_transport_from_qr(qr)
-    assert len(account.list_transports()) == 3
-
-    first_addr = account.list_transports()[0]["addr"]
-    second_addr = account.list_transports()[1]["addr"]
-
-    # Cannot delete the first address.
-    with pytest.raises(JsonRpcError):
-        account.delete_transport(first_addr)
-
-    account.delete_transport(second_addr)
-    assert len(account.list_transports()) == 2
-
-    # Enabling mvbox_move or only_fetch_mvbox
-    # is not allowed when multi-transport is enabled.
-    for option in ["mvbox_move", "only_fetch_mvbox"]:
-        with pytest.raises(JsonRpcError):
-            account.set_config(option, "1")
-
-    with pytest.raises(JsonRpcError):
-        account.set_config("show_emails", "0")
-
-
-@pytest.mark.parametrize("key", ["mvbox_move", "only_fetch_mvbox"])
-def test_no_second_transport_with_mvbox(acfactory, key) -> None:
-    """Test that second transport cannot be configured if mvbox is used."""
-    account = acfactory.new_configured_account()
-    assert len(account.list_transports()) == 1
-
-    assert account.get_config("mvbox_move") == "0"
-    assert account.get_config("only_fetch_mvbox") == "0"
-
-    qr = acfactory.get_account_qr()
-    account.set_config(key, "1")
-
-    with pytest.raises(JsonRpcError):
-        account.add_transport_from_qr(qr)
-
-
-def test_no_second_transport_without_classic_emails(acfactory) -> None:
-    """Test that second transport cannot be configured if classic emails are not fetched."""
-    account = acfactory.new_configured_account()
-    assert len(account.list_transports()) == 1
-
-    assert account.get_config("show_emails") == "2"
-
-    qr = acfactory.get_account_qr()
-    account.set_config("show_emails", "0")
-
-    with pytest.raises(JsonRpcError):
-        account.add_transport_from_qr(qr)
-
-
-def test_change_address(acfactory) -> None:
-    """Test Alice configuring a second transport and setting it as a primary one."""
-    alice, bob = acfactory.get_online_accounts(2)
-
-    bob_addr = bob.get_config("configured_addr")
-    bob.create_chat(alice)
-
-    alice_chat_bob = alice.create_chat(bob)
-    alice_chat_bob.send_text("Hello!")
-
-    msg1 = bob.wait_for_incoming_msg().get_snapshot()
-    sender_addr1 = msg1.sender.get_snapshot().address
-
-    alice.stop_io()
-    old_alice_addr = alice.get_config("configured_addr")
-    alice_vcard = alice.self_contact.make_vcard()
-    assert old_alice_addr in alice_vcard
-    qr = acfactory.get_account_qr()
-    alice.add_transport_from_qr(qr)
-    new_alice_addr = alice.list_transports()[1]["addr"]
-    with pytest.raises(JsonRpcError):
-        # Cannot use the address that is not
-        # configured for any transport.
-        alice.set_config("configured_addr", bob_addr)
-
-    # Load old address so it is cached.
-    assert alice.get_config("configured_addr") == old_alice_addr
-    alice.set_config("configured_addr", new_alice_addr)
-    # Make sure that setting `configured_addr` invalidated the cache.
-    assert alice.get_config("configured_addr") == new_alice_addr
-
-    alice_vcard = alice.self_contact.make_vcard()
-    assert old_alice_addr not in alice_vcard
-    assert new_alice_addr in alice_vcard
-    with pytest.raises(JsonRpcError):
-        alice.delete_transport(new_alice_addr)
-    alice.start_io()
-
-    alice_chat_bob.send_text("Hello again!")
-
-    msg2 = bob.wait_for_incoming_msg().get_snapshot()
-    sender_addr2 = msg2.sender.get_snapshot().address
-
-    assert msg1.sender == msg2.sender
-    assert sender_addr1 != sender_addr2
-    assert sender_addr1 == old_alice_addr
-    assert sender_addr2 == new_alice_addr
-
-
-@pytest.mark.parametrize("is_chatmail", ["0", "1"])
-def test_mvbox_move_first_transport(acfactory, is_chatmail) -> None:
-    """Test that mvbox_move is disabled by default even for non-chatmail accounts.
-    Disabling mvbox_move is required to be able to setup a second transport.
-    """
-    account = acfactory.get_unconfigured_account()
-
-    account.set_config("fix_is_chatmail", "1")
-    account.set_config("is_chatmail", is_chatmail)
-
-    # The default value when the setting is unset is "1".
-    # This is not changed for compatibility with old databases
-    # imported from backups.
-    assert account.get_config("mvbox_move") == "1"
-
-    qr = acfactory.get_account_qr()
-    account.add_transport_from_qr(qr)
-
-    # Once the first transport is set up,
-    # mvbox_move is disabled.
-    assert account.get_config("mvbox_move") == "0"
-    assert account.get_config("is_chatmail") == is_chatmail
-
-
-def test_reconfigure_transport(acfactory) -> None:
-    """Test that reconfiguring the transport works
-    even if settings not supported for multi-transport
-    like mvbox_move are enabled."""
-    account = acfactory.get_online_account()
-    account.set_config("mvbox_move", "1")
-
-    [transport] = account.list_transports()
-    account.add_or_update_transport(transport)
-
-    # Reconfiguring the transport should not reset
-    # the settings as if when configuring the first transport.
-    assert account.get_config("mvbox_move") == "1"
-
-
-def test_transport_synchronization(acfactory, log) -> None:
-    """Test synchronization of transports between devices."""
-    ac1, ac2 = acfactory.get_online_accounts(2)
-    ac1_clone = ac1.clone()
-    ac1_clone.bring_online()
-
-    qr = acfactory.get_account_qr()
-
-    ac1.add_transport_from_qr(qr)
-    ac1_clone.wait_for_event(EventType.TRANSPORTS_MODIFIED)
-    assert len(ac1.list_transports()) == 2
-    assert len(ac1_clone.list_transports()) == 2
-
-    ac1_clone.add_transport_from_qr(qr)
-    ac1.wait_for_event(EventType.TRANSPORTS_MODIFIED)
-    assert len(ac1.list_transports()) == 3
-    assert len(ac1_clone.list_transports()) == 3
-
-    log.section("ac1 clone removes second transport")
-    [transport1, transport2, transport3] = ac1_clone.list_transports()
-    addr3 = transport3["addr"]
-    ac1_clone.delete_transport(transport2["addr"])
-
-    ac1.wait_for_event(EventType.TRANSPORTS_MODIFIED)
-    [transport1, transport3] = ac1.list_transports()
-
-    log.section("ac1 changes the primary transport")
-    ac1.set_config("configured_addr", transport3["addr"])
-
-    log.section("ac1 removes the first transport")
-    ac1.delete_transport(transport1["addr"])
-
-    ac1_clone.wait_for_event(EventType.TRANSPORTS_MODIFIED)
-    [transport3] = ac1_clone.list_transports()
-    assert transport3["addr"] == addr3
-    assert ac1_clone.get_config("configured_addr") == addr3
-
-    ac2_chat = ac2.create_chat(ac1)
-    ac2_chat.send_text("Hello!")
-
-    assert ac1.wait_for_incoming_msg().get_snapshot().text == "Hello!"
-    assert ac1_clone.wait_for_incoming_msg().get_snapshot().text == "Hello!"
--- a/deltachat-rpc-client/tests/test_securejoin.py
+++ b/deltachat-rpc-client/tests/test_securejoin.py
@@ -158,29 +158,29 @@ def test_qr_securejoin_broadcast(acfactory, all_devices_online):
        chat = get_broadcast(ac)
        chat_msgs = chat.get_messages()

-        encrypted_msg = chat_msgs.pop(0).get_snapshot()
+        if please_wait_info_msg:
+            first_msg = chat_msgs.pop(0).get_snapshot()
+            assert first_msg.text == "Establishing guaranteed end-to-end encryption, please wait…"
+            assert first_msg.is_info
+
+        encrypted_msg = chat_msgs[0].get_snapshot()
        assert encrypted_msg.text == "Messages are end-to-end encrypted."
        assert encrypted_msg.is_info

-        if please_wait_info_msg:
-            first_msg = chat_msgs.pop(0).get_snapshot()
-            assert "invited you to join this channel" in first_msg.text
-            assert first_msg.is_info
-
-        member_added_msg = chat_msgs.pop(0).get_snapshot()
+        member_added_msg = chat_msgs[1].get_snapshot()
        if inviter_side:
            assert member_added_msg.text == f"Member {contact_snapshot.display_name} added."
        else:
            assert member_added_msg.text == "You joined the channel."
        assert member_added_msg.is_info

-        hello_msg = chat_msgs.pop(0).get_snapshot()
+        hello_msg = chat_msgs[2].get_snapshot()
        assert hello_msg.text == "Hello everyone!"
        assert not hello_msg.is_info
        assert hello_msg.show_padlock
        assert hello_msg.error is None

-        assert len(chat_msgs) == 0
+        assert len(chat_msgs) == 3

        chat_snapshot = chat.get_full_snapshot()
        assert chat_snapshot.is_encrypted
--- a/deltachat-rpc-client/tests/test_something.py
+++ b/deltachat-rpc-client/tests/test_something.py
@@ -467,7 +467,7 @@ def test_bot(acfactory) -> None:


 def test_wait_next_messages(acfactory) -> None:
-    alice = acfactory.get_online_account()
+    alice = acfactory.new_configured_account()

    # Create a bot account so it does not receive device messages in the beginning.
    addr, password = acfactory.get_credentials()
@@ -475,7 +475,6 @@ def test_wait_next_messages(acfactory) -> None:
    bot.set_config("bot", "1")
    bot.add_or_update_transport({"addr": addr, "password": password})
    assert bot.is_configured()
-    bot.bring_online()

    # There are no old messages and the call returns immediately.
    assert not bot.wait_next_messages()
@@ -661,6 +660,8 @@ def test_download_limit_chat_assignment(acfactory, tmp_path, n_accounts):
        contact = alice.create_contact(account)
        alice_group.add_contact(contact)

+    if n_accounts == 2:
+        bob_chat_alice = bob.create_chat(alice)
    bob.set_config("download_limit", str(download_limit))

    alice_group.send_text("hi")
@@ -676,7 +677,15 @@ def test_download_limit_chat_assignment(acfactory, tmp_path, n_accounts):
        alice_group.send_file(str(path))
        snapshot = bob.wait_for_incoming_msg().get_snapshot()
        assert snapshot.download_state == DownloadState.AVAILABLE
-        assert snapshot.chat == bob_group
+        if n_accounts > 2:
+            assert snapshot.chat == bob_group
+        else:
+            # Group contains only Alice and Bob,
+            # so partially downloaded messages are
+            # hard to distinguish from private replies to group messages.
+            #
+            # Message may be a private reply, so we assign it to 1:1 chat with Alice.
+            assert snapshot.chat == bob_chat_alice


 def test_markseen_contact_request(acfactory):
@@ -858,15 +867,15 @@ def test_leave_broadcast(acfactory, all_devices_online):
        contact_snapshot = contact.get_snapshot()
        chat_msgs = chat.get_messages()

+        if please_wait_info_msg:
+            first_msg = chat_msgs.pop(0).get_snapshot()
+            assert first_msg.text == "Establishing guaranteed end-to-end encryption, please wait…"
+            assert first_msg.is_info
+
        encrypted_msg = chat_msgs.pop(0).get_snapshot()
        assert encrypted_msg.text == "Messages are end-to-end encrypted."
        assert encrypted_msg.is_info

-        if please_wait_info_msg:
-            first_msg = chat_msgs.pop(0).get_snapshot()
-            assert "invited you to join this channel" in first_msg.text
-            assert first_msg.is_info
-
        member_added_msg = chat_msgs.pop(0).get_snapshot()
        if inviter_side:
            assert member_added_msg.text == f"Member {contact_snapshot.display_name} added."
@@ -993,22 +1002,3 @@ def test_background_fetch(acfactory, dc):
        snapshot = messages[-1].get_snapshot()
        if snapshot.text == "Hello again!":
            break
-
-
-def test_message_exists(acfactory):
-    ac1, ac2 = acfactory.get_online_accounts(2)
-    chat = ac1.create_chat(ac2)
-    message1 = chat.send_text("Hello!")
-    message2 = chat.send_text("Hello again!")
-    assert message1.exists()
-    assert message2.exists()
-
-    ac1.delete_messages([message1])
-    assert not message1.exists()
-    assert message2.exists()
-
-    # There is no error when checking if
-    # the message exists for deleted account.
-    ac1.remove()
-    assert not message1.exists()
-    assert not message2.exists()
--- a/deltachat-rpc-server/Cargo.toml
+++ b/deltachat-rpc-server/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-rpc-server"
-version = "2.31.0"
+version = "2.27.0"
 description = "DeltaChat JSON-RPC server"
 edition = "2021"
 readme = "README.md"
--- a/deltachat-rpc-server/npm-package/package.json
+++ b/deltachat-rpc-server/npm-package/package.json
@@ -15,5 +15,5 @@
  },
  "type": "module",
  "types": "index.d.ts",
-  "version": "2.31.0"
+  "version": "2.27.0"
 }
--- a/deny.toml
+++ b/deny.toml
@@ -38,7 +38,6 @@ skip = [
     { name = "rand", version = "0.8.5" },
     { name = "rustix", version = "0.38.44" },
     { name = "serdect", version = "0.2.0" },
-     { name = "socket2", version = "0.5.9" },
     { name = "spin", version = "0.9.8" },
     { name = "strum_macros", version = "0.26.2" },
     { name = "strum", version = "0.26.2" },
@@ -63,6 +62,7 @@ skip = [
     { name = "windows_x86_64_gnu" },
     { name = "windows_x86_64_gnullvm" },
     { name = "windows_x86_64_msvc" },
+     { name = "zerocopy", version = "0.7.32" },
 ]


--- a/flake.lock
+++ b/flake.lock
@@ -47,11 +47,11 @@
        "rust-analyzer-src": "rust-analyzer-src"
      },
      "locked": {
-        "lastModified": 1763361733,
-        "narHash": "sha256-ka7dpwH3HIXCyD2wl5F7cPLeRbqZoY2ullALsvxdPt8=",
+        "lastModified": 1763275509,
+        "narHash": "sha256-DBlu2+xPvGBaNn4RbNaw7r62lzBrf/tOKLgMYlEYhvg=",
        "owner": "nix-community",
        "repo": "fenix",
-        "rev": "6c8d48e3b0ae371b19ac1485744687b788e80193",
+        "rev": "947fdabcc3a51cec1e38641a11d4cb655fe252e7",
        "type": "github"
      },
      "original": {
@@ -175,11 +175,11 @@
    },
    "nixpkgs_4": {
      "locked": {
-        "lastModified": 1747179050,
-        "narHash": "sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY=",
+        "lastModified": 1763283776,
+        "narHash": "sha256-Y7TDFPK4GlqrKrivOcsHG8xSGqQx3A6c+i7novT85Uk=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "adaa24fbf46737f3f1b5497bf64bae750f82942e",
+        "rev": "50a96edd8d0db6cc8db57dab6bb6d6ee1f3dc49a",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -1,5 +1,5 @@
 {
-  description = "Chatmail core";
+  description = "Delta Chat core";
  inputs = {
    fenix.url = "github:nix-community/fenix";
    flake-utils.url = "github:numtide/flake-utils";
@@ -14,15 +14,7 @@
        pkgs = nixpkgs.legacyPackages.${system};
        inherit (pkgs.stdenv) isDarwin;
        fenixPkgs = fenix.packages.${system};
-        fenixToolchain = fenixPkgs.combine [
-          fenixPkgs.stable.rustc
-          fenixPkgs.stable.cargo
-          fenixPkgs.stable.rust-std
-        ];
-        naersk' = pkgs.callPackage naersk {
-          cargo = fenixToolchain;
-          rustc = fenixToolchain;
-        };
+        naersk' = pkgs.callPackage naersk { };
        manifest = (pkgs.lib.importTOML ./Cargo.toml).package;
        androidSdk = android.sdk.${system} (sdkPkgs:
          builtins.attrValues {
@@ -128,12 +120,14 @@
            version = manifest.version;
            strictDeps = true;
            src = pkgs.lib.cleanSource ./.;
+            buildInputs = [
+              pkgsWin64.windows.pthreads
+            ];
            nativeBuildInputs = [
              pkgs.perl # Needed to build vendored OpenSSL.
            ];
            depsBuildBuild = [
              pkgsWin64.stdenv.cc
-              pkgsWin64.windows.pthreads
            ];
            auditable = false; # Avoid cargo-auditable failures.
            doCheck = false; # Disable test as it requires network access.
@@ -191,12 +185,14 @@
            version = manifest.version;
            strictDeps = true;
            src = pkgs.lib.cleanSource ./.;
+            buildInputs = [
+              pkgsWin32.windows.pthreads
+            ];
            nativeBuildInputs = [
              pkgs.perl # Needed to build vendored OpenSSL.
            ];
            depsBuildBuild = [
              winCC
-              pkgsWin32.windows.pthreads
            ];
            auditable = false; # Avoid cargo-auditable failures.
            doCheck = false; # Disable test as it requires network access.
@@ -478,12 +474,6 @@
              };

            libdeltachat =
-              let
-                rustPlatform = (pkgs.makeRustPlatform {
-                  cargo = fenixToolchain;
-                  rustc = fenixToolchain;
-                });
-              in
              pkgs.stdenv.mkDerivation {
                pname = "libdeltachat";
                version = manifest.version;
@@ -493,9 +483,8 @@
                nativeBuildInputs = [
                  pkgs.perl # Needed to build vendored OpenSSL.
                  pkgs.cmake
-                  rustPlatform.cargoSetupHook
-                  fenixPkgs.stable.rustc
-                  fenixPkgs.stable.cargo
+                  pkgs.rustPlatform.cargoSetupHook
+                  pkgs.cargo
                ];

                postInstall = ''
--- a/python/examples/test_examples.py
+++ b/python/examples/test_examples.py
@@ -14,7 +14,6 @@ def datadir():
    return None


-@pytest.mark.skip("The test is flaky in CI and crashes the interpreter as of 2025-11-12")
 def test_echo_quit_plugin(acfactory, lp):
    lp.sec("creating one echo_and_quit bot")
    botproc = acfactory.run_bot_process(echo_and_quit)
--- a/python/pyproject.toml
+++ b/python/pyproject.toml
@@ -1,20 +1,20 @@
 [build-system]
-requires = ["setuptools>=77", "wheel", "cffi>=1.0.0", "pkgconfig"]
+requires = ["setuptools>=45", "wheel", "cffi>=1.0.0", "pkgconfig"]
 build-backend = "setuptools.build_meta"

 [project]
 name = "deltachat"
-version = "2.31.0"
-license = "MPL-2.0"
+version = "2.27.0"
 description = "Python bindings for the Delta Chat Core library using CFFI against the Rust-implemented libdeltachat"
 readme = "README.rst"
-requires-python = ">=3.10"
+requires-python = ">=3.8"
 authors = [
    { name = "holger krekel, Floris Bruynooghe, Bjoern Petersen and contributors" },
 ]
 classifiers = [
    "Development Status :: 5 - Production/Stable",
    "Intended Audience :: Developers",
+    "License :: OSI Approved :: Mozilla Public License 2.0 (MPL 2.0)",
    "Programming Language :: Python :: 3",
    "Topic :: Communications :: Chat",
    "Topic :: Communications :: Email",
@@ -23,6 +23,7 @@ classifiers = [
 dependencies = [
    "cffi>=1.0.0",
    "imap-tools",
+    "importlib_metadata;python_version<'3.8'",
    "pluggy",
    "requests",
 ]
--- a/python/tox.ini
+++ b/python/tox.ini
@@ -46,7 +46,7 @@ deps =
 commands =
    ruff format --diff setup.py src/deltachat examples/ tests/
    ruff check src/deltachat tests/ examples/
-    rst-lint README.rst
+    rst-lint --encoding 'utf-8' README.rst

 [testenv:mypy]
 deps =
--- a/release-date.in
+++ b/release-date.in
@@ -1 +1 @@
-2025-12-04
+2025-11-16
--- a/scripts/README.md
+++ b/scripts/README.md
@@ -26,10 +26,10 @@ and an own build machine.
   i.e. `deltachat-rpc-client` and `deltachat-rpc-server`.

 - `remote_tests_python.sh` rsyncs to a build machine and runs
-  JSON-RPC Python tests remotely on the build machine. 
+  `run-python-test.sh` remotely on the build machine. 

 - `remote_tests_rust.sh` rsyncs to the build machine and runs
-  Rust tests remotely on the build machine. 
+  `run-rust-test.sh` remotely on the build machine. 

 - `run-doxygen.sh` generates C-docs which are then uploaded to https://c.delta.chat/

--- a/scripts/remote_tests_python.sh
+++ b/scripts/remote_tests_python.sh
@@ -1,32 +1,45 @@
-#!/usr/bin/env bash
-set -euo pipefail
+#!/bin/bash 

-set -x
-if ! test -v SSHTARGET; then
-	echo >&2 SSHTARGET is not set
-	exit 1
-fi
-BUILDDIR=ci_builds/chatmailcore
+BUILD_ID=${1:?specify build ID}
+
+SSHTARGET=${SSHTARGET-ci@b1.delta.chat}
+BUILDDIR=ci_builds/$BUILD_ID

 echo "--- Copying files to $SSHTARGET:$BUILDDIR"

-rsync -az --delete --mkpath --files-from=<(git ls-files) ./ "$SSHTARGET:$BUILDDIR"
+set -xe
+
+ssh -oBatchMode=yes -oStrictHostKeyChecking=no  $SSHTARGET mkdir -p "$BUILDDIR"
+git ls-files >.rsynclist 
+# we seem to need .git for setuptools_scm versioning 
+find .git >>.rsynclist
+rsync --delete --files-from=.rsynclist -az ./ "$SSHTARGET:$BUILDDIR"
+
+set +x

 echo "--- Running Python tests remotely"

-ssh -oBatchMode=yes -- "$SSHTARGET" <<_HERE
+ssh $SSHTARGET <<_HERE
    set +x -e

    # make sure all processes exit when ssh dies
    shopt -s huponexit

-    export RUSTC_WRAPPER=\`command -v sccache\`
+    export RUSTC_WRAPPER=\`which sccache\`
    cd $BUILDDIR
+    export TARGET=release
    export CHATMAIL_DOMAIN=$CHATMAIL_DOMAIN

-    scripts/make-rpc-testenv.sh
-    . venv/bin/activate
+    #we rely on tox/virtualenv being available in the host
+    #rm -rf virtualenv venv
+    #virtualenv -q -p python3.7 venv 
+    #source venv/bin/activate
+    #pip install -q tox virtualenv

-    cd deltachat-rpc-client
-    pytest -n6 $@
+    set -x
+    which python
+    source \$HOME/venv/bin/activate
+    which python
+
+    bash scripts/run-python-test.sh 
 _HERE
--- a/scripts/remote_tests_rust.sh
+++ b/scripts/remote_tests_rust.sh
@@ -1,25 +1,29 @@
-#!/usr/bin/env bash
-set -euo pipefail
+#!/bin/bash 

-if ! test -v SSHTARGET; then
-        echo >&2 SSHTARGET is not set
-        exit 1
-fi
-BUILDDIR=ci_builds/chatmailcore
+BUILD_ID=${1:?specify build ID}
+
+SSHTARGET=${SSHTARGET-ci@b1.delta.chat}
+BUILDDIR=ci_builds/$BUILD_ID
+
+set -e

 echo "--- Copying files to $SSHTARGET:$BUILDDIR"

-rsync -az --delete --mkpath --files-from=<(git ls-files) ./ "$SSHTARGET:$BUILDDIR"
+ssh -oBatchMode=yes -oStrictHostKeyChecking=no $SSHTARGET mkdir -p "$BUILDDIR"
+git ls-files >.rsynclist
+rsync --delete --files-from=.rsynclist -az ./ "$SSHTARGET:$BUILDDIR"

 echo "--- Running Rust tests remotely"

-ssh -oBatchMode=yes -- "$SSHTARGET" <<_HERE
+ssh $SSHTARGET <<_HERE
    set +x -e
    # make sure all processes exit when ssh dies
    shopt -s huponexit
-    export RUSTC_WRAPPER=\`command -v sccache\`
+    export RUSTC_WRAPPER=\`which sccache\`
    cd $BUILDDIR
+    export TARGET=x86_64-unknown-linux-gnu
+    export RUSTC_WRAPPER=sccache

-    cargo nextest run
+    bash scripts/run-rust-test.sh
 _HERE

--- a/scripts/run_all.sh
+++ b/scripts/run_all.sh
@@ -31,6 +31,6 @@ unset CHATMAIL_DOMAIN

 # Try to build wheels for a range of interpreters, but don't fail if they are not available.
 # E.g. musllinux_1_1 does not have PyPy interpreters as of 2022-07-10
-tox --workdir "$TOXWORKDIR" -e py310,py311,py312,py313,pypy310 --skip-missing-interpreters true
+tox --workdir "$TOXWORKDIR" -e py38,py39,py310,py311,py312,py313,pypy38,pypy39,pypy310 --skip-missing-interpreters true

 auditwheel repair "$TOXWORKDIR"/wheelhouse/deltachat* -w "$TOXWORKDIR/wheelhouse"
--- a/src/blob/blob_tests.rs
+++ b/src/blob/blob_tests.rs
@@ -173,8 +173,11 @@ async fn test_selfavatar_outside_blobdir() {
        .unwrap();
    let avatar_blob = t.get_config(Config::Selfavatar).await.unwrap().unwrap();
    let avatar_path = Path::new(&avatar_blob);
+    assert!(
+        avatar_blob.ends_with("7dde69e06b5ae6c27520a436bbfd65b.jpg"),
+        "The avatar filename should be its hash, put instead it's {avatar_blob}"
+    );
    let scaled_avatar_size = file_size(avatar_path).await;
-    info!(&t, "Scaled avatar size: {scaled_avatar_size}.");
    assert!(scaled_avatar_size < avatar_bytes.len() as u64);

    check_image_size(avatar_src, 1000, 1000);
@@ -184,11 +187,6 @@ async fn test_selfavatar_outside_blobdir() {
        constants::BALANCED_AVATAR_SIZE,
    );

-    assert!(
-        avatar_blob.ends_with("2a048b6fcd86448032b854ea1ad7608.jpg"),
-        "The avatar filename should be its hash, but instead it's {avatar_blob}"
-    );
-
    let mut blob = BlobObject::create_and_deduplicate(&t, avatar_path, avatar_path).unwrap();
    let viewtype = &mut Viewtype::Image;
    let strict_limits = true;
--- a/src/calls.rs
+++ b/src/calls.rs
@@ -6,7 +6,7 @@ use crate::chat::ChatIdBlocked;
 use crate::chat::{Chat, ChatId, send_msg};
 use crate::constants::{Blocked, Chattype};
 use crate::contact::ContactId;
-use crate::context::{Context, WeakContext};
+use crate::context::Context;
 use crate::events::EventType;
 use crate::headerdef::HeaderDef;
 use crate::log::warn;
@@ -199,9 +199,8 @@ impl Context {
        call.id = send_msg(self, chat_id, &mut call).await?;

        let wait = RINGING_SECONDS;
-        let context = self.get_weak_context();
        task::spawn(Context::emit_end_call_if_unaccepted(
-            context,
+            self.clone(),
            wait.try_into()?,
            call.id,
        ));
@@ -292,12 +291,11 @@ impl Context {
    }

    async fn emit_end_call_if_unaccepted(
-        context: WeakContext,
+        context: Context,
        wait: u64,
        call_id: MsgId,
    ) -> Result<()> {
        sleep(Duration::from_secs(wait)).await;
-        let context = context.upgrade()?;
        let Some(mut call) = context.load_call_by_id(call_id).await? else {
            warn!(
                context,
@@ -370,9 +368,8 @@ impl Context {
                        }
                    }
                    let wait = call.remaining_ring_seconds();
-                    let context = self.get_weak_context();
                    task::spawn(Context::emit_end_call_if_unaccepted(
-                        context,
+                        self.clone(),
                        wait.try_into()?,
                        call.msg.id,
                    ));
--- a/src/chat.rs
+++ b/src/chat.rs
@@ -301,7 +301,7 @@ impl ChatId {
        let chat = Chat::load_from_db(context, chat_id).await?;

        if chat.is_encrypted(context).await? {
-            chat_id.add_e2ee_notice(context, timestamp).await?;
+            chat_id.add_encrypted_msg(context, timestamp).await?;
        }

        info!(
@@ -462,15 +462,19 @@ impl ChatId {
    }

    /// Adds message "Messages are end-to-end encrypted".
-    pub(crate) async fn add_e2ee_notice(self, context: &Context, timestamp: i64) -> Result<()> {
+    pub(crate) async fn add_encrypted_msg(
+        self,
+        context: &Context,
+        timestamp_sort: i64,
+    ) -> Result<()> {
        let text = stock_str::messages_e2e_encrypted(context).await;
        add_info_msg_with_cmd(
            context,
            self,
            &text,
            SystemMessage::ChatE2ee,
-            Some(timestamp),
-            timestamp,
+            timestamp_sort,
+            None,
            None,
            None,
            None,
@@ -2421,7 +2425,7 @@ impl ChatIdBlocked {
            && !chat.param.exists(Param::Devicetalk)
            && !chat.param.exists(Param::Selftalk)
        {
-            chat_id.add_e2ee_notice(context, smeared_time).await?;
+            chat_id.add_encrypted_msg(context, smeared_time).await?;
        }

        Ok(Self {
@@ -3448,7 +3452,7 @@ pub(crate) async fn create_group_ex(

    if !grpid.is_empty() {
        // Add "Messages are end-to-end encrypted." message.
-        chat_id.add_e2ee_notice(context, timestamp).await?;
+        chat_id.add_encrypted_msg(context, timestamp).await?;
    }

    if !context.get_config_bool(Config::Bot).await?
@@ -3461,7 +3465,7 @@ pub(crate) async fn create_group_ex(
            // Add "Messages in this chat use classic email and are not encrypted." message.
            stock_str::chat_unencrypted_explanation(context).await
        };
-        add_info_msg(context, chat_id, &text).await?;
+        add_info_msg(context, chat_id, &text, create_smeared_timestamp(context)).await?;
    }
    if let (true, true) = (sync.into(), !grpid.is_empty()) {
        let id = SyncId::Grpid(grpid);
@@ -3529,7 +3533,7 @@ pub(crate) async fn create_out_broadcast_ex(
        Ok(chat_id)
    };
    let chat_id = context.sql.transaction(trans_fn).await?;
-    chat_id.add_e2ee_notice(context, timestamp).await?;
+    chat_id.add_encrypted_msg(context, timestamp).await?;

    context.emit_msgs_changed_without_ids();
    chatlist_events::emit_chatlist_changed(context);
@@ -3730,16 +3734,10 @@ pub(crate) async fn add_contact_to_chat_ex(
        chat.typ != Chattype::OutBroadcast || contact_id != ContactId::SELF,
        "Cannot add SELF to broadcast channel."
    );
-    match chat.is_encrypted(context).await? {
-        true => ensure!(
-            contact.is_key_contact(),
-            "Only key-contacts can be added to encrypted chats"
-        ),
-        false => ensure!(
-            !contact.is_key_contact(),
-            "Only address-contacts can be added to unencrypted chats"
-        ),
-    }
+    ensure!(
+        chat.is_encrypted(context).await? == contact.is_key_contact(),
+        "Only key-contacts can be added to encrypted chats"
+    );

    if !chat.is_self_in_chat(context).await? {
        context.emit_event(EventType::ErrorSelfNotInGroup(
@@ -4618,11 +4616,9 @@ pub(crate) async fn add_info_msg_with_cmd(
    chat_id: ChatId,
    text: &str,
    cmd: SystemMessage,
-    // Timestamp where in the chat the message will be sorted.
-    // If this is None, the message will be sorted to the bottom.
-    timestamp_sort: Option<i64>,
-    // Timestamp to show to the user
-    timestamp_sent_rcvd: i64,
+    timestamp_sort: i64,
+    // Timestamp to show to the user (if this is None, `timestamp_sort` will be shown to the user)
+    timestamp_sent_rcvd: Option<i64>,
    parent: Option<&Message>,
    from_id: Option<ContactId>,
    added_removed_id: Option<ContactId>,
@@ -4638,22 +4634,6 @@ pub(crate) async fn add_info_msg_with_cmd(
        param.set(Param::ContactAddedRemoved, contact_id.to_u32().to_string());
    }

-    let timestamp_sort = if let Some(ts) = timestamp_sort {
-        ts
-    } else {
-        let sort_to_bottom = true;
-        let (received, incoming) = (false, false);
-        chat_id
-            .calc_sort_timestamp(
-                context,
-                smeared_time(context),
-                sort_to_bottom,
-                received,
-                incoming,
-            )
-            .await?
-    };
-
    let row_id =
    context.sql.insert(
        "INSERT INTO msgs (chat_id,from_id,to_id,timestamp,timestamp_sent,timestamp_rcvd,type,state,txt,txt_normalized,rfc724_mid,ephemeral_timer,param,mime_in_reply_to)
@@ -4663,8 +4643,8 @@ pub(crate) async fn add_info_msg_with_cmd(
            from_id.unwrap_or(ContactId::INFO),
            ContactId::INFO,
            timestamp_sort,
-            timestamp_sent_rcvd,
-            timestamp_sent_rcvd,
+            timestamp_sent_rcvd.unwrap_or(0),
+            timestamp_sent_rcvd.unwrap_or(0),
            Viewtype::Text,
            MessageState::InNoticed,
            text,
@@ -4684,14 +4664,19 @@ pub(crate) async fn add_info_msg_with_cmd(
 }

 /// Adds info message with a given text and `timestamp` to the chat.
-pub(crate) async fn add_info_msg(context: &Context, chat_id: ChatId, text: &str) -> Result<MsgId> {
+pub(crate) async fn add_info_msg(
+    context: &Context,
+    chat_id: ChatId,
+    text: &str,
+    timestamp: i64,
+) -> Result<MsgId> {
    add_info_msg_with_cmd(
        context,
        chat_id,
        text,
        SystemMessage::Unknown,
+        timestamp,
        None,
-        time(),
        None,
        None,
        None,
--- a/src/chat/chat_tests.rs
+++ b/src/chat/chat_tests.rs
@@ -815,6 +815,15 @@ async fn test_self_talk() -> Result<()> {
    assert!(msg.get_showpadlock());

    let sent_msg = t.pop_sent_msg().await;
+    let payload = sent_msg.payload();
+    // Make sure the `To` field contains the address and not
+    // "undisclosed recipients".
+    // Otherwise Delta Chat core <1.153.0 assigns the message
+    // to the trash chat.
+    assert_eq!(
+        payload.match_indices("To: <alice@example.org>\r\n").count(),
+        1
+    );

    let t2 = TestContext::new_alice().await;
    t2.recv_msg(&sent_msg).await;
@@ -1229,7 +1238,7 @@ async fn test_unarchive_if_muted() -> Result<()> {
    chat_id.set_visibility(&t, ChatVisibility::Archived).await?;
    set_muted(&t, chat_id, MuteDuration::Forever).await?;
    send_text_msg(&t, chat_id, "out".to_string()).await?;
-    add_info_msg(&t, chat_id, "info").await?;
+    add_info_msg(&t, chat_id, "info", time()).await?;
    assert_eq!(get_archived_cnt(&t).await?, 1);

    // finally, unarchive on sending to not muted chat
@@ -1628,7 +1637,7 @@ async fn test_set_mute_duration() {
 async fn test_add_info_msg() -> Result<()> {
    let t = TestContext::new().await;
    let chat_id = create_group(&t, "foo").await?;
-    add_info_msg(&t, chat_id, "foo info").await?;
+    add_info_msg(&t, chat_id, "foo info", time()).await?;

    let msg = t.get_last_msg_in(chat_id).await;
    assert_eq!(msg.get_chat_id(), chat_id);
@@ -1650,11 +1659,11 @@ async fn test_add_info_msg_with_cmd() -> Result<()> {
        chat_id,
        "foo bar info",
        SystemMessage::EphemeralTimerChanged,
-        None,
        time(),
        None,
        None,
        None,
+        None,
    )
    .await?;

@@ -3312,7 +3321,10 @@ async fn test_leave_broadcast_multidevice() -> Result<()> {

    let leave_msg = bob0.pop_sent_msg().await;
    let parsed = MimeMessage::from_bytes(bob1, leave_msg.payload().as_bytes(), None).await?;
-    assert_eq!(parsed.parts[0].msg, "I left the group.");
+    assert_eq!(
+        parsed.parts[0].msg,
+        stock_str::msg_group_left_remote(bob0).await
+    );

    let rcvd = bob1.recv_msg(&leave_msg).await;

@@ -4495,7 +4507,7 @@ async fn test_info_not_referenced() -> Result<()> {

    let bob_received_message = tcm.send_recv_accept(alice, bob, "Hi!").await;
    let bob_chat_id = bob_received_message.chat_id;
-    add_info_msg(bob, bob_chat_id, "Some info").await?;
+    add_info_msg(bob, bob_chat_id, "Some info", create_smeared_timestamp(bob)).await?;

    // Bob sends a message.
    // This message should reference Alice's "Hi!" message and not the info message.
--- a/src/config.rs
+++ b/src/config.rs
@@ -18,7 +18,7 @@ use crate::context::Context;
 use crate::events::EventType;
 use crate::log::LogExt;
 use crate::mimefactory::RECOMMENDED_FILE_SIZE;
-use crate::provider::Provider;
+use crate::provider::{Provider, get_provider_by_id};
 use crate::sync::{self, Sync::*, SyncData};
 use crate::tools::get_abs_path;
 use crate::transport::ConfiguredLoginParam;
@@ -477,10 +477,7 @@ impl Config {

    /// Whether the config option needs an IO scheduler restart to take effect.
    pub(crate) fn needs_io_restart(&self) -> bool {
-        matches!(
-            self,
-            Config::MvboxMove | Config::OnlyFetchMvbox | Config::ConfiguredAddr
-        )
+        matches!(self, Config::MvboxMove | Config::OnlyFetchMvbox)
    }
 }

@@ -646,14 +643,15 @@ impl Context {
        Ok(val)
    }

-    /// Gets the configured provider.
+    /// Gets the configured provider, as saved in the `configured_provider` value.
    ///
-    /// The provider is determined by the current primary transport.
+    /// The provider is determined by `get_provider_info()` during configuration and then saved
+    /// to the db in `param.save_to_database()`, together with all the other `configured_*` values.
    pub async fn get_configured_provider(&self) -> Result<Option<&'static Provider>> {
-        let provider = ConfiguredLoginParam::load(self)
-            .await?
-            .and_then(|(_transport_id, param)| param.provider);
-        Ok(provider)
+        if let Some(cfg) = self.get_config(Config::ConfiguredProvider).await? {
+            return Ok(get_provider_by_id(&cfg));
+        }
+        Ok(None)
    }

    /// Gets configured "delete_device_after" value.
@@ -715,16 +713,6 @@ impl Context {
    pub async fn set_config(&self, key: Config, value: Option<&str>) -> Result<()> {
        Self::check_config(key, value)?;

-        let n_transports = self.count_transports().await?;
-        if n_transports > 1
-            && matches!(
-                key,
-                Config::MvboxMove | Config::OnlyFetchMvbox | Config::ShowEmails
-            )
-        {
-            bail!("Cannot reconfigure {key} when multiple transports are configured");
-        }
-
        let _pause = match key.needs_io_restart() {
            true => self.scheduler.pause(self).await?,
            _ => Default::default(),
@@ -810,59 +798,20 @@ impl Context {
                    .await?;
            }
            Config::ConfiguredAddr => {
-                let Some(addr) = value else {
-                    bail!("Cannot unset configured_addr");
-                };
-
-                if !self.is_configured().await? {
+                if self.is_configured().await? {
+                    bail!("Cannot change ConfiguredAddr");
+                }
+                if let Some(addr) = value {
                    info!(
                        self,
                        "Creating a pseudo configured account which will not be able to send or receive messages. Only meant for tests!"
                    );
-                    self.sql
-                        .execute(
-                            "INSERT INTO transports (addr, entered_param, configured_param) VALUES (?, ?, ?)",
-                            (
-                                addr,
-                                serde_json::to_string(&EnteredLoginParam::default())?,
-                                format!(r#"{{"addr":"{addr}","imap":[],"imap_user":"","imap_password":"","smtp":[],"smtp_user":"","smtp_password":"","certificate_checks":"Automatic","oauth2":false}}"#)
-                            ),
-                        )
-                        .await?;
-                    self.sql
-                        .set_raw_config(Config::ConfiguredAddr.as_ref(), Some(addr))
-                        .await?;
-                }
-                self.sql
-                    .transaction(|transaction| {
-                        if transaction.query_row(
-                            "SELECT COUNT(*) FROM transports WHERE addr=?",
-                            (addr,),
-                            |row| {
-                                let res: i64 = row.get(0)?;
-                                Ok(res)
-                            },
-                        )? == 0
-                        {
-                            bail!("Address does not belong to any transport.");
-                        }
-                        transaction.execute(
-                            "UPDATE config SET value=? WHERE keyname='configured_addr'",
-                            (addr,),
-                        )?;
-
-                        // Clean up SMTP and IMAP APPEND queue.
-                        //
-                        // The messages in the queue have a different
-                        // From address so we cannot send them over
-                        // the new SMTP transport.
-                        transaction.execute("DELETE FROM smtp", ())?;
-                        transaction.execute("DELETE FROM imap_send", ())?;
-
-                        Ok(())
-                    })
+                    ConfiguredLoginParam::from_json(&format!(
+                        r#"{{"addr":"{addr}","imap":[],"imap_user":"","imap_password":"","smtp":[],"smtp_user":"","smtp_password":"","certificate_checks":"Automatic","oauth2":false}}"#
+                    ))?
+                    .save_to_transports_table(self, &EnteredLoginParam::default())
                    .await?;
-                self.sql.uncache_raw_config("configured_addr").await;
+                }
            }
            _ => {
                self.sql.set_raw_config(key.as_ref(), value).await?;
--- a/src/config/config_tests.rs
+++ b/src/config/config_tests.rs
@@ -278,6 +278,7 @@ async fn test_sync() -> Result<()> {
    Ok(())
 }

+/// Sync message mustn't be sent if self-{status,avatar} is changed by a self-sent message.
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_no_sync_on_self_sent_msg() -> Result<()> {
    let mut tcm = TestContextManager::new();
@@ -287,7 +288,7 @@ async fn test_no_sync_on_self_sent_msg() -> Result<()> {
        a.set_config_bool(Config::SyncMsgs, true).await?;
    }

-    let status = "Sent via usual message";
+    let status = "Synced via usual message";
    alice0.set_config(Config::Selfstatus, Some(status)).await?;
    alice0.send_sync_msg().await?;
    alice0.pop_sent_sync_msg().await;
@@ -296,7 +297,7 @@ async fn test_no_sync_on_self_sent_msg() -> Result<()> {
    tcm.send_recv(alice0, alice1, "hi Alice!").await;
    assert_eq!(
        alice1.get_config(Config::Selfstatus).await?,
-        Some(status1.to_string())
+        Some(status.to_string())
    );
    sync(alice1, alice0).await;
    assert_eq!(
@@ -327,7 +328,7 @@ async fn test_no_sync_on_self_sent_msg() -> Result<()> {
        alice1
            .get_config(Config::Selfavatar)
            .await?
-            .filter(|path| path.ends_with(".jpg"))
+            .filter(|path| path.ends_with(".png"))
            .is_some()
    );
    sync(alice1, alice0).await;
--- a/src/configure.rs
+++ b/src/configure.rs
@@ -27,7 +27,7 @@ use crate::config::{self, Config};
 use crate::constants::NON_ALPHANUMERIC_WITHOUT_DOT;
 use crate::context::Context;
 use crate::imap::Imap;
-use crate::log::warn;
+use crate::log::{LogExt, warn};
 use crate::login_param::EnteredCertificateChecks;
 pub use crate::login_param::EnteredLoginParam;
 use crate::message::Message;
@@ -40,10 +40,11 @@ use crate::sync::Sync::*;
 use crate::tools::time;
 use crate::transport::{
    ConfiguredCertificateChecks, ConfiguredLoginParam, ConfiguredServerLoginParam,
-    ConnectionCandidate, send_sync_transports,
+    ConnectionCandidate,
 };
 use crate::{EventType, stock_str};
 use crate::{chat, provider};
+use deltachat_contact_tools::addr_cmp;

 macro_rules! progress {
    ($context:tt, $progress:expr, $comment:expr) => {
@@ -129,6 +130,12 @@ impl Context {
            "cannot configure, database not opened."
        );
        param.addr = addr_normalize(&param.addr);
+        let old_addr = self.get_config(Config::ConfiguredAddr).await?;
+        if self.is_configured().await? && !addr_cmp(&old_addr.unwrap_or_default(), &param.addr) {
+            let error_msg = "Changing your email address is not supported right now. Check back in a few months!";
+            progress!(self, 0, Some(error_msg.to_string()));
+            bail!(error_msg);
+        }
        let cancel_channel = self.alloc_ongoing().await?;

        let res = self
@@ -197,92 +204,23 @@ impl Context {
        Ok(transports)
    }

-    /// Returns the number of configured transports.
-    pub async fn count_transports(&self) -> Result<usize> {
-        self.sql.count("SELECT COUNT(*) FROM transports", ()).await
-    }
-
    /// Removes the transport with the specified email address
    /// (i.e. [EnteredLoginParam::addr]).
-    pub async fn delete_transport(&self, addr: &str) -> Result<()> {
-        let now = time();
-        self.sql
-            .transaction(|transaction| {
-                let primary_addr = transaction.query_row(
-                    "SELECT value FROM config WHERE keyname='configured_addr'",
-                    (),
-                    |row| {
-                        let addr: String = row.get(0)?;
-                        Ok(addr)
-                    },
-                )?;
-
-                if primary_addr == addr {
-                    bail!("Cannot delete primary transport");
-                }
-                let (transport_id, add_timestamp) = transaction.query_row(
-                    "DELETE FROM transports WHERE addr=? RETURNING id, add_timestamp",
-                    (addr,),
-                    |row| {
-                        let id: u32 = row.get(0)?;
-                        let add_timestamp: i64 = row.get(1)?;
-                        Ok((id, add_timestamp))
-                    },
-                )?;
-                transaction.execute("DELETE FROM imap WHERE transport_id=?", (transport_id,))?;
-                transaction.execute(
-                    "DELETE FROM imap_sync WHERE transport_id=?",
-                    (transport_id,),
-                )?;
-
-                // Removal timestamp should not be lower than addition timestamp
-                // to be accepted by other devices when synced.
-                let remove_timestamp = std::cmp::max(now, add_timestamp);
-
-                transaction.execute(
-                    "INSERT INTO removed_transports (addr, remove_timestamp)
-                     VALUES (?, ?)
-                     ON CONFLICT (addr)
-                     DO UPDATE SET remove_timestamp = excluded.remove_timestamp",
-                    (addr, remove_timestamp),
-                )?;
-
-                Ok(())
-            })
-            .await?;
-        send_sync_transports(self).await?;
-
-        Ok(())
+    #[expect(clippy::unused_async)]
+    pub async fn delete_transport(&self, _addr: &str) -> Result<()> {
+        bail!(
+            "Adding and removing additional transports is not supported yet. Check back in a few months!"
+        )
    }

    async fn inner_configure(&self, param: &EnteredLoginParam) -> Result<()> {
        info!(self, "Configure ...");

        let old_addr = self.get_config(Config::ConfiguredAddr).await?;
-        if old_addr.is_some()
-            && !self
-                .sql
-                .exists(
-                    "SELECT COUNT(*) FROM transports WHERE addr=?",
-                    (&param.addr,),
-                )
-                .await?
-        {
-            if self.get_config(Config::MvboxMove).await?.as_deref() != Some("0") {
-                bail!("Cannot use multi-transport with mvbox_move enabled.");
-            }
-            if self.get_config(Config::OnlyFetchMvbox).await?.as_deref() != Some("0") {
-                bail!("Cannot use multi-transport with only_fetch_mvbox enabled.");
-            }
-            if self.get_config(Config::ShowEmails).await?.as_deref() != Some("2") {
-                bail!("Cannot use multi-transport with disabled fetching of classic emails.");
-            }
-        }
-
        let provider = configure(self, param).await?;
        self.set_config_internal(Config::NotifyAboutWrongPw, Some("1"))
            .await?;
-        on_configure_completed(self, provider).await?;
+        on_configure_completed(self, provider, old_addr).await?;
        Ok(())
    }
 }
@@ -290,6 +228,7 @@ impl Context {
 async fn on_configure_completed(
    context: &Context,
    provider: Option<&'static Provider>,
+    old_addr: Option<String>,
 ) -> Result<()> {
    if let Some(provider) = provider {
        if let Some(config_defaults) = provider.config_defaults {
@@ -319,6 +258,20 @@ async fn on_configure_completed(
        }
    }

+    if let Some(new_addr) = context.get_config(Config::ConfiguredAddr).await?
+        && let Some(old_addr) = old_addr
+        && !addr_cmp(&new_addr, &old_addr)
+    {
+        let mut msg = Message::new_text(
+            stock_str::aeap_explanation_and_link(context, &old_addr, &new_addr).await,
+        );
+        chat::add_device_msg(context, None, Some(&mut msg))
+            .await
+            .context("Cannot add AEAP explanation")
+            .log_err(context)
+            .ok();
+    }
+
    Ok(())
 }

@@ -550,40 +503,71 @@ async fn configure(ctx: &Context, param: &EnteredLoginParam) -> Result<Option<&'

    // Configure IMAP

-    let transport_id = 0;
    let (_s, r) = async_channel::bounded(1);
-    let mut imap = Imap::new(ctx, transport_id, configured_param.clone(), r).await?;
+    let mut imap = Imap::new(
+        configured_param.imap.clone(),
+        configured_param.imap_password.clone(),
+        proxy_config,
+        &configured_param.addr,
+        strict_tls,
+        configured_param.oauth2,
+        r,
+    );
    let configuring = true;
-    if let Err(err) = imap.connect(ctx, configuring).await {
-        bail!(
+    let mut imap_session = match imap.connect(ctx, configuring).await {
+        Ok(session) => session,
+        Err(err) => bail!(
            "{}",
            nicer_configuration_error(ctx, format!("{err:#}")).await
-        );
+        ),
    };

    progress!(ctx, 850);

    // Wait for SMTP configuration
-    smtp_config_task.await??;
+    smtp_config_task.await.unwrap()?;

    progress!(ctx, 900);

-    let is_configured = ctx.is_configured().await?;
-    if !is_configured {
-        ctx.sql.set_raw_config("mvbox_move", Some("0")).await?;
-        ctx.sql.set_raw_config("only_fetch_mvbox", None).await?;
+    let is_chatmail = match ctx.get_config_bool(Config::FixIsChatmail).await? {
+        false => {
+            let is_chatmail = imap_session.is_chatmail();
+            ctx.set_config(
+                Config::IsChatmail,
+                Some(match is_chatmail {
+                    false => "0",
+                    true => "1",
+                }),
+            )
+            .await?;
+            is_chatmail
+        }
+        true => ctx.get_config_bool(Config::IsChatmail).await?,
+    };
+    if is_chatmail {
+        ctx.set_config(Config::MvboxMove, Some("0")).await?;
+        ctx.set_config(Config::OnlyFetchMvbox, None).await?;
+        ctx.set_config(Config::ShowEmails, None).await?;
    }

+    let create_mvbox = !is_chatmail;
+    imap.configure_folders(ctx, &mut imap_session, create_mvbox)
+        .await?;
+
+    let create = true;
+    imap_session
+        .select_with_uidvalidity(ctx, "INBOX", create)
+        .await
+        .context("could not read INBOX status")?;
+
    drop(imap);

    progress!(ctx, 910);

    let provider = configured_param.provider;
    configured_param
-        .clone()
-        .save_to_transports_table(ctx, param, time())
+        .save_to_transports_table(ctx, param)
        .await?;
-    send_sync_transports(ctx).await?;

    ctx.set_config_internal(Config::ConfiguredTimestamp, Some(&time().to_string()))
        .await?;
--- a/src/contact.rs
+++ b/src/contact.rs
@@ -130,15 +130,13 @@ impl ContactId {
                            Ok((addr, fingerprint))
                        },
                    )?;
+                    context.emit_event(EventType::ContactsChanged(Some(self)));
                    Ok(Some((addr, fingerprint)))
                } else {
                    Ok(None)
                }
            })
            .await?;
-        if row.is_some() {
-            context.emit_event(EventType::ContactsChanged(Some(self)));
-        }

        if sync.into()
            && let Some((addr, fingerprint)) = row
@@ -383,16 +381,20 @@ async fn import_vcard_contact(context: &Context, contact: &VcardContact) -> Resu
        },
        None => None,
    };
-    if let Some(path) = path
-        && let Err(e) = set_profile_image(context, id, &AvatarAction::Change(path)).await
-    {
-        warn!(
-            context,
-            "import_vcard_contact: Could not set avatar for {}: {e:#}.", contact.addr
-        );
+    if let Some(path) = path {
+        // Currently this value doesn't matter as we don't import the contact of self.
+        let was_encrypted = false;
+        if let Err(e) =
+            set_profile_image(context, id, &AvatarAction::Change(path), was_encrypted).await
+        {
+            warn!(
+                context,
+                "import_vcard_contact: Could not set avatar for {}: {e:#}.", contact.addr
+            );
+        }
    }
    if let Some(biography) = &contact.biography
-        && let Err(e) = set_status(context, id, biography.to_owned()).await
+        && let Err(e) = set_status(context, id, biography.to_owned(), false, false).await
    {
        warn!(
            context,
@@ -1505,6 +1507,18 @@ impl Contact {
        &self.addr
    }

+    /// Get authorized name or address.
+    ///
+    /// This string is suitable for sending over email
+    /// as it does not leak the locally set name.
+    pub(crate) fn get_authname_or_addr(&self) -> String {
+        if !self.authname.is_empty() {
+            (&self.authname).into()
+        } else {
+            (&self.addr).into()
+        }
+    }
+
    /// Get a summary of name and address.
    ///
    /// The returned string is either "Name (email@domain.com)" or just
@@ -1820,19 +1834,25 @@ WHERE type=? AND id IN (
 /// The given profile image is expected to be already in the blob directory
 /// as profile images can be set only by receiving messages, this should be always the case, however.
 ///
-/// For contact SELF, the image is not saved in the contact-database but as Config::Selfavatar.
+/// For contact SELF, the image is not saved in the contact-database but as Config::Selfavatar;
+/// this typically happens if we see message with our own profile image.
 pub(crate) async fn set_profile_image(
    context: &Context,
    contact_id: ContactId,
    profile_image: &AvatarAction,
+    was_encrypted: bool,
 ) -> Result<()> {
    let mut contact = Contact::get_by_id(context, contact_id).await?;
    let changed = match profile_image {
        AvatarAction::Change(profile_image) => {
            if contact_id == ContactId::SELF {
-                context
-                    .set_config_ex(Nosync, Config::Selfavatar, Some(profile_image))
-                    .await?;
+                if was_encrypted {
+                    context
+                        .set_config_ex(Nosync, Config::Selfavatar, Some(profile_image))
+                        .await?;
+                } else {
+                    info!(context, "Do not use unencrypted selfavatar.");
+                }
            } else {
                contact.param.set(Param::ProfileImage, profile_image);
            }
@@ -1840,9 +1860,13 @@ pub(crate) async fn set_profile_image(
        }
        AvatarAction::Delete => {
            if contact_id == ContactId::SELF {
-                context
-                    .set_config_ex(Nosync, Config::Selfavatar, None)
-                    .await?;
+                if was_encrypted {
+                    context
+                        .set_config_ex(Nosync, Config::Selfavatar, None)
+                        .await?;
+                } else {
+                    info!(context, "Do not use unencrypted selfavatar deletion.");
+                }
            } else {
                contact.param.remove(Param::ProfileImage);
            }
@@ -1859,16 +1883,22 @@ pub(crate) async fn set_profile_image(

 /// Sets contact status.
 ///
-/// For contact SELF, the status is not saved in the contact table, but as Config::Selfstatus.
+/// For contact SELF, the status is not saved in the contact table, but as Config::Selfstatus.  This
+/// is only done if message is sent from Delta Chat and it is encrypted, to synchronize signature
+/// between Delta Chat devices.
 pub(crate) async fn set_status(
    context: &Context,
    contact_id: ContactId,
    status: String,
+    encrypted: bool,
+    has_chat_version: bool,
 ) -> Result<()> {
    if contact_id == ContactId::SELF {
-        context
-            .set_config_ex(Nosync, Config::Selfstatus, Some(&status))
-            .await?;
+        if encrypted && has_chat_version {
+            context
+                .set_config_ex(Nosync, Config::Selfstatus, Some(&status))
+                .await?;
+        }
    } else {
        let mut contact = Contact::get_by_id(context, contact_id).await?;

--- a/src/contact/contact_tests.rs
+++ b/src/contact/contact_tests.rs
@@ -4,7 +4,7 @@ use super::*;
 use crate::chat::{Chat, get_chat_contacts, send_text_msg};
 use crate::chatlist::Chatlist;
 use crate::receive_imf::receive_imf;
-use crate::test_utils::{self, TestContext, TestContextManager, TimeShiftFalsePositiveNote, sync};
+use crate::test_utils::{self, TestContext, TestContextManager, TimeShiftFalsePositiveNote};

 #[test]
 fn test_contact_id_values() {
@@ -850,7 +850,8 @@ CCCB 5AA9 F6E1 141C 9431
    Ok(())
 }

-/// Tests that self-status is not synchronized from outgoing messages.
+/// Tests that status is synchronized when sending encrypted BCC-self messages and not
+/// synchronized when the message is not encrypted.
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_synchronize_status() -> Result<()> {
    let mut tcm = TestContextManager::new();
@@ -869,12 +870,21 @@ async fn test_synchronize_status() -> Result<()> {
        .await?;
    let chat = alice1.create_email_chat(bob).await;

-    // Alice sends an unencrypted message to Bob from the first device.
+    // Alice sends a message to Bob from the first device.
    send_text_msg(alice1, chat.id, "Hello".to_string()).await?;
    let sent_msg = alice1.pop_sent_msg().await;

+    // Message is not encrypted.
+    let message = sent_msg.load_from_db().await;
+    assert!(!message.get_showpadlock());
+
    // Alice's second devices receives a copy of outgoing message.
    alice2.recv_msg(&sent_msg).await;
+
+    // Bob receives message.
+    bob.recv_msg(&sent_msg).await;
+
+    // Message was not encrypted, so status is not copied.
    assert_eq!(alice2.get_config(Config::Selfstatus).await?, default_status);

    // Alice sends encrypted message.
@@ -882,9 +892,17 @@ async fn test_synchronize_status() -> Result<()> {
    send_text_msg(alice1, chat.id, "Hello".to_string()).await?;
    let sent_msg = alice1.pop_sent_msg().await;

+    // Second message is encrypted.
+    let message = sent_msg.load_from_db().await;
+    assert!(message.get_showpadlock());
+
    // Alice's second devices receives a copy of second outgoing message.
    alice2.recv_msg(&sent_msg).await;
-    assert_eq!(alice2.get_config(Config::Selfstatus).await?, default_status);
+
+    assert_eq!(
+        alice2.get_config(Config::Selfstatus).await?,
+        Some("New status".to_string())
+    );

    Ok(())
 }
@@ -897,9 +915,9 @@ async fn test_selfavatar_changed_event() -> Result<()> {
    // Alice has two devices.
    let alice1 = &tcm.alice().await;
    let alice2 = &tcm.alice().await;
-    for a in [alice1, alice2] {
-        a.set_config_bool(Config::SyncMsgs, true).await?;
-    }
+
+    // Bob has one device.
+    let bob = &tcm.bob().await;

    assert_eq!(alice1.get_config(Config::Selfavatar).await?, None);

@@ -915,7 +933,17 @@ async fn test_selfavatar_changed_event() -> Result<()> {
        .get_matching(|e| matches!(e, EventType::SelfavatarChanged))
        .await;

-    sync(alice1, alice2).await;
+    // Alice sends a message.
+    let alice1_chat_id = alice1.create_chat(bob).await.id;
+    send_text_msg(alice1, alice1_chat_id, "Hello".to_string()).await?;
+    let sent_msg = alice1.pop_sent_msg().await;
+
+    // The message is encrypted.
+    let message = sent_msg.load_from_db().await;
+    assert!(message.get_showpadlock());
+
+    // Alice's second device receives a copy of the outgoing message.
+    alice2.recv_msg(&sent_msg).await;

    // Alice's second device applies the selfavatar.
    assert!(alice2.get_config(Config::Selfavatar).await?.is_some());
--- a/src/context.rs
+++ b/src/context.rs
@@ -5,7 +5,7 @@ use std::ffi::OsString;
 use std::ops::Deref;
 use std::path::{Path, PathBuf};
 use std::sync::atomic::AtomicBool;
-use std::sync::{Arc, OnceLock, Weak};
+use std::sync::{Arc, OnceLock};
 use std::time::Duration;

 use anyhow::{Context as _, Result, bail, ensure};
@@ -46,7 +46,7 @@ use crate::{chatlist_events, stats};
 ///
 /// # Examples
 ///
-/// Creating a new database:
+/// Creating a new unencrypted database:
 ///
 /// ```
 /// # let rt = tokio::runtime::Runtime::new().unwrap();
@@ -61,6 +61,24 @@ use crate::{chatlist_events, stats};
 /// drop(context);
 /// # });
 /// ```
+///
+/// To use an encrypted database provide a password.  If the database does not yet exist it
+/// will be created:
+///
+/// ```
+/// # let rt = tokio::runtime::Runtime::new().unwrap();
+/// # rt.block_on(async move {
+/// use deltachat::context::ContextBuilder;
+///
+/// let dir = tempfile::tempdir().unwrap();
+/// let context = ContextBuilder::new(dir.path().join("db"))
+///      .with_password("secret".into())
+///      .open()
+///      .await
+///      .unwrap();
+/// drop(context);
+/// # });
+/// ```
 #[derive(Clone, Debug)]
 pub struct ContextBuilder {
    dbfile: PathBuf,
@@ -132,13 +150,9 @@ impl ContextBuilder {
    }

    /// Sets the password to unlock the database.
-    /// Deprecated 2025-11:
-    /// - Db encryption does nothing with blobs, so fs/disk encryption is recommended.
-    /// - Isolation from other apps is needed anyway.
    ///
    /// If an encrypted database is used it must be opened with a password.  Setting a
    /// password on a new database will enable encryption.
-    #[deprecated(since = "TBD")]
    pub fn with_password(mut self, password: String) -> Self {
        self.password = Some(password);
        self
@@ -166,7 +180,7 @@ impl ContextBuilder {

    /// Builds the [`Context`] and opens it.
    ///
-    /// Returns error if context cannot be opened.
+    /// Returns error if context cannot be opened with the given passphrase.
    pub async fn open(self) -> Result<Context> {
        let password = self.password.clone().unwrap_or_default();
        let context = self.build().await?;
@@ -201,25 +215,6 @@ impl Deref for Context {
    }
 }

-/// A weak reference to a [`Context`]
-///
-/// Can be used to obtain a [`Context`]. An existing weak reference does not prevent the corresponding [`Context`] from being dropped.
-#[derive(Clone, Debug)]
-pub(crate) struct WeakContext {
-    inner: Weak<InnerContext>,
-}
-
-impl WeakContext {
-    /// Returns the [`Context`] if it is still available.
-    pub(crate) fn upgrade(&self) -> Result<Context> {
-        let inner = self
-            .inner
-            .upgrade()
-            .ok_or_else(|| anyhow::anyhow!("Inner struct has been dropped"))?;
-        Ok(Context { inner })
-    }
-}
-
 /// Actual context, expensive to clone.
 #[derive(Debug)]
 pub struct InnerContext {
@@ -404,20 +399,10 @@ impl Context {
        Ok(context)
    }

-    /// Returns a weak reference to this [`Context`].
-    pub(crate) fn get_weak_context(&self) -> WeakContext {
-        WeakContext {
-            inner: Arc::downgrade(&self.inner),
-        }
-    }
-
    /// Opens the database with the given passphrase.
-    /// NB: Db encryption is deprecated, so `passphrase` should be empty normally. See
-    /// [`ContextBuilder::with_password()`] for reasoning.
    ///
    /// Returns true if passphrase is correct, false is passphrase is not correct. Fails on other
    /// errors.
-    #[deprecated(since = "TBD")]
    pub async fn open(&self, passphrase: String) -> Result<bool> {
        if self.sql.check_passphrase(passphrase.clone()).await? {
            self.sql.open(self, passphrase).await?;
@@ -428,7 +413,6 @@ impl Context {
    }

    /// Changes encrypted database passphrase.
-    /// Deprecated 2025-11, see [`ContextBuilder::with_password()`] for reasoning.
    pub async fn change_passphrase(&self, passphrase: String) -> Result<()> {
        self.sql.change_passphrase(passphrase).await?;
        Ok(())
@@ -479,7 +463,7 @@ impl Context {
            translated_stockstrings: stockstrings,
            events,
            scheduler: SchedulerState::new(),
-            ratelimit: RwLock::new(Ratelimit::new(Duration::new(3, 0), 3.0)), // Allow at least 1 message every second + a burst of 3.
+            ratelimit: RwLock::new(Ratelimit::new(Duration::new(60, 0), 6.0)), // Allow at least 1 message every 10 seconds + a burst of 6.
            quota: RwLock::new(None),
            new_msgs_notify,
            server_id: RwLock::new(None),
@@ -511,6 +495,12 @@ impl Context {
            return;
        }

+        if self.is_chatmail().await.unwrap_or_default() {
+            let mut lock = self.ratelimit.write().await;
+            // Allow at least 1 message every second + a burst of 3.
+            *lock = Ratelimit::new(Duration::new(3, 0), 3.0);
+        }
+
        // The next line is mainly for iOS:
        // iOS starts a separate process for receiving notifications and if the user concurrently
        // starts the app, the UI process opens the database but waits with calling start_io()
@@ -817,10 +807,9 @@ impl Context {
    /// Returns information about the context as key-value pairs.
    pub async fn get_info(&self) -> Result<BTreeMap<&'static str, String>> {
        let l = EnteredLoginParam::load(self).await?;
-        let l2 = ConfiguredLoginParam::load(self).await?.map_or_else(
-            || "Not configured".to_string(),
-            |(_transport_id, param)| param.to_string(),
-        );
+        let l2 = ConfiguredLoginParam::load(self)
+            .await?
+            .map_or_else(|| "Not configured".to_string(), |param| param.to_string());
        let secondary_addrs = self.get_secondary_self_addrs().await?.join(", ");
        let chats = get_chat_cnt(self).await?;
        let unblocked_msgs = message::get_unblocked_msg_cnt(self).await;
--- a/src/e2ee.rs
+++ b/src/e2ee.rs
@@ -8,7 +8,7 @@ use mail_builder::mime::MimePart;
 use crate::aheader::{Aheader, EncryptPreference};
 use crate::context::Context;
 use crate::key::{SignedPublicKey, load_self_public_key, load_self_secret_key};
-use crate::pgp::{self, SeipdVersion};
+use crate::pgp;

 #[derive(Debug)]
 pub struct EncryptHelper {
@@ -47,7 +47,6 @@ impl EncryptHelper {
        mail_to_encrypt: MimePart<'static>,
        compress: bool,
        anonymous_recipients: bool,
-        seipd_version: SeipdVersion,
    ) -> Result<String> {
        let sign_key = load_self_secret_key(context).await?;

@@ -58,10 +57,9 @@ impl EncryptHelper {
        let ctext = pgp::pk_encrypt(
            raw_message,
            keyring,
-            sign_key,
+            Some(sign_key),
            compress,
            anonymous_recipients,
-            seipd_version,
        )
        .await?;

--- a/src/ephemeral/ephemeral_tests.rs
+++ b/src/ephemeral/ephemeral_tests.rs
@@ -451,8 +451,6 @@ async fn test_delete_expired_imap_messages() -> Result<()> {
    let t = TestContext::new_alice().await;
    const HOUR: i64 = 60 * 60;
    let now = time();
-    let transport_id = 1;
-    let uidvalidity = 12345;
    for (id, timestamp, ephemeral_timestamp) in &[
        (900, now - 2 * HOUR, 0),
        (1000, now - 23 * HOUR - MIN_DELETE_SERVER_AFTER, 0),
@@ -472,8 +470,8 @@ async fn test_delete_expired_imap_messages() -> Result<()> {
               .await?;
        t.sql
            .execute(
-                "INSERT INTO imap (transport_id, rfc724_mid, folder, uid, target, uidvalidity) VALUES (?, ?,'INBOX',?, 'INBOX', ?);",
-                (transport_id, &message_id, id, uidvalidity),
+                "INSERT INTO imap (rfc724_mid, folder, uid, target) VALUES (?,'INBOX',?, 'INBOX');",
+                (&message_id, id),
            )
            .await?;
    }
--- a/src/events/payload.rs
+++ b/src/events/payload.rs
@@ -417,15 +417,6 @@ pub enum EventType {
        chat_id: ChatId,
    },

-    /// One or more transports has changed.
-    ///
-    /// This event is used for tests to detect when transport
-    /// synchronization messages arrives.
-    /// UIs don't need to use it, it is unlikely
-    /// that user modifies transports on multiple
-    /// devices simultaneously.
-    TransportsModified,
-
    /// Event for using in tests, e.g. as a fence between normally generated events.
    #[cfg(test)]
    Test,
--- a/src/imap.rs
+++ b/src/imap.rs
@@ -71,15 +71,10 @@ const BODY_PARTIAL: &str = "(FLAGS RFC822.SIZE BODY.PEEK[HEADER])";

 #[derive(Debug)]
 pub(crate) struct Imap {
-    /// ID of the transport configuration in the `transports` table.
-    ///
-    /// This ID is used to namespace records in the `imap` table.
-    transport_id: u32,
-
    pub(crate) idle_interrupt_receiver: Receiver<()>,

    /// Email address.
-    pub(crate) addr: String,
+    addr: String,

    /// Login parameters.
    lp: Vec<ConfiguredServerLoginParam>,
@@ -254,21 +249,19 @@ impl<T: Iterator<Item = (i64, u32, String)>> Iterator for UidGrouper<T> {

 impl Imap {
    /// Creates new disconnected IMAP client using the specific login parameters.
-    pub async fn new(
-        context: &Context,
-        transport_id: u32,
-        param: ConfiguredLoginParam,
+    ///
+    /// `addr` is used to renew token if OAuth2 authentication is used.
+    pub fn new(
+        lp: Vec<ConfiguredServerLoginParam>,
+        password: String,
+        proxy_config: Option<ProxyConfig>,
+        addr: &str,
+        strict_tls: bool,
+        oauth2: bool,
        idle_interrupt_receiver: Receiver<()>,
-    ) -> Result<Self> {
-        let lp = param.imap.clone();
-        let password = param.imap_password.clone();
-        let proxy_config = ProxyConfig::load(context).await?;
-        let addr = &param.addr;
-        let strict_tls = param.strict_tls(proxy_config.is_some());
-        let oauth2 = param.oauth2;
+    ) -> Self {
        let (resync_request_sender, resync_request_receiver) = async_channel::bounded(1);
-        Ok(Imap {
-            transport_id,
+        Imap {
            idle_interrupt_receiver,
            addr: addr.to_string(),
            lp,
@@ -284,7 +277,7 @@ impl Imap {
            ratelimit: Ratelimit::new(Duration::new(120, 0), 2.0),
            resync_request_sender,
            resync_request_receiver,
-        })
+        }
    }

    /// Creates new disconnected IMAP client using configured parameters.
@@ -292,10 +285,20 @@ impl Imap {
        context: &Context,
        idle_interrupt_receiver: Receiver<()>,
    ) -> Result<Self> {
-        let (transport_id, param) = ConfiguredLoginParam::load(context)
+        let param = ConfiguredLoginParam::load(context)
            .await?
            .context("Not configured")?;
-        let imap = Self::new(context, transport_id, param, idle_interrupt_receiver).await?;
+        let proxy_config = ProxyConfig::load(context).await?;
+        let strict_tls = param.strict_tls(proxy_config.is_some());
+        let imap = Self::new(
+            param.imap.clone(),
+            param.imap_password.clone(),
+            proxy_config,
+            &param.addr,
+            strict_tls,
+            param.oauth2,
+            idle_interrupt_receiver,
+        );
        Ok(imap)
    }

@@ -409,19 +412,9 @@ impl Imap {
                            })
                            .await
                            .context("Failed to enable IMAP compression")?;
-                        Session::new(
-                            compressed_session,
-                            capabilities,
-                            resync_request_sender,
-                            self.transport_id,
-                        )
+                        Session::new(compressed_session, capabilities, resync_request_sender)
                    } else {
-                        Session::new(
-                            session,
-                            capabilities,
-                            resync_request_sender,
-                            self.transport_id,
-                        )
+                        Session::new(session, capabilities, resync_request_sender)
                    };

                    // Store server ID in the context to display in account info.
@@ -600,9 +593,8 @@ impl Imap {
        folder: &str,
        folder_meaning: FolderMeaning,
    ) -> Result<(usize, bool)> {
-        let transport_id = self.transport_id;
-        let uid_validity = get_uidvalidity(context, transport_id, folder).await?;
-        let old_uid_next = get_uid_next(context, transport_id, folder).await?;
+        let uid_validity = get_uidvalidity(context, folder).await?;
+        let old_uid_next = get_uid_next(context, folder).await?;
        info!(
            context,
            "fetch_new_msg_batch({folder}): UIDVALIDITY={uid_validity}, UIDNEXT={old_uid_next}."
@@ -670,19 +662,12 @@ impl Imap {
            context
                .sql
                .execute(
-                    "INSERT INTO imap (transport_id, rfc724_mid, folder, uid, uidvalidity, target)
-                       VALUES         (?,            ?,          ?,      ?,   ?,           ?)
-                       ON CONFLICT(transport_id, folder, uid, uidvalidity)
+                    "INSERT INTO imap (rfc724_mid, folder, uid, uidvalidity, target)
+                       VALUES         (?1,         ?2,     ?3,  ?4,          ?5)
+                       ON CONFLICT(folder, uid, uidvalidity)
                       DO UPDATE SET rfc724_mid=excluded.rfc724_mid,
                                     target=excluded.target",
-                    (
-                        self.transport_id,
-                        &message_id,
-                        &folder,
-                        uid,
-                        uid_validity,
-                        target,
-                    ),
+                    (&message_id, &folder, uid, uid_validity, target),
                )
                .await?;

@@ -793,7 +778,7 @@ impl Imap {
            prefetch_uid_next < mailbox_uid_next
        };
        if new_uid_next > old_uid_next {
-            set_uid_next(context, self.transport_id, folder, new_uid_next).await?;
+            set_uid_next(context, folder, new_uid_next).await?;
        }

        info!(context, "{} mails read from \"{}\".", read_cnt, folder);
@@ -873,7 +858,6 @@ impl Session {
        let folder_exists = self
            .select_with_uidvalidity(context, folder, create)
            .await?;
-        let transport_id = self.transport_id();
        if folder_exists {
            let mut list = self
                .uid_fetch("1:*", RFC724MID_UID)
@@ -906,7 +890,7 @@ impl Session {
                msgs.len(),
            );

-            uid_validity = get_uidvalidity(context, transport_id, folder).await?;
+            uid_validity = get_uidvalidity(context, folder).await?;
        } else {
            warn!(context, "resync_folder_uids: No folder {folder}.");
            uid_validity = 0;
@@ -921,12 +905,12 @@ impl Session {
                    // This may detect previously undetected moved
                    // messages, so we update server_folder too.
                    transaction.execute(
-                        "INSERT INTO imap (transport_id, rfc724_mid, folder, uid, uidvalidity, target)
-                         VALUES           (?,            ?,          ?,      ?,   ?,           ?)
-                         ON CONFLICT(transport_id, folder, uid, uidvalidity)
+                        "INSERT INTO imap (rfc724_mid, folder, uid, uidvalidity, target)
+                         VALUES           (?1,         ?2,     ?3,  ?4,          ?5)
+                         ON CONFLICT(folder, uid, uidvalidity)
                         DO UPDATE SET rfc724_mid=excluded.rfc724_mid,
                                       target=excluded.target",
-                        (transport_id, rfc724_mid, folder, uid, uid_validity, target),
+                        (rfc724_mid, folder, uid, uid_validity, target),
                    )?;
                }
                Ok(())
@@ -1248,12 +1232,11 @@ impl Session {
            return Ok(());
        }

-        let transport_id = self.transport_id();
        let mut updated_chat_ids = BTreeSet::new();
-        let uid_validity = get_uidvalidity(context, transport_id, folder)
+        let uid_validity = get_uidvalidity(context, folder)
            .await
            .with_context(|| format!("failed to get UID validity for folder {folder}"))?;
-        let mut highest_modseq = get_modseq(context, transport_id, folder)
+        let mut highest_modseq = get_modseq(context, folder)
            .await
            .with_context(|| format!("failed to get MODSEQ for folder {folder}"))?;
        let mut list = self
@@ -1304,7 +1287,7 @@ impl Session {
            self.new_mail = true;
        }

-        set_modseq(context, transport_id, folder, highest_modseq)
+        set_modseq(context, folder, highest_modseq)
            .await
            .with_context(|| format!("failed to set MODSEQ for folder {folder}"))?;
        if !updated_chat_ids.is_empty() {
@@ -2434,18 +2417,13 @@ pub(crate) async fn markseen_on_imap_table(context: &Context, message_id: &str)
 /// uid_next is the next unique identifier value from the last time we fetched a folder
 /// See <https://tools.ietf.org/html/rfc3501#section-2.3.1.1>
 /// This function is used to update our uid_next after fetching messages.
-pub(crate) async fn set_uid_next(
-    context: &Context,
-    transport_id: u32,
-    folder: &str,
-    uid_next: u32,
-) -> Result<()> {
+pub(crate) async fn set_uid_next(context: &Context, folder: &str, uid_next: u32) -> Result<()> {
    context
        .sql
        .execute(
-            "INSERT INTO imap_sync (transport_id, folder, uid_next) VALUES (?, ?,?)
-                ON CONFLICT(transport_id, folder) DO UPDATE SET uid_next=excluded.uid_next",
-            (transport_id, folder, uid_next),
+            "INSERT INTO imap_sync (folder, uid_next) VALUES (?,?)
+                ON CONFLICT(folder) DO UPDATE SET uid_next=excluded.uid_next",
+            (folder, uid_next),
        )
        .await?;
    Ok(())
@@ -2456,69 +2434,57 @@ pub(crate) async fn set_uid_next(
 /// This method returns the uid_next from the last time we fetched messages.
 /// We can compare this to the current uid_next to find out whether there are new messages
 /// and fetch from this value on to get all new messages.
-async fn get_uid_next(context: &Context, transport_id: u32, folder: &str) -> Result<u32> {
+async fn get_uid_next(context: &Context, folder: &str) -> Result<u32> {
    Ok(context
        .sql
-        .query_get_value(
-            "SELECT uid_next FROM imap_sync WHERE transport_id=? AND folder=?",
-            (transport_id, folder),
-        )
+        .query_get_value("SELECT uid_next FROM imap_sync WHERE folder=?;", (folder,))
        .await?
        .unwrap_or(0))
 }

 pub(crate) async fn set_uidvalidity(
    context: &Context,
-    transport_id: u32,
    folder: &str,
    uidvalidity: u32,
 ) -> Result<()> {
    context
        .sql
        .execute(
-            "INSERT INTO imap_sync (transport_id, folder, uidvalidity) VALUES (?,?,?)
-                ON CONFLICT(transport_id, folder) DO UPDATE SET uidvalidity=excluded.uidvalidity",
-            (transport_id, folder, uidvalidity),
+            "INSERT INTO imap_sync (folder, uidvalidity) VALUES (?,?)
+                ON CONFLICT(folder) DO UPDATE SET uidvalidity=excluded.uidvalidity",
+            (folder, uidvalidity),
        )
        .await?;
    Ok(())
 }

-async fn get_uidvalidity(context: &Context, transport_id: u32, folder: &str) -> Result<u32> {
+async fn get_uidvalidity(context: &Context, folder: &str) -> Result<u32> {
    Ok(context
        .sql
        .query_get_value(
-            "SELECT uidvalidity FROM imap_sync WHERE transport_id=? AND folder=?",
-            (transport_id, folder),
+            "SELECT uidvalidity FROM imap_sync WHERE folder=?;",
+            (folder,),
        )
        .await?
        .unwrap_or(0))
 }

-pub(crate) async fn set_modseq(
-    context: &Context,
-    transport_id: u32,
-    folder: &str,
-    modseq: u64,
-) -> Result<()> {
+pub(crate) async fn set_modseq(context: &Context, folder: &str, modseq: u64) -> Result<()> {
    context
        .sql
        .execute(
-            "INSERT INTO imap_sync (transport_id, folder, modseq) VALUES (?,?,?)
-                ON CONFLICT(transport_id, folder) DO UPDATE SET modseq=excluded.modseq",
-            (transport_id, folder, modseq),
+            "INSERT INTO imap_sync (folder, modseq) VALUES (?,?)
+                ON CONFLICT(folder) DO UPDATE SET modseq=excluded.modseq",
+            (folder, modseq),
        )
        .await?;
    Ok(())
 }

-async fn get_modseq(context: &Context, transport_id: u32, folder: &str) -> Result<u64> {
+async fn get_modseq(context: &Context, folder: &str) -> Result<u64> {
    Ok(context
        .sql
-        .query_get_value(
-            "SELECT modseq FROM imap_sync WHERE transport_id=? AND folder=?",
-            (transport_id, folder),
-        )
+        .query_get_value("SELECT modseq FROM imap_sync WHERE folder=?;", (folder,))
        .await?
        .unwrap_or(0))
 }
--- a/src/imap/client.rs
+++ b/src/imap/client.rs
@@ -207,7 +207,6 @@ impl Client {
        hostname: &str,
        strict_tls: bool,
    ) -> Result<Self> {
-        let use_sni = true;
        let tcp_stream = connect_tcp_inner(addr).await?;
        let account_id = context.get_id();
        let events = context.events.clone();
@@ -216,7 +215,6 @@ impl Client {
            strict_tls,
            hostname,
            addr.port(),
-            use_sni,
            alpn(addr.port()),
            logging_stream,
            &context.tls_session_store,
@@ -253,7 +251,6 @@ impl Client {
        host: &str,
        strict_tls: bool,
    ) -> Result<Self> {
-        let use_sni = false;
        let tcp_stream = connect_tcp_inner(addr).await?;

        let account_id = context.get_id();
@@ -278,7 +275,6 @@ impl Client {
            strict_tls,
            host,
            addr.port(),
-            use_sni,
            "",
            tcp_stream,
            &context.tls_session_store,
@@ -298,7 +294,6 @@ impl Client {
        strict_tls: bool,
        proxy_config: ProxyConfig,
    ) -> Result<Self> {
-        let use_sni = true;
        let proxy_stream = proxy_config
            .connect(context, domain, port, strict_tls)
            .await?;
@@ -306,7 +301,6 @@ impl Client {
            strict_tls,
            domain,
            port,
-            use_sni,
            alpn(port),
            proxy_stream,
            &context.tls_session_store,
@@ -346,7 +340,6 @@ impl Client {
        proxy_config: ProxyConfig,
        strict_tls: bool,
    ) -> Result<Self> {
-        let use_sni = false;
        let proxy_stream = proxy_config
            .connect(context, hostname, port, strict_tls)
            .await?;
@@ -369,7 +362,6 @@ impl Client {
            strict_tls,
            hostname,
            port,
-            use_sni,
            "",
            proxy_stream,
            &context.tls_session_store,
--- a/src/imap/imap_tests.rs
+++ b/src/imap/imap_tests.rs
@@ -11,23 +11,17 @@ fn test_get_folder_meaning_by_name() {
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_set_uid_next_validity() {
    let t = TestContext::new_alice().await;
-    assert_eq!(get_uid_next(&t.ctx, 1, "Inbox").await.unwrap(), 0);
-    assert_eq!(get_uidvalidity(&t.ctx, 1, "Inbox").await.unwrap(), 0);
+    assert_eq!(get_uid_next(&t.ctx, "Inbox").await.unwrap(), 0);
+    assert_eq!(get_uidvalidity(&t.ctx, "Inbox").await.unwrap(), 0);

-    set_uidvalidity(&t.ctx, 1, "Inbox", 7).await.unwrap();
-    assert_eq!(get_uidvalidity(&t.ctx, 1, "Inbox").await.unwrap(), 7);
-    assert_eq!(get_uid_next(&t.ctx, 1, "Inbox").await.unwrap(), 0);
+    set_uidvalidity(&t.ctx, "Inbox", 7).await.unwrap();
+    assert_eq!(get_uidvalidity(&t.ctx, "Inbox").await.unwrap(), 7);
+    assert_eq!(get_uid_next(&t.ctx, "Inbox").await.unwrap(), 0);

-    // For another transport there is still no UIDVALIDITY set.
-    assert_eq!(get_uidvalidity(&t.ctx, 2, "Inbox").await.unwrap(), 0);
-
-    set_uid_next(&t.ctx, 1, "Inbox", 5).await.unwrap();
-    set_uidvalidity(&t.ctx, 1, "Inbox", 6).await.unwrap();
-    assert_eq!(get_uid_next(&t.ctx, 1, "Inbox").await.unwrap(), 5);
-    assert_eq!(get_uidvalidity(&t.ctx, 1, "Inbox").await.unwrap(), 6);
-
-    assert_eq!(get_uid_next(&t.ctx, 2, "Inbox").await.unwrap(), 0);
-    assert_eq!(get_uidvalidity(&t.ctx, 2, "Inbox").await.unwrap(), 0);
+    set_uid_next(&t.ctx, "Inbox", 5).await.unwrap();
+    set_uidvalidity(&t.ctx, "Inbox", 6).await.unwrap();
+    assert_eq!(get_uid_next(&t.ctx, "Inbox").await.unwrap(), 5);
+    assert_eq!(get_uidvalidity(&t.ctx, "Inbox").await.unwrap(), 6);
 }

 #[test]
--- a/src/imap/select_folder.rs
+++ b/src/imap/select_folder.rs
@@ -5,7 +5,6 @@ use anyhow::Context as _;
 use super::session::Session as ImapSession;
 use super::{get_uid_next, get_uidvalidity, set_modseq, set_uid_next, set_uidvalidity};
 use crate::context::Context;
-use crate::ensure_and_debug_assert;
 use crate::log::warn;

 type Result<T> = std::result::Result<T, Error>;
@@ -130,7 +129,7 @@ impl ImapSession {
        context: &Context,
        folder: &str,
        create: bool,
-    ) -> anyhow::Result<bool> {
+    ) -> Result<bool> {
        let newly_selected = if create {
            self.select_or_create_folder(context, folder)
                .await
@@ -147,24 +146,15 @@ impl ImapSession {
                },
            }
        };
-        let transport_id = self.transport_id();
-
-        // Folders should not be selected when transport_id is not assigned yet
-        // because we cannot save UID validity then.
-        ensure_and_debug_assert!(
-            transport_id > 0,
-            "Cannot select folder when transport ID is unknown"
-        );
-
        let mailbox = self
            .selected_mailbox
            .as_mut()
            .with_context(|| format!("No mailbox selected, folder: {folder:?}"))?;

-        let old_uid_validity = get_uidvalidity(context, transport_id, folder)
+        let old_uid_validity = get_uidvalidity(context, folder)
            .await
            .with_context(|| format!("Failed to get old UID validity for folder {folder:?}"))?;
-        let old_uid_next = get_uid_next(context, transport_id, folder)
+        let old_uid_next = get_uid_next(context, folder)
            .await
            .with_context(|| format!("Failed to get old UID NEXT for folder {folder:?}"))?;

@@ -215,7 +205,7 @@ impl ImapSession {
                            context,
                            "The server illegally decreased the uid_next of folder {folder:?} from {old_uid_next} to {new_uid_next} without changing validity ({new_uid_validity}), resyncing UIDs...",
                        );
-                        set_uid_next(context, transport_id, folder, new_uid_next).await?;
+                        set_uid_next(context, folder, new_uid_next).await?;
                        self.resync_request_sender.try_send(()).ok();
                    }

@@ -234,21 +224,21 @@ impl ImapSession {
        }

        // UIDVALIDITY is modified, reset highest seen MODSEQ.
-        set_modseq(context, transport_id, folder, 0).await?;
+        set_modseq(context, folder, 0).await?;

        // ==============  uid_validity has changed or is being set the first time.  ==============

        let new_uid_next = new_uid_next.unwrap_or_default();
-        set_uid_next(context, transport_id, folder, new_uid_next).await?;
-        set_uidvalidity(context, transport_id, folder, new_uid_validity).await?;
+        set_uid_next(context, folder, new_uid_next).await?;
+        set_uidvalidity(context, folder, new_uid_validity).await?;
        self.new_mail = true;

        // Collect garbage entries in `imap` table.
        context
            .sql
            .execute(
-                "DELETE FROM imap WHERE transport_id=? AND folder=? AND uidvalidity!=?",
-                (transport_id, &folder, new_uid_validity),
+                "DELETE FROM imap WHERE folder=? AND uidvalidity!=?",
+                (&folder, new_uid_validity),
            )
            .await?;

@@ -257,7 +247,12 @@ impl ImapSession {
        }
        info!(
            context,
-            "transport {transport_id}: UID validity for folder {folder} changed from {old_uid_validity}/{old_uid_next} to {new_uid_validity}/{new_uid_next}.",
+            "uid/validity change folder {}: new {}/{} previous {}/{}.",
+            folder,
+            new_uid_next,
+            new_uid_validity,
+            old_uid_next,
+            old_uid_validity,
        );
        Ok(true)
    }
--- a/src/imap/session.rs
+++ b/src/imap/session.rs
@@ -30,8 +30,6 @@ const PREFETCH_FLAGS: &str = "(UID INTERNALDATE RFC822.SIZE BODY.PEEK[HEADER.FIE

 #[derive(Debug)]
 pub(crate) struct Session {
-    transport_id: u32,
-
    pub(super) inner: ImapSession<Box<dyn SessionStream>>,

    pub capabilities: Capabilities,
@@ -73,10 +71,8 @@ impl Session {
        inner: ImapSession<Box<dyn SessionStream>>,
        capabilities: Capabilities,
        resync_request_sender: async_channel::Sender<()>,
-        transport_id: u32,
    ) -> Self {
        Self {
-            transport_id,
            inner,
            capabilities,
            selected_folder: None,
@@ -88,11 +84,6 @@ impl Session {
        }
    }

-    /// Returns ID of the transport for which this session was created.
-    pub(crate) fn transport_id(&self) -> u32 {
-        self.transport_id
-    }
-
    pub fn can_idle(&self) -> bool {
        self.capabilities.can_idle
    }
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -89,7 +89,6 @@ pub mod securejoin;
 mod simplify;
 mod smtp;
 pub mod stock_str;
-pub mod storage_usage;
 mod sync;
 mod timesmearing;
 mod token;
--- a/src/location.rs
+++ b/src/location.rs
@@ -294,7 +294,7 @@ pub async fn send_locations_to_chat(
            .unwrap_or_default();
    } else if 0 == seconds && is_sending_locations_before {
        let stock_str = stock_str::msg_location_disabled(context).await;
-        chat::add_info_msg(context, chat_id, &stock_str).await?;
+        chat::add_info_msg(context, chat_id, &stock_str, now).await?;
    }
    context.emit_event(EventType::ChatModified(chat_id));
    chatlist_events::emit_chatlist_item_changed(context, chat_id);
@@ -849,7 +849,7 @@ async fn maybe_send_locations(context: &Context) -> Result<Option<u64>> {
                .context("failed to disable location streaming")?;

            let stock_str = stock_str::msg_location_disabled(context).await;
-            chat::add_info_msg(context, chat_id, &stock_str).await?;
+            chat::add_info_msg(context, chat_id, &stock_str, now).await?;
            context.emit_event(EventType::ChatModified(chat_id));
            chatlist_events::emit_chatlist_item_changed(context, chat_id);
        }
--- a/src/message.rs
+++ b/src/message.rs
@@ -1868,33 +1868,6 @@ pub async fn markseen_msgs(context: &Context, msg_ids: Vec<MsgId>) -> Result<()>
    Ok(())
 }

-/// Checks if the messages with given IDs exist.
-///
-/// Returns IDs of existing messages.
-pub async fn get_existing_msg_ids(context: &Context, ids: &[MsgId]) -> Result<Vec<MsgId>> {
-    let query_only = true;
-    let res = context
-        .sql
-        .transaction_ex(query_only, |transaction| {
-            let mut res: Vec<MsgId> = Vec::new();
-            for id in ids {
-                if transaction.query_one(
-                    "SELECT COUNT(*) > 0 FROM msgs WHERE id=? AND chat_id!=3",
-                    (id,),
-                    |row| {
-                        let exists: bool = row.get(0)?;
-                        Ok(exists)
-                    },
-                )? {
-                    res.push(*id);
-                }
-            }
-            Ok(res)
-        })
-        .await?;
-    Ok(res)
-}
-
 pub(crate) async fn update_msg_state(
    context: &Context,
    msg_id: MsgId,
--- a/src/message/message_tests.rs
+++ b/src/message/message_tests.rs
@@ -764,27 +764,3 @@ async fn test_load_unknown_viewtype() -> Result<()> {
    assert_eq!(bob_msg.get_viewtype(), Viewtype::Unknown);
    Ok(())
 }
-
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_get_existing_msg_ids() -> Result<()> {
-    let mut tcm = TestContextManager::new();
-    let alice = &tcm.alice().await;
-    let bob = &tcm.bob().await;
-
-    let msg1_id = tcm.send_recv(alice, bob, "Hello 1!").await.id;
-    let msg2_id = tcm.send_recv(alice, bob, "Hello 2!").await.id;
-    let msg3_id = tcm.send_recv(alice, bob, "Hello 3!").await.id;
-    let msg4_id = tcm.send_recv(alice, bob, "Hello 4!").await.id;
-
-    assert_eq!(
-        get_existing_msg_ids(bob, &[msg1_id, msg2_id, msg3_id, msg4_id]).await?,
-        vec![msg1_id, msg2_id, msg3_id, msg4_id]
-    );
-    delete_msgs(bob, &[msg1_id, msg3_id]).await?;
-    assert_eq!(
-        get_existing_msg_ids(bob, &[msg1_id, msg2_id, msg3_id, msg4_id]).await?,
-        vec![msg2_id, msg4_id]
-    );
-
-    Ok(())
-}
--- a/src/mimefactory.rs
+++ b/src/mimefactory.rs
@@ -9,7 +9,7 @@ use data_encoding::BASE32_NOPAD;
 use deltachat_contact_tools::sanitize_bidi_characters;
 use iroh_gossip::proto::TopicId;
 use mail_builder::headers::HeaderType;
-use mail_builder::headers::address::Address;
+use mail_builder::headers::address::{Address, EmailAddress};
 use mail_builder::mime::MimePart;
 use tokio::fs;

@@ -32,7 +32,6 @@ use crate::message::{Message, MsgId, Viewtype};
 use crate::mimeparser::{SystemMessage, is_hidden};
 use crate::param::Param;
 use crate::peer_channels::{create_iroh_header, get_iroh_topic_for_msg};
-use crate::pgp::SeipdVersion;
 use crate::simplify::escape_message_footer_marks;
 use crate::stock_str;
 use crate::tools::{
@@ -465,11 +464,7 @@ impl MimeFactory {
                .unwrap_or_default(),
            false => "".to_string(),
        };
-        // We don't display avatars for address-contacts, so sending avatars w/o encryption is not
-        // useful and causes e.g. Outlook to reject a message with a big header, see
-        // https://support.delta.chat/t/invalid-mime-content-single-text-value-size-32822-exceeded-allowed-maximum-32768-for-the-chat-user-avatar-header/4067.
-        let attach_selfavatar =
-            Self::should_attach_selfavatar(context, &msg).await && encryption_pubkeys.is_some();
+        let attach_selfavatar = Self::should_attach_selfavatar(context, &msg).await;

        ensure_and_debug_assert!(
            member_timestamps.is_empty()
@@ -998,7 +993,24 @@ impl MimeFactory {
            } else if header_name == "to" {
                protected_headers.push(header.clone());
                if is_encrypted {
-                    unprotected_headers.push(("To", hidden_recipients().into()));
+                    let mut to_without_names = to
+                        .clone()
+                        .into_iter()
+                        .filter_map(|header| match header {
+                            Address::Address(mb) => Some(Address::Address(EmailAddress {
+                                name: None,
+                                email: mb.email,
+                            })),
+                            _ => None,
+                        })
+                        .collect::<Vec<_>>();
+                    if to_without_names.is_empty() {
+                        to_without_names.push(hidden_recipients());
+                    }
+                    unprotected_headers.push((
+                        original_header_name,
+                        Address::new_list(to_without_names).into(),
+                    ));
                } else {
                    unprotected_headers.push(header.clone());
                }
@@ -1024,15 +1036,7 @@ impl MimeFactory {
                //
                // and the explanation page says
                // "The time information deviates too much from the actual time".
-                //
-                // We also limit the range to 6 days (518400 seconds)
-                // because with a larger range we got
-                // error "500 Date header far in the past/future"
-                // which apparently originates from Symantec Messaging Gateway
-                // and means the message has a Date that is more
-                // than 7 days in the past:
-                // <https://github.com/chatmail/core/issues/7466>
-                let timestamp_offset = rand::random_range(0..518400);
+                let timestamp_offset = rand::random_range(0..1000000);
                let protected_timestamp = self.timestamp.saturating_sub(timestamp_offset);
                let unprotected_date =
                    chrono::DateTime::<chrono::Utc>::from_timestamp(protected_timestamp, 0)
@@ -1227,7 +1231,7 @@ impl MimeFactory {
                        // created before we had symmetric encryption,
                        // we show an error message.
                        let text = BROADCAST_INCOMPATIBILITY_MSG;
-                        chat::add_info_msg(context, chat.id, text).await?;
+                        chat::add_info_msg(context, chat.id, text, time()).await?;
                        bail!(text);
                    }
                    secret
@@ -1259,17 +1263,6 @@ impl MimeFactory {
            } else {
                // Asymmetric encryption

-                let seipd_version = if encryption_pubkeys.is_empty() {
-                    // If message is sent only to self,
-                    // use v2 SEIPD.
-                    SeipdVersion::V2
-                } else {
-                    // If message is sent to others,
-                    // they may not support v2 SEIPD yet,
-                    // so use v1 SEIPD.
-                    SeipdVersion::V1
-                };
-
                // Encrypt to self unconditionally,
                // even for a single-device setup.
                let mut encryption_keyring = vec![encrypt_helper.public_key.clone()];
@@ -1283,7 +1276,6 @@ impl MimeFactory {
                        message,
                        compress,
                        anonymous_recipients,
-                        seipd_version,
                    )
                    .await?
            };
@@ -1538,9 +1530,10 @@ impl MimeFactory {
                            .await?
                            .unwrap_or_default()
                    {
-                        placeholdertext = Some("I left the group.".to_string());
+                        placeholdertext = Some(stock_str::msg_group_left_remote(context).await);
                    } else {
-                        placeholdertext = Some(format!("I removed member {email_to_remove}."));
+                        placeholdertext =
+                            Some(stock_str::msg_del_member_remote(context, email_to_remove).await);
                    };

                    if !email_to_remove.is_empty() {
@@ -1563,7 +1556,8 @@ impl MimeFactory {
                    let email_to_add = msg.param.get(Param::Arg).unwrap_or_default();
                    let fingerprint_to_add = msg.param.get(Param::Arg4).unwrap_or_default();

-                    placeholdertext = Some(format!("I added member {email_to_add}."));
+                    placeholdertext =
+                        Some(stock_str::msg_add_member_remote(context, email_to_add).await);

                    if !email_to_add.is_empty() {
                        headers.push((
@@ -1599,7 +1593,7 @@ impl MimeFactory {
                        "Chat-Content",
                        mail_builder::headers::text::Text::new("group-avatar-changed").into(),
                    ));
-                    if grpimage.is_none() && is_encrypted {
+                    if grpimage.is_none() {
                        headers.push((
                            "Chat-Group-Avatar",
                            mail_builder::headers::raw::Raw::new("0").into(),
@@ -1726,9 +1720,7 @@ impl MimeFactory {
            _ => {}
        }

-        if let Some(grpimage) = grpimage
-            && is_encrypted
-        {
+        if let Some(grpimage) = grpimage {
            info!(context, "setting group image '{}'", grpimage);
            let avatar = build_avatar_file(context, grpimage)
                .await
--- a/src/mimefactory/mimefactory_tests.rs
+++ b/src/mimefactory/mimefactory_tests.rs
@@ -6,8 +6,7 @@ use std::time::Duration;

 use super::*;
 use crate::chat::{
-    self, ChatId, add_contact_to_chat, create_group, create_group_unencrypted,
-    remove_contact_from_chat, send_text_msg,
+    self, ChatId, add_contact_to_chat, create_group, remove_contact_from_chat, send_text_msg,
 };
 use crate::chatlist::Chatlist;
 use crate::constants;
@@ -352,7 +351,7 @@ async fn test_subject_in_group() -> Result<()> {
    let mut tcm = TestContextManager::new();
    let t = tcm.alice().await;
    let bob = tcm.bob().await;
-    let group_id = create_group(&t, "groupname").await.unwrap();
+    let group_id = chat::create_group(&t, "groupname").await.unwrap();
    let bob_contact_id = t.add_or_lookup_contact_id(&bob).await;
    chat::add_contact_to_chat(&t, group_id, bob_contact_id).await?;

@@ -593,6 +592,26 @@ async fn test_selfavatar_unencrypted() -> anyhow::Result<()> {
    assert_eq!(outer.match_indices("Autocrypt:").count(), 1);
    assert_eq!(outer.match_indices("Chat-User-Avatar:").count(), 0);

+    assert_eq!(inner.match_indices("text/plain").count(), 1);
+    assert_eq!(inner.match_indices("Message-ID:").count(), 1);
+    assert_eq!(inner.match_indices("Chat-User-Avatar:").count(), 1);
+    assert_eq!(inner.match_indices("Subject:").count(), 0);
+
+    assert_eq!(body.match_indices("this is the text!").count(), 1);
+
+    // if another message is sent, that one must not contain the avatar
+    let sent_msg = t.send_msg(chat.id, &mut msg).await;
+    let mut payload = sent_msg.payload().splitn(3, "\r\n\r\n");
+    let outer = payload.next().unwrap();
+    let inner = payload.next().unwrap();
+    let body = payload.next().unwrap();
+
+    assert_eq!(outer.match_indices("multipart/mixed").count(), 1);
+    assert_eq!(outer.match_indices("Message-ID:").count(), 1);
+    assert_eq!(outer.match_indices("Subject:").count(), 1);
+    assert_eq!(outer.match_indices("Autocrypt:").count(), 1);
+    assert_eq!(outer.match_indices("Chat-User-Avatar:").count(), 0);
+
    assert_eq!(inner.match_indices("text/plain").count(), 1);
    assert_eq!(inner.match_indices("Message-ID:").count(), 1);
    assert_eq!(inner.match_indices("Chat-User-Avatar:").count(), 0);
@@ -651,7 +670,7 @@ async fn test_selfavatar_unencrypted_signed() {
    assert_eq!(part.match_indices("text/plain").count(), 1);
    assert_eq!(part.match_indices("From:").count(), 0);
    assert_eq!(part.match_indices("Message-ID:").count(), 1);
-    assert_eq!(part.match_indices("Chat-User-Avatar:").count(), 0);
+    assert_eq!(part.match_indices("Chat-User-Avatar:").count(), 1);
    assert_eq!(part.match_indices("Subject:").count(), 0);

    let body = payload.next().unwrap();
@@ -665,6 +684,58 @@ async fn test_selfavatar_unencrypted_signed() {
        .unwrap();
    let alice_contact = Contact::get_by_id(&bob.ctx, alice_id).await.unwrap();
    assert_eq!(alice_contact.is_key_contact(), false);
+    assert!(
+        alice_contact
+            .get_profile_image(&bob.ctx)
+            .await
+            .unwrap()
+            .is_some()
+    );
+
+    // if another message is sent, that one must not contain the avatar
+    let mut msg = Message::new_text("this is the text!".to_string());
+    let sent_msg = t.send_msg(chat.id, &mut msg).await;
+    let mut payload = sent_msg.payload().splitn(4, "\r\n\r\n");
+
+    let part = payload.next().unwrap();
+    assert_eq!(part.match_indices("multipart/signed").count(), 1);
+    assert_eq!(part.match_indices("From:").count(), 1);
+    assert_eq!(part.match_indices("Message-ID:").count(), 1);
+    assert_eq!(part.match_indices("Subject:").count(), 1);
+    assert_eq!(part.match_indices("Autocrypt:").count(), 1);
+    assert_eq!(part.match_indices("Chat-User-Avatar:").count(), 0);
+
+    let part = payload.next().unwrap();
+    assert_eq!(
+        part.match_indices("multipart/mixed; protected-headers=\"v1\"")
+            .count(),
+        1
+    );
+    assert_eq!(part.match_indices("From:").count(), 1);
+    assert_eq!(part.match_indices("Message-ID:").count(), 0);
+    assert_eq!(part.match_indices("Subject:").count(), 1);
+    assert_eq!(part.match_indices("Autocrypt:").count(), 1);
+    assert_eq!(part.match_indices("Chat-User-Avatar:").count(), 0);
+
+    let part = payload.next().unwrap();
+    assert_eq!(part.match_indices("text/plain").count(), 1);
+    assert_eq!(body.match_indices("From:").count(), 0);
+    assert_eq!(part.match_indices("Message-ID:").count(), 1);
+    assert_eq!(part.match_indices("Chat-User-Avatar:").count(), 0);
+    assert_eq!(part.match_indices("Subject:").count(), 0);
+
+    let body = payload.next().unwrap();
+    assert_eq!(body.match_indices("this is the text!").count(), 1);
+
+    bob.recv_msg(&sent_msg).await;
+    let alice_contact = Contact::get_by_id(&bob.ctx, alice_id).await.unwrap();
+    assert!(
+        alice_contact
+            .get_profile_image(&bob.ctx)
+            .await
+            .unwrap()
+            .is_some()
+    );
 }

 /// Test that removed member address does not go into the `To:` field.
@@ -672,20 +743,17 @@ async fn test_selfavatar_unencrypted_signed() {
 async fn test_remove_member_bcc() -> Result<()> {
    let mut tcm = TestContextManager::new();

-    // Alice creates a group with Bob and Charlie and then removes Charlie.
-
+    // Alice creates a group with Bob and Claire and then removes Bob.
    let alice = &tcm.alice().await;
    let bob = &tcm.bob().await;
    let charlie = &tcm.charlie().await;

-    let alice_addr = alice.get_config(Config::Addr).await?.unwrap();
-    let bob_addr = bob.get_config(Config::Addr).await?.unwrap();
-    let charlie_addr = charlie.get_config(Config::Addr).await?.unwrap();
+    let bob_id = alice.add_or_lookup_contact_id(bob).await;
+    let charlie_id = alice.add_or_lookup_contact_id(charlie).await;
+    let charlie_contact = Contact::get_by_id(alice, charlie_id).await?;
+    let charlie_addr = charlie_contact.get_addr();

-    let bob_id = alice.add_or_lookup_address_contact_id(bob).await;
-    let charlie_id = alice.add_or_lookup_address_contact_id(charlie).await;
-
-    let alice_chat_id = create_group_unencrypted(alice, "foo").await?;
+    let alice_chat_id = create_group(alice, "foo").await?;
    add_contact_to_chat(alice, alice_chat_id, bob_id).await?;
    add_contact_to_chat(alice, alice_chat_id, charlie_id).await?;
    send_text_msg(alice, alice_chat_id, "Creating a group".to_string()).await?;
@@ -702,9 +770,8 @@ async fn test_remove_member_bcc() -> Result<()> {
    for to_addr in to.iter() {
        match to_addr {
            mailparse::MailAddr::Single(info) => {
-                // Addresses should be of existing members and not Charlie.
+                // Addresses should be of existing members (Alice and Bob) and not Charlie.
                assert_ne!(info.addr, charlie_addr);
-                assert!(info.addr == alice_addr || info.addr == bob_addr);
            }
            mailparse::MailAddr::Group(_) => {
                panic!("Group addresses are not expected here");
--- a/src/mimeparser.rs
+++ b/src/mimeparser.rs
@@ -273,11 +273,12 @@ impl MimeMessage {
            &mut chat_disposition_notification_to,
            &mail,
        );
-        headers_removed.extend(
-            headers
-                .extract_if(|k, _v| is_hidden(k))
-                .map(|(k, _v)| k.to_string()),
-        );
+        headers.retain(|k, _| {
+            !is_hidden(k) || {
+                headers_removed.insert(k.to_string());
+                false
+            }
+        });

        // Parse hidden headers.
        let mimetype = mail.ctype.mimetype.parse::<Mime>()?;
@@ -679,9 +680,8 @@ impl MimeMessage {
    fn parse_system_message_headers(&mut self, context: &Context) {
        if self.get_header(HeaderDef::AutocryptSetupMessage).is_some() && !self.incoming {
            self.parts.retain(|part| {
-                part.mimetype
-                    .as_ref()
-                    .is_none_or(|mimetype| mimetype.as_ref() == MIME_AC_SETUP_FILE)
+                part.mimetype.is_none()
+                    || part.mimetype.as_ref().unwrap().as_ref() == MIME_AC_SETUP_FILE
            });

            if self.parts.len() == 1 {
@@ -1680,11 +1680,12 @@ impl MimeMessage {
        // See <https://www.rfc-editor.org/rfc/rfc9788.html>.
        let has_header_protection = part.ctype.params.contains_key("hp");

-        headers_removed.extend(
-            headers
-                .extract_if(|k, _v| has_header_protection || is_protected(k))
-                .map(|(k, _v)| k.to_string()),
-        );
+        headers.retain(|k, _| {
+            !(has_header_protection || is_protected(k)) || {
+                headers_removed.insert(k.to_string());
+                false
+            }
+        });
        for field in fields {
            // lowercasing all headers is technically not correct, but makes things work better
            let key = field.get_key().to_lowercase();
--- a/src/net.rs
+++ b/src/net.rs
@@ -131,13 +131,11 @@ pub(crate) async fn connect_tls_inner(
    alpn: &str,
    tls_session_store: &TlsSessionStore,
 ) -> Result<impl SessionStream + 'static> {
-    let use_sni = true;
    let tcp_stream = connect_tcp_inner(addr).await?;
    let tls_stream = wrap_tls(
        strict_tls,
        host,
        addr.port(),
-        use_sni,
        alpn,
        tcp_stream,
        tls_session_store,
--- a/src/net/dns.rs
+++ b/src/net/dns.rs
@@ -229,6 +229,64 @@ pub(crate) async fn update_connect_timestamp(
 /// Preloaded DNS results that can be used in case of DNS server failures.
 static DNS_PRELOAD: LazyLock<HashMap<&'static str, Vec<IpAddr>>> = LazyLock::new(|| {
    HashMap::from([
+        (
+            "mail.sangham.net",
+            vec![
+                IpAddr::V4(Ipv4Addr::new(159, 69, 186, 85)),
+                IpAddr::V6(Ipv6Addr::new(0x2a01, 0x4f8, 0xc17, 0x798c, 0, 0, 0, 1)),
+            ],
+        ),
+        (
+            "nine.testrun.org",
+            vec![
+                IpAddr::V4(Ipv4Addr::new(116, 202, 233, 236)),
+                IpAddr::V4(Ipv4Addr::new(128, 140, 126, 197)),
+                IpAddr::V4(Ipv4Addr::new(49, 12, 116, 128)),
+                IpAddr::V6(Ipv6Addr::new(0x2a01, 0x4f8, 0x241, 0x4ce8, 0, 0, 0, 2)),
+            ],
+        ),
+        (
+            "disroot.org",
+            vec![IpAddr::V4(Ipv4Addr::new(178, 21, 23, 139))],
+        ),
+        (
+            "imap.gmail.com",
+            vec![
+                IpAddr::V4(Ipv4Addr::new(142, 250, 110, 108)),
+                IpAddr::V4(Ipv4Addr::new(142, 250, 110, 109)),
+                IpAddr::V4(Ipv4Addr::new(66, 102, 1, 108)),
+                IpAddr::V4(Ipv4Addr::new(66, 102, 1, 109)),
+                IpAddr::V6(Ipv6Addr::new(0x2a00, 0x1450, 0x400c, 0xc1f, 0, 0, 0, 0x6c)),
+                IpAddr::V6(Ipv6Addr::new(0x2a00, 0x1450, 0x400c, 0xc1f, 0, 0, 0, 0x6d)),
+            ],
+        ),
+        (
+            "smtp.gmail.com",
+            vec![
+                IpAddr::V4(Ipv4Addr::new(142, 250, 110, 109)),
+                IpAddr::V6(Ipv6Addr::new(0x2a00, 0x1450, 0x4013, 0xc04, 0, 0, 0, 0x6c)),
+            ],
+        ),
+        (
+            "mail.autistici.org",
+            vec![
+                IpAddr::V4(Ipv4Addr::new(198, 167, 222, 108)),
+                IpAddr::V4(Ipv4Addr::new(82, 94, 249, 234)),
+                IpAddr::V4(Ipv4Addr::new(93, 190, 126, 19)),
+            ],
+        ),
+        (
+            "smtp.autistici.org",
+            vec![
+                IpAddr::V4(Ipv4Addr::new(198, 167, 222, 108)),
+                IpAddr::V4(Ipv4Addr::new(82, 94, 249, 234)),
+                IpAddr::V4(Ipv4Addr::new(93, 190, 126, 19)),
+            ],
+        ),
+        (
+            "daleth.cafe",
+            vec![IpAddr::V4(Ipv4Addr::new(37, 27, 6, 204))],
+        ),
        (
            "imap.163.com",
            vec![IpAddr::V4(Ipv4Addr::new(111, 124, 203, 45))],
@@ -237,21 +295,6 @@ static DNS_PRELOAD: LazyLock<HashMap<&'static str, Vec<IpAddr>>> = LazyLock::new
            "smtp.163.com",
            vec![IpAddr::V4(Ipv4Addr::new(103, 129, 252, 45))],
        ),
-        (
-            "newyear.aktivix.org",
-            vec![IpAddr::V4(Ipv4Addr::new(209, 51, 180, 245))],
-        ),
-        (
-            "smtp.aliyun.com",
-            vec![IpAddr::V4(Ipv4Addr::new(47, 246, 136, 232))],
-        ),
-        (
-            "imap.aliyun.com",
-            vec![
-                IpAddr::V4(Ipv4Addr::new(59, 82, 43, 123)),
-                IpAddr::V4(Ipv4Addr::new(59, 82, 9, 176)),
-            ],
-        ),
        (
            "imap.aol.com",
            vec![
@@ -259,67 +302,17 @@ static DNS_PRELOAD: LazyLock<HashMap<&'static str, Vec<IpAddr>>> = LazyLock::new
                IpAddr::V4(Ipv4Addr::new(87, 248, 98, 69)),
            ],
        ),
-        (
-            "imap.arcor.de",
-            vec![
-                IpAddr::V4(Ipv4Addr::new(178, 15, 69, 210)),
-                IpAddr::V4(Ipv4Addr::new(151, 189, 176, 206)),
-            ],
-        ),
        (
            "smtp.aol.com",
            vec![IpAddr::V4(Ipv4Addr::new(87, 248, 97, 31))],
        ),
        (
            "mail.arcor.de",
-            vec![
-                IpAddr::V4(Ipv4Addr::new(151, 189, 176, 206)),
-                IpAddr::V4(Ipv4Addr::new(178, 15, 69, 206)),
-            ],
+            vec![IpAddr::V4(Ipv4Addr::new(2, 207, 150, 234))],
        ),
        (
-            "mail.autistici.org",
-            vec![
-                IpAddr::V4(Ipv4Addr::new(93, 190, 126, 19)),
-                IpAddr::V4(Ipv4Addr::new(185, 218, 207, 228)),
-                IpAddr::V4(Ipv4Addr::new(198, 167, 222, 108)),
-            ],
-        ),
-        (
-            "smtp.autistici.org",
-            vec![
-                IpAddr::V4(Ipv4Addr::new(82, 94, 249, 234)),
-                IpAddr::V4(Ipv4Addr::new(93, 190, 126, 19)),
-                IpAddr::V4(Ipv4Addr::new(198, 167, 222, 108)),
-            ],
-        ),
-        (
-            "imaps.bluewin.ch",
-            vec![
-                IpAddr::V4(Ipv4Addr::new(16, 62, 253, 42)),
-                IpAddr::V4(Ipv4Addr::new(16, 63, 141, 244)),
-                IpAddr::V4(Ipv4Addr::new(16, 63, 146, 183)),
-            ],
-        ),
-        (
-            "smtpauths.bluewin.ch",
-            vec![
-                IpAddr::V4(Ipv4Addr::new(16, 62, 176, 232)),
-                IpAddr::V4(Ipv4Addr::new(16, 62, 15, 25)),
-                IpAddr::V4(Ipv4Addr::new(16, 63, 183, 216)),
-            ],
-        ),
-        (
-            "mail.buzon.uy",
-            vec![IpAddr::V4(Ipv4Addr::new(200, 40, 115, 74))],
-        ),
-        (
-            "daleth.cafe",
-            vec![IpAddr::V4(Ipv4Addr::new(37, 27, 6, 204))],
-        ),
-        (
-            "disroot.org",
-            vec![IpAddr::V4(Ipv4Addr::new(178, 21, 23, 139))],
+            "imap.arcor.de",
+            vec![IpAddr::V4(Ipv4Addr::new(2, 207, 150, 230))],
        ),
        (
            "imap.fastmail.com",
@@ -335,39 +328,6 @@ static DNS_PRELOAD: LazyLock<HashMap<&'static str, Vec<IpAddr>>> = LazyLock::new
                IpAddr::V4(Ipv4Addr::new(103, 168, 172, 60)),
            ],
        ),
-        (
-            "imap.gmail.com",
-            vec![
-                IpAddr::V4(Ipv4Addr::new(142, 250, 110, 108)),
-                IpAddr::V4(Ipv4Addr::new(142, 250, 110, 109)),
-                IpAddr::V4(Ipv4Addr::new(66, 102, 1, 108)),
-                IpAddr::V4(Ipv4Addr::new(66, 102, 1, 109)),
-                IpAddr::V6(Ipv6Addr::new(0x2a00, 0x1450, 0x400c, 0xc1f, 0, 0, 0, 0x6c)),
-                IpAddr::V6(Ipv6Addr::new(0x2a00, 0x1450, 0x400c, 0xc1f, 0, 0, 0, 0x6d)),
-            ],
-        ),
-        (
-            "mail.ecloud.global",
-            vec![IpAddr::V4(Ipv4Addr::new(95, 217, 246, 96))],
-        ),
-        (
-            "mail.ende.in.net",
-            vec![IpAddr::V4(Ipv4Addr::new(95, 217, 5, 72))],
-        ),
-        (
-            "smtp.gmail.com",
-            vec![
-                IpAddr::V4(Ipv4Addr::new(142, 250, 110, 109)),
-                IpAddr::V6(Ipv6Addr::new(0x2a00, 0x1450, 0x4013, 0xc04, 0, 0, 0, 0x6c)),
-            ],
-        ),
-        (
-            "mail.gmx.net",
-            vec![
-                IpAddr::V4(Ipv4Addr::new(212, 227, 17, 190)),
-                IpAddr::V4(Ipv4Addr::new(212, 227, 17, 168)),
-            ],
-        ),
        (
            "imap.gmx.net",
            vec![
@@ -375,13 +335,6 @@ static DNS_PRELOAD: LazyLock<HashMap<&'static str, Vec<IpAddr>>> = LazyLock::new
                IpAddr::V4(Ipv4Addr::new(212, 227, 17, 186)),
            ],
        ),
-        (
-            "mail.sangham.net",
-            vec![
-                IpAddr::V4(Ipv4Addr::new(159, 69, 186, 85)),
-                IpAddr::V6(Ipv6Addr::new(0x2a01, 0x4f8, 0xc17, 0x798c, 0, 0, 0, 1)),
-            ],
-        ),
        (
            "imap.mail.de",
            vec![IpAddr::V4(Ipv4Addr::new(62, 201, 172, 16))],
@@ -396,7 +349,7 @@ static DNS_PRELOAD: LazyLock<HashMap<&'static str, Vec<IpAddr>>> = LazyLock::new
        ),
        (
            "imap.naver.com",
-            vec![IpAddr::V4(Ipv4Addr::new(125, 209, 233, 34))],
+            vec![IpAddr::V4(Ipv4Addr::new(125, 209, 238, 153))],
        ),
        (
            "imap.ouvaton.coop",
@@ -406,57 +359,6 @@ static DNS_PRELOAD: LazyLock<HashMap<&'static str, Vec<IpAddr>>> = LazyLock::new
            "imap.purelymail.com",
            vec![IpAddr::V4(Ipv4Addr::new(18, 204, 123, 63))],
        ),
-        (
-            "mail.systemausfall.org",
-            vec![
-                IpAddr::V4(Ipv4Addr::new(51, 75, 71, 249)),
-                IpAddr::V4(Ipv4Addr::new(80, 153, 252, 42)),
-            ],
-        ),
-        (
-            "mail.systemli.org",
-            vec![IpAddr::V4(Ipv4Addr::new(93, 190, 126, 36))],
-        ),
-        ("testrun.org", vec![IpAddr::V4(Ipv4Addr::new(5, 1, 76, 52))]),
-        (
-            "nine.testrun.org",
-            vec![
-                IpAddr::V4(Ipv4Addr::new(128, 140, 126, 197)),
-                IpAddr::V4(Ipv4Addr::new(116, 202, 233, 236)),
-                IpAddr::V4(Ipv4Addr::new(216, 144, 228, 100)),
-                IpAddr::V6(Ipv6Addr::new(0x2a01, 0x4f8, 0x241, 0x4ce8, 0, 0, 0, 2)),
-                IpAddr::V6(Ipv6Addr::new(
-                    0x2001, 0x41d0, 0x701, 0x1100, 0, 0, 0, 0x8ab1,
-                )),
-            ],
-        ),
-        (
-            "secureimap.t-online.de",
-            vec![
-                IpAddr::V4(Ipv4Addr::new(194, 25, 134, 114)),
-                IpAddr::V4(Ipv4Addr::new(194, 25, 134, 115)),
-                IpAddr::V4(Ipv4Addr::new(194, 25, 134, 50)),
-                IpAddr::V4(Ipv4Addr::new(194, 25, 134, 51)),
-            ],
-        ),
-        (
-            "securesmtp.t-online.de",
-            vec![
-                IpAddr::V4(Ipv4Addr::new(194, 25, 134, 46)),
-                IpAddr::V4(Ipv4Addr::new(194, 25, 134, 110)),
-            ],
-        ),
-        (
-            "mail.riseup.net",
-            vec![
-                IpAddr::V4(Ipv4Addr::new(198, 252, 153, 171)),
-                IpAddr::V4(Ipv4Addr::new(198, 252, 153, 170)),
-            ],
-        ),
-        (
-            "pimap.schulon.org",
-            vec![IpAddr::V4(Ipv4Addr::new(194, 77, 246, 20))],
-        ),
        (
            "imap.tiscali.it",
            vec![IpAddr::V4(Ipv4Addr::new(213, 205, 33, 10))],
@@ -465,14 +367,6 @@ static DNS_PRELOAD: LazyLock<HashMap<&'static str, Vec<IpAddr>>> = LazyLock::new
            "smtp.tiscali.it",
            vec![IpAddr::V4(Ipv4Addr::new(213, 205, 33, 13))],
        ),
-        (
-            "imap.ukr.net",
-            vec![IpAddr::V4(Ipv4Addr::new(212, 42, 75, 240))],
-        ),
-        (
-            "smtp.ukr.net",
-            vec![IpAddr::V4(Ipv4Addr::new(212, 42, 75, 250))],
-        ),
        (
            "imap.web.de",
            vec![
@@ -486,9 +380,33 @@ static DNS_PRELOAD: LazyLock<HashMap<&'static str, Vec<IpAddr>>> = LazyLock::new
        ),
        (
            "imap.zoho.eu",
+            vec![IpAddr::V4(Ipv4Addr::new(185, 230, 214, 25))],
+        ),
+        (
+            "imaps.bluewin.ch",
            vec![
-                IpAddr::V4(Ipv4Addr::new(185, 230, 214, 25)),
-                IpAddr::V4(Ipv4Addr::new(185, 230, 214, 206)),
+                IpAddr::V4(Ipv4Addr::new(16, 62, 253, 42)),
+                IpAddr::V4(Ipv4Addr::new(16, 63, 141, 244)),
+                IpAddr::V4(Ipv4Addr::new(16, 63, 146, 183)),
+            ],
+        ),
+        (
+            "mail.buzon.uy",
+            vec![IpAddr::V4(Ipv4Addr::new(185, 101, 93, 79))],
+        ),
+        (
+            "mail.ecloud.global",
+            vec![IpAddr::V4(Ipv4Addr::new(95, 217, 246, 96))],
+        ),
+        (
+            "mail.ende.in.net",
+            vec![IpAddr::V4(Ipv4Addr::new(95, 217, 5, 72))],
+        ),
+        (
+            "mail.gmx.net",
+            vec![
+                IpAddr::V4(Ipv4Addr::new(212, 227, 17, 168)),
+                IpAddr::V4(Ipv4Addr::new(212, 227, 17, 190)),
            ],
        ),
        (
@@ -506,6 +424,24 @@ static DNS_PRELOAD: LazyLock<HashMap<&'static str, Vec<IpAddr>>> = LazyLock::new
            "mail.nubo.coop",
            vec![IpAddr::V4(Ipv4Addr::new(79, 99, 201, 10))],
        ),
+        (
+            "mail.riseup.net",
+            vec![
+                IpAddr::V4(Ipv4Addr::new(198, 252, 153, 70)),
+                IpAddr::V4(Ipv4Addr::new(198, 252, 153, 71)),
+            ],
+        ),
+        (
+            "mail.systemausfall.org",
+            vec![
+                IpAddr::V4(Ipv4Addr::new(51, 75, 71, 249)),
+                IpAddr::V4(Ipv4Addr::new(80, 153, 252, 42)),
+            ],
+        ),
+        (
+            "mail.systemli.org",
+            vec![IpAddr::V4(Ipv4Addr::new(93, 190, 126, 36))],
+        ),
        (
            "mehl.cloud",
            vec![IpAddr::V4(Ipv4Addr::new(95, 217, 223, 172))],
@@ -513,14 +449,20 @@ static DNS_PRELOAD: LazyLock<HashMap<&'static str, Vec<IpAddr>>> = LazyLock::new
        (
            "mx.freenet.de",
            vec![
-                IpAddr::V4(Ipv4Addr::new(194, 97, 208, 36)),
-                IpAddr::V4(Ipv4Addr::new(194, 97, 208, 34)),
-                IpAddr::V4(Ipv4Addr::new(194, 97, 208, 35)),
-                IpAddr::V4(Ipv4Addr::new(194, 97, 208, 39)),
-                IpAddr::V4(Ipv4Addr::new(194, 97, 208, 37)),
-                IpAddr::V4(Ipv4Addr::new(194, 97, 208, 38)),
+                IpAddr::V4(Ipv4Addr::new(195, 4, 92, 210)),
+                IpAddr::V4(Ipv4Addr::new(195, 4, 92, 211)),
+                IpAddr::V4(Ipv4Addr::new(195, 4, 92, 212)),
+                IpAddr::V4(Ipv4Addr::new(195, 4, 92, 213)),
            ],
        ),
+        (
+            "newyear.aktivix.org",
+            vec![IpAddr::V4(Ipv4Addr::new(162, 247, 75, 192))],
+        ),
+        (
+            "pimap.schulon.org",
+            vec![IpAddr::V4(Ipv4Addr::new(194, 77, 246, 20))],
+        ),
        (
            "posteo.de",
            vec![
@@ -532,6 +474,26 @@ static DNS_PRELOAD: LazyLock<HashMap<&'static str, Vec<IpAddr>>> = LazyLock::new
            "psmtp.schulon.org",
            vec![IpAddr::V4(Ipv4Addr::new(194, 77, 246, 20))],
        ),
+        (
+            "secureimap.t-online.de",
+            vec![
+                IpAddr::V4(Ipv4Addr::new(194, 25, 134, 114)),
+                IpAddr::V4(Ipv4Addr::new(194, 25, 134, 115)),
+                IpAddr::V4(Ipv4Addr::new(194, 25, 134, 50)),
+                IpAddr::V4(Ipv4Addr::new(194, 25, 134, 51)),
+            ],
+        ),
+        (
+            "securesmtp.t-online.de",
+            vec![
+                IpAddr::V4(Ipv4Addr::new(194, 25, 134, 110)),
+                IpAddr::V4(Ipv4Addr::new(194, 25, 134, 46)),
+            ],
+        ),
+        (
+            "smtp.aliyun.com",
+            vec![IpAddr::V4(Ipv4Addr::new(47, 246, 136, 232))],
+        ),
        (
            "smtp.mail.de",
            vec![IpAddr::V4(Ipv4Addr::new(62, 201, 172, 21))],
@@ -539,8 +501,8 @@ static DNS_PRELOAD: LazyLock<HashMap<&'static str, Vec<IpAddr>>> = LazyLock::new
        (
            "smtp.mail.ru",
            vec![
-                IpAddr::V4(Ipv4Addr::new(94, 100, 180, 160)),
                IpAddr::V4(Ipv4Addr::new(217, 69, 139, 160)),
+                IpAddr::V4(Ipv4Addr::new(94, 100, 180, 160)),
            ],
        ),
        (
@@ -558,20 +520,6 @@ static DNS_PRELOAD: LazyLock<HashMap<&'static str, Vec<IpAddr>>> = LazyLock::new
            "imap.mailo.com",
            vec![IpAddr::V4(Ipv4Addr::new(213, 182, 54, 20))],
        ),
-        (
-            "imap.migadu.com",
-            vec![
-                IpAddr::V4(Ipv4Addr::new(51, 210, 3, 23)),
-                IpAddr::V4(Ipv4Addr::new(51, 210, 3, 20)),
-            ],
-        ),
-        (
-            "smtp.migadu.com",
-            vec![
-                IpAddr::V4(Ipv4Addr::new(37, 59, 57, 117)),
-                IpAddr::V4(Ipv4Addr::new(51, 255, 82, 75)),
-            ],
-        ),
        (
            "smtp.mailo.com",
            vec![IpAddr::V4(Ipv4Addr::new(213, 182, 54, 20))],
@@ -590,48 +538,30 @@ static DNS_PRELOAD: LazyLock<HashMap<&'static str, Vec<IpAddr>>> = LazyLock::new
        ),
        (
            "imap.qq.com",
-            vec![
-                IpAddr::V4(Ipv4Addr::new(43, 163, 178, 76)),
-                IpAddr::V4(Ipv4Addr::new(43, 129, 255, 54)),
-            ],
+            vec![IpAddr::V4(Ipv4Addr::new(43, 129, 255, 54))],
        ),
        (
            "smtp.qq.com",
-            vec![
-                IpAddr::V4(Ipv4Addr::new(43, 129, 255, 54)),
-                IpAddr::V4(Ipv4Addr::new(43, 163, 178, 76)),
-            ],
+            vec![IpAddr::V4(Ipv4Addr::new(43, 129, 255, 54))],
        ),
        (
            "imap.rambler.ru",
            vec![
-                IpAddr::V4(Ipv4Addr::new(81, 19, 77, 168)),
                IpAddr::V4(Ipv4Addr::new(81, 19, 77, 169)),
-                IpAddr::V4(Ipv4Addr::new(81, 19, 77, 170)),
                IpAddr::V4(Ipv4Addr::new(81, 19, 77, 171)),
+                IpAddr::V4(Ipv4Addr::new(81, 19, 77, 168)),
+                IpAddr::V4(Ipv4Addr::new(81, 19, 77, 170)),
            ],
        ),
        (
            "smtp.rambler.ru",
            vec![
-                IpAddr::V4(Ipv4Addr::new(81, 19, 77, 164)),
                IpAddr::V4(Ipv4Addr::new(81, 19, 77, 165)),
-                IpAddr::V4(Ipv4Addr::new(81, 19, 77, 166)),
                IpAddr::V4(Ipv4Addr::new(81, 19, 77, 167)),
+                IpAddr::V4(Ipv4Addr::new(81, 19, 77, 166)),
+                IpAddr::V4(Ipv4Addr::new(81, 19, 77, 164)),
            ],
        ),
-        (
-            "stinpriza.net",
-            vec![IpAddr::V4(Ipv4Addr::new(5, 9, 122, 184))],
-        ),
-        (
-            "webbox222.server-home.org",
-            vec![IpAddr::V4(Ipv4Addr::new(91, 203, 111, 88))],
-        ),
-        (
-            "undernet.uy",
-            vec![IpAddr::V4(Ipv4Addr::new(200, 40, 115, 74))],
-        ),
        (
            "imap.vivaldi.net",
            vec![IpAddr::V4(Ipv4Addr::new(31, 209, 137, 15))],
@@ -642,23 +572,17 @@ static DNS_PRELOAD: LazyLock<HashMap<&'static str, Vec<IpAddr>>> = LazyLock::new
        ),
        (
            "imap.vodafonemail.de",
-            vec![
-                IpAddr::V4(Ipv4Addr::new(178, 15, 69, 210)),
-                IpAddr::V4(Ipv4Addr::new(151, 189, 176, 206)),
-            ],
+            vec![IpAddr::V4(Ipv4Addr::new(2, 207, 150, 230))],
        ),
        (
            "smtp.vodafonemail.de",
-            vec![
-                IpAddr::V4(Ipv4Addr::new(151, 189, 176, 206)),
-                IpAddr::V4(Ipv4Addr::new(178, 15, 69, 206)),
-            ],
+            vec![IpAddr::V4(Ipv4Addr::new(2, 207, 150, 234))],
        ),
        (
            "smtp.web.de",
            vec![
-                IpAddr::V4(Ipv4Addr::new(213, 165, 67, 124)),
                IpAddr::V4(Ipv4Addr::new(213, 165, 67, 108)),
+                IpAddr::V4(Ipv4Addr::new(213, 165, 67, 124)),
            ],
        ),
        (
@@ -675,10 +599,23 @@ static DNS_PRELOAD: LazyLock<HashMap<&'static str, Vec<IpAddr>>> = LazyLock::new
        ),
        (
            "smtp.zoho.eu",
-            vec![
-                IpAddr::V4(Ipv4Addr::new(185, 230, 212, 164)),
-                IpAddr::V4(Ipv4Addr::new(185, 230, 214, 164)),
-            ],
+            vec![IpAddr::V4(Ipv4Addr::new(185, 230, 212, 164))],
+        ),
+        (
+            "smtpauths.bluewin.ch",
+            vec![IpAddr::V4(Ipv4Addr::new(195, 186, 120, 54))],
+        ),
+        (
+            "stinpriza.net",
+            vec![IpAddr::V4(Ipv4Addr::new(5, 9, 122, 184))],
+        ),
+        (
+            "undernet.uy",
+            vec![IpAddr::V4(Ipv4Addr::new(167, 62, 254, 153))],
+        ),
+        (
+            "webbox222.server-home.org",
+            vec![IpAddr::V4(Ipv4Addr::new(91, 203, 111, 88))],
        ),
    ])
 });
--- a/src/net/http.rs
+++ b/src/net/http.rs
@@ -74,33 +74,19 @@ where
        }
        "https" => {
            let port = parsed_url.port_u16().unwrap_or(443);
-            let (use_sni, load_cache) = (true, true);
+            let load_cache = true;

            if let Some(proxy_config) = proxy_config_opt {
                let proxy_stream = proxy_config
                    .connect(context, host, port, load_cache)
                    .await?;
-                let tls_stream = wrap_rustls(
-                    host,
-                    port,
-                    use_sni,
-                    "",
-                    proxy_stream,
-                    &context.tls_session_store,
-                )
-                .await?;
+                let tls_stream =
+                    wrap_rustls(host, port, "", proxy_stream, &context.tls_session_store).await?;
                Box::new(tls_stream)
            } else {
                let tcp_stream = crate::net::connect_tcp(context, host, port, load_cache).await?;
-                let tls_stream = wrap_rustls(
-                    host,
-                    port,
-                    use_sni,
-                    "",
-                    tcp_stream,
-                    &context.tls_session_store,
-                )
-                .await?;
+                let tls_stream =
+                    wrap_rustls(host, port, "", tcp_stream, &context.tls_session_store).await?;
                Box::new(tls_stream)
            }
        }
--- a/src/net/proxy.rs
+++ b/src/net/proxy.rs
@@ -429,11 +429,9 @@ impl ProxyConfig {
                    load_cache,
                )
                .await?;
-                let use_sni = true;
                let tls_stream = wrap_rustls(
                    &https_config.host,
                    https_config.port,
-                    use_sni,
                    "",
                    tcp_stream,
                    &context.tls_session_store,
--- a/src/net/tls.rs
+++ b/src/net/tls.rs
@@ -13,14 +13,12 @@ pub async fn wrap_tls<'a>(
    strict_tls: bool,
    hostname: &str,
    port: u16,
-    use_sni: bool,
    alpn: &str,
    stream: impl SessionStream + 'static,
    tls_session_store: &TlsSessionStore,
 ) -> Result<impl SessionStream + 'a> {
    if strict_tls {
-        let tls_stream =
-            wrap_rustls(hostname, port, use_sni, alpn, stream, tls_session_store).await?;
+        let tls_stream = wrap_rustls(hostname, port, alpn, stream, tls_session_store).await?;
        let boxed_stream: Box<dyn SessionStream> = Box::new(tls_stream);
        Ok(boxed_stream)
    } else {
@@ -34,7 +32,6 @@ pub async fn wrap_tls<'a>(
        };
        let tls = async_native_tls::TlsConnector::new()
            .min_protocol_version(Some(async_native_tls::Protocol::Tlsv12))
-            .use_sni(use_sni)
            .request_alpns(&alpns)
            .danger_accept_invalid_hostnames(true)
            .danger_accept_invalid_certs(true);
@@ -93,7 +90,6 @@ impl TlsSessionStore {
 pub async fn wrap_rustls<'a>(
    hostname: &str,
    port: u16,
-    use_sni: bool,
    alpn: &str,
    stream: impl SessionStream + 'a,
    tls_session_store: &TlsSessionStore,
@@ -121,7 +117,6 @@ pub async fn wrap_rustls<'a>(
    let resumption = tokio_rustls::rustls::client::Resumption::store(resumption_store)
        .tls12_resumption(tokio_rustls::rustls::client::Tls12Resumption::Disabled);
    config.resumption = resumption;
-    config.enable_sni = use_sni;

    let tls = tokio_rustls::TlsConnector::from(Arc::new(config));
    let name = rustls_pki_types::ServerName::try_from(hostname)?.to_owned();
--- a/src/pgp.rs
+++ b/src/pgp.rs
@@ -160,29 +160,14 @@ fn select_pk_for_encryption(key: &SignedPublicKey) -> Option<&SignedPublicSubKey
        .find(|subkey| subkey.is_encryption_key())
 }

-/// Version of SEIPD packet to use.
-///
-/// See
-/// <https://www.rfc-editor.org/rfc/rfc9580#name-avoiding-ciphertext-malleab>
-/// for the discussion on when v2 SEIPD should be used.
-#[derive(Debug)]
-pub enum SeipdVersion {
-    /// Use v1 SEIPD, for compatibility.
-    V1,
-
-    /// Use v2 SEIPD when we know that v2 SEIPD is supported.
-    V2,
-}
-
 /// Encrypts `plain` text using `public_keys_for_encryption`
 /// and signs it using `private_key_for_signing`.
 pub async fn pk_encrypt(
    plain: Vec<u8>,
    public_keys_for_encryption: Vec<SignedPublicKey>,
-    private_key_for_signing: SignedSecretKey,
+    private_key_for_signing: Option<SignedSecretKey>,
    compress: bool,
    anonymous_recipients: bool,
-    seipd_version: SeipdVersion,
 ) -> Result<String> {
    Handle::current()
        .spawn_blocking(move || {
@@ -193,49 +178,23 @@ pub async fn pk_encrypt(
                .filter_map(select_pk_for_encryption);

            let msg = MessageBuilder::from_bytes("", plain);
-            let encoded_msg = match seipd_version {
-                SeipdVersion::V1 => {
-                    let mut msg = msg.seipd_v1(&mut rng, SYMMETRIC_KEY_ALGORITHM);
-
-                    for pkey in pkeys {
-                        if anonymous_recipients {
-                            msg.encrypt_to_key_anonymous(&mut rng, &pkey)?;
-                        } else {
-                            msg.encrypt_to_key(&mut rng, &pkey)?;
-                        }
-                    }
-
-                    msg.sign(&*private_key_for_signing, Password::empty(), HASH_ALGORITHM);
-                    if compress {
-                        msg.compression(CompressionAlgorithm::ZLIB);
-                    }
-
-                    msg.to_armored_string(&mut rng, Default::default())?
+            let mut msg = msg.seipd_v1(&mut rng, SYMMETRIC_KEY_ALGORITHM);
+            for pkey in pkeys {
+                if anonymous_recipients {
+                    msg.encrypt_to_key_anonymous(&mut rng, &pkey)?;
+                } else {
+                    msg.encrypt_to_key(&mut rng, &pkey)?;
                }
-                SeipdVersion::V2 => {
-                    let mut msg = msg.seipd_v2(
-                        &mut rng,
-                        SYMMETRIC_KEY_ALGORITHM,
-                        AeadAlgorithm::Ocb,
-                        ChunkSize::C8KiB,
-                    );
+            }

-                    for pkey in pkeys {
-                        if anonymous_recipients {
-                            msg.encrypt_to_key_anonymous(&mut rng, &pkey)?;
-                        } else {
-                            msg.encrypt_to_key(&mut rng, &pkey)?;
-                        }
-                    }
-
-                    msg.sign(&*private_key_for_signing, Password::empty(), HASH_ALGORITHM);
-                    if compress {
-                        msg.compression(CompressionAlgorithm::ZLIB);
-                    }
-
-                    msg.to_armored_string(&mut rng, Default::default())?
+            if let Some(ref skey) = private_key_for_signing {
+                msg.sign(&**skey, Password::empty(), HASH_ALGORITHM);
+                if compress {
+                    msg.compression(CompressionAlgorithm::ZLIB);
                }
-            };
+            }
+
+            let encoded_msg = msg.to_armored_string(&mut rng, Default::default())?;

            Ok(encoded_msg)
        })
@@ -447,7 +406,7 @@ pub async fn symm_encrypt_message(
        };
        let mut msg = msg.seipd_v2(
            &mut rng,
-            SYMMETRIC_KEY_ALGORITHM,
+            SymmetricKeyAlgorithm::AES128,
            AeadAlgorithm::Ocb,
            ChunkSize::C8KiB,
        );
@@ -575,6 +534,7 @@ mod tests {
    static KEYS: LazyLock<TestKeys> = LazyLock::new(TestKeys::new);

    static CTEXT_SIGNED: OnceCell<String> = OnceCell::const_new();
+    static CTEXT_UNSIGNED: OnceCell<String> = OnceCell::const_new();

    /// A ciphertext encrypted to Alice & Bob, signed by Alice.
    async fn ctext_signed() -> &'static String {
@@ -587,10 +547,30 @@ mod tests {
                pk_encrypt(
                    CLEARTEXT.to_vec(),
                    keyring,
-                    KEYS.alice_secret.clone(),
+                    Some(KEYS.alice_secret.clone()),
+                    compress,
+                    anonymous_recipients,
+                )
+                .await
+                .unwrap()
+            })
+            .await
+    }
+
+    /// A ciphertext encrypted to Alice & Bob, not signed.
+    async fn ctext_unsigned() -> &'static String {
+        let anonymous_recipients = true;
+        CTEXT_UNSIGNED
+            .get_or_init(|| async {
+                let keyring = vec![KEYS.alice_public.clone(), KEYS.bob_public.clone()];
+                let compress = true;
+
+                pk_encrypt(
+                    CLEARTEXT.to_vec(),
+                    keyring,
+                    None,
                    compress,
                    anonymous_recipients,
-                    SeipdVersion::V2,
                )
                .await
                .unwrap()
@@ -608,6 +588,16 @@ mod tests {
        );
    }

+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_encrypt_unsigned() {
+        assert!(!ctext_unsigned().await.is_empty());
+        assert!(
+            ctext_unsigned()
+                .await
+                .starts_with("-----BEGIN PGP MESSAGE-----")
+        );
+    }
+
    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
    async fn test_decrypt_singed() {
        // Check decrypting as Alice
@@ -662,9 +652,9 @@ mod tests {
    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
    async fn test_decrypt_unsigned() {
        let decrypt_keyring = vec![KEYS.bob_secret.clone()];
-        let ctext_unsigned = include_bytes!("../test-data/message/ctext_unsigned.asc");
        let (_msg, valid_signatures, content) =
-            pk_decrypt_and_validate(ctext_unsigned, &decrypt_keyring, &[]).unwrap();
+            pk_decrypt_and_validate(ctext_unsigned().await.as_bytes(), &decrypt_keyring, &[])
+                .unwrap();
        assert_eq!(content, CLEARTEXT);
        assert_eq!(valid_signatures.len(), 0);
    }
@@ -754,15 +744,7 @@ mod tests {
        let pk_for_encryption = load_self_public_key(alice).await?;

        // Encrypt a message, but only to self, not to Bob:
-        let ctext = pk_encrypt(
-            plain,
-            vec![pk_for_encryption],
-            KEYS.alice_secret.clone(),
-            true,
-            true,
-            SeipdVersion::V2,
-        )
-        .await?;
+        let ctext = pk_encrypt(plain, vec![pk_for_encryption], None, true, true).await?;

        // Trying to decrypt it should fail with an OK error message:
        let bob_private_keyring = crate::key::load_self_secret_keyring(bob).await?;
--- a/src/qr.rs
+++ b/src/qr.rs
@@ -42,7 +42,7 @@ pub(crate) const DCBACKUP_SCHEME_PREFIX: &str = "DCBACKUP";

 /// Version written to Backups and Backup-QR-Codes.
 /// Imports will fail when they have a larger version.
-pub(crate) const DCBACKUP_VERSION: i32 = 4;
+pub(crate) const DCBACKUP_VERSION: i32 = 3;

 /// Scanned QR code.
 #[derive(Debug, Clone, PartialEq, Eq)]
--- a/src/reaction.rs
+++ b/src/reaction.rs
@@ -991,6 +991,42 @@ Content-Disposition: reaction\n\
        Ok(())
    }

+    /// Regression test for reaction resetting self-status.
+    ///
+    /// Reactions do not contain the status,
+    /// but should not result in self-status being reset on other devices.
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_reaction_status_multidevice() -> Result<()> {
+        let mut tcm = TestContextManager::new();
+        let alice1 = tcm.alice().await;
+        let alice2 = tcm.alice().await;
+
+        alice1
+            .set_config(Config::Selfstatus, Some("New status"))
+            .await?;
+
+        let alice2_msg = tcm.send_recv(&alice1, &alice2, "Hi!").await;
+        assert_eq!(
+            alice2.get_config(Config::Selfstatus).await?.as_deref(),
+            Some("New status")
+        );
+
+        // Alice reacts to own message from second device,
+        // first device receives rection.
+        {
+            send_reaction(&alice2, alice2_msg.id, "👍").await?;
+            let msg = alice2.pop_sent_msg().await;
+            alice1.recv_msg_hidden(&msg).await;
+        }
+
+        // Check that the status is still the same.
+        assert_eq!(
+            alice1.get_config(Config::Selfstatus).await?.as_deref(),
+            Some("New status")
+        );
+        Ok(())
+    }
+
    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
    async fn test_send_reaction_multidevice() -> Result<()> {
        let mut tcm = TestContextManager::new();
--- a/src/receive_imf.rs
+++ b/src/receive_imf.rs
@@ -1,6 +1,6 @@
 //! Internet Message Format reception pipeline.

-use std::collections::{BTreeMap, BTreeSet, HashSet};
+use std::collections::{BTreeMap, HashSet};
 use std::iter;
 use std::sync::LazyLock;

@@ -827,41 +827,6 @@ pub(crate) async fn receive_imf_inner(
    if let Some(ref sync_items) = mime_parser.sync_items {
        if from_id == ContactId::SELF {
            if mime_parser.was_encrypted() {
-                // Receiving encrypted message from self updates primary transport.
-                let from_addr = &mime_parser.from.addr;
-
-                let transport_changed = context
-                    .sql
-                    .transaction(|transaction| {
-                        let transport_exists = transaction.query_row(
-                            "SELECT COUNT(*) FROM transports WHERE addr=?",
-                            (from_addr,),
-                            |row| {
-                                let count: i64 = row.get(0)?;
-                                Ok(count > 0)
-                            },
-                        )?;
-
-                        let transport_changed = if transport_exists {
-                            transaction.execute(
-                                "UPDATE config SET value=? WHERE keyname='configured_addr'",
-                                (from_addr,),
-                            )? > 0
-                        } else {
-                            warn!(
-                                context,
-                                "Received sync message from unknown address {from_addr:?}."
-                            );
-                            false
-                        };
-                        Ok(transport_changed)
-                    })
-                    .await?;
-                if transport_changed {
-                    info!(context, "Primary transport changed to {from_addr:?}.");
-                    context.sql.uncache_raw_config("configured_addr").await;
-                }
-
                context
                    .execute_sync_items(sync_items, mime_parser.timestamp_sent)
                    .await;
@@ -920,11 +885,13 @@ pub(crate) async fn receive_imf_inner(
    }

    if let Some(avatar_action) = &mime_parser.user_avatar
-        && !matches!(from_id, ContactId::UNDEFINED | ContactId::SELF)
+        && from_id != ContactId::UNDEFINED
        && context
            .update_contacts_timestamp(from_id, Param::AvatarTimestamp, mime_parser.timestamp_sent)
            .await?
-        && let Err(err) = contact::set_profile_image(context, from_id, avatar_action).await
+        && let Err(err) =
+            contact::set_profile_image(context, from_id, avatar_action, mime_parser.was_encrypted())
+                .await
    {
        warn!(context, "receive_imf cannot update profile image: {err:#}.");
    };
@@ -932,11 +899,18 @@ pub(crate) async fn receive_imf_inner(
    // Ignore footers from mailinglists as they are often created or modified by the mailinglist software.
    if let Some(footer) = &mime_parser.footer
        && !mime_parser.is_mailinglist_message()
-        && !matches!(from_id, ContactId::UNDEFINED | ContactId::SELF)
+        && from_id != ContactId::UNDEFINED
        && context
            .update_contacts_timestamp(from_id, Param::StatusTimestamp, mime_parser.timestamp_sent)
            .await?
-        && let Err(err) = contact::set_status(context, from_id, footer.to_string()).await
+        && let Err(err) = contact::set_status(
+            context,
+            from_id,
+            footer.to_string(),
+            mime_parser.was_encrypted(),
+            mime_parser.has_chat_version(),
+        )
+        .await
    {
        warn!(context, "Cannot update contact status: {err:#}.");
    }
@@ -1213,19 +1187,19 @@ async fn decide_chat_assignment(
    let mut num_recipients = 0;
    let mut has_self_addr = false;
    for recipient in &mime_parser.recipients {
-        has_self_addr |= context.is_self_addr(&recipient.addr).await?;
        if addr_cmp(&recipient.addr, &mime_parser.from.addr) {
            continue;
        }
+
+        if context.is_self_addr(&recipient.addr).await? {
+            has_self_addr = true;
+        }
+
        num_recipients += 1;
    }
    if from_id != ContactId::SELF && !has_self_addr {
        num_recipients += 1;
    }
-    let can_be_11_chat = num_recipients <= 1
-        && (from_id != ContactId::SELF
-            || !(mime_parser.recipients.is_empty() || has_self_addr)
-            || mime_parser.was_encrypted());

    let chat_assignment = if should_trash {
        ChatAssignment::Trash
@@ -1269,14 +1243,14 @@ async fn decide_chat_assignment(
            }
        } else if mime_parser.get_header(HeaderDef::ChatGroupName).is_some() {
            ChatAssignment::AdHocGroup
-        } else if can_be_11_chat {
+        } else if num_recipients <= 1 {
            ChatAssignment::OneOneChat
        } else {
            ChatAssignment::AdHocGroup
        }
    } else if mime_parser.get_header(HeaderDef::ChatGroupName).is_some() {
        ChatAssignment::AdHocGroup
-    } else if can_be_11_chat {
+    } else if num_recipients <= 1 {
        ChatAssignment::OneOneChat
    } else {
        ChatAssignment::AdHocGroup
@@ -1803,16 +1777,11 @@ async fn add_parts(
                    "Updated ephemeral timer to {ephemeral_timer:?} for chat {chat_id}."
                );
                if mime_parser.is_system_message != SystemMessage::EphemeralTimerChanged {
-                    chat::add_info_msg_with_cmd(
+                    chat::add_info_msg(
                        context,
                        chat_id,
                        &stock_ephemeral_timer_changed(context, ephemeral_timer, from_id).await,
-                        SystemMessage::Unknown,
-                        Some(sort_timestamp),
-                        mime_parser.timestamp_sent,
-                        None,
-                        None,
-                        None,
+                        sort_timestamp,
                    )
                    .await?;
                }
@@ -1920,8 +1889,8 @@ async fn add_parts(
            chat_id,
            &group_changes_msg,
            cmd,
-            Some(sort_timestamp),
-            mime_parser.timestamp_sent,
+            sort_timestamp,
+            None,
            None,
            None,
            added_removed_id,
@@ -2497,8 +2466,11 @@ async fn lookup_or_create_adhoc_group(
                .unwrap_or_else(|| "👥📧".to_string())
        });
    let to_ids: Vec<ContactId> = to_ids.iter().filter_map(|x| *x).collect();
-    let mut contact_ids = BTreeSet::<ContactId>::from_iter(to_ids.iter().copied());
-    contact_ids.insert(from_id);
+    let mut contact_ids = Vec::with_capacity(to_ids.len() + 1);
+    contact_ids.extend(&to_ids);
+    if !contact_ids.contains(&from_id) {
+        contact_ids.push(from_id);
+    }
    let trans_fn = |t: &mut rusqlite::Transaction| {
        t.pragma_update(None, "query_only", "0")?;
        t.execute(
@@ -3624,6 +3596,13 @@ async fn create_adhoc_group(
        );
        return Ok(Some((DC_CHAT_ID_TRASH, Blocked::Not)));
    }
+    if member_ids.len() < 2 {
+        info!(
+            context,
+            "Not creating ad hoc group with less than 2 members."
+        );
+        return Ok(None);
+    }

    let new_chat_id: ChatId = ChatId::create_multiuser_record(
        context,
--- a/src/receive_imf/receive_imf_tests.rs
+++ b/src/receive_imf/receive_imf_tests.rs
@@ -1964,53 +1964,28 @@ Message content",
    assert_ne!(msg.chat_id, t.get_self_chat().await.id);
 }

-/// Tests that an outgoing self-sent unencrypted message doesn't go to the self-chat, but to a
-/// proper unencrypted chat instead.
+/// Tests that message with hidden recipients is assigned to Saved Messages chat.
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_unencrypted_doesnt_goto_self_chat() -> Result<()> {
-    let mut tcm = TestContextManager::new();
-    let t = &tcm.alice().await;
-    let mut chat_id = None;
+async fn test_hidden_recipients_self_chat() {
+    let t = TestContext::new_alice().await;

-    for (i, to) in [
-        "<alice@example.org>",
-        "<alice@example.org>",
-        "alice@example.org, alice@example.org",
-        "hidden-recipients:;",
-    ]
-    .iter()
-    .enumerate()
-    {
-        receive_imf(
-            t,
-            format!(
-                "Subject: s
+    receive_imf(
+        &t,
+        b"Subject: s
 Chat-Version: 1.0
-Message-ID: <foobar{i}@localhost>
-To: {to}
+Message-ID: <foobar@localhost>
+To: hidden-recipients:;
 From: <alice@example.org>

-Your server is hacked. Have a nice day!"
-            )
-            .as_bytes(),
-            false,
-        )
-        .await?;
+Message content",
+        false,
+    )
+    .await
+    .unwrap();

-        let msg = t.get_last_msg().await;
-        assert_ne!(msg.chat_id, t.get_self_chat().await.id);
-        assert_eq!(msg.from_id, ContactId::SELF);
-        assert_eq!(msg.to_id, ContactId::SELF);
-        if let Some(chat_id) = chat_id {
-            assert_eq!(msg.chat_id, chat_id);
-        } else {
-            chat_id = Some(msg.chat_id);
-            let chat = Chat::load_from_db(t, msg.chat_id).await?;
-            assert_eq!(chat.typ, Chattype::Group);
-            assert!(!chat.is_encrypted(t).await?);
-        }
-    }
-    Ok(())
+    let msg = t.get_last_msg().await;
+    assert_eq!(msg.chat_id, t.get_self_chat().await.id);
+    assert_eq!(msg.to_id, ContactId::SELF);
 }

 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
@@ -5011,7 +4986,7 @@ async fn test_make_n_send_vcard() -> Result<()> {
    Ok(())
 }

-/// Tests that an ad-hoc group is created if the message
+/// Tests that group is not created if the message
 /// has no recipients even if it has unencrypted Chat-Group-ID.
 ///
 /// Chat-Group-ID in unencrypted messages should be ignored.
@@ -5030,12 +5005,8 @@ Hello!"
        .as_bytes();
    let received = receive_imf(t, raw, false).await?.unwrap();
    let msg = Message::load_from_db(t, *received.msg_ids.last().unwrap()).await?;
-    assert_eq!(msg.from_id, ContactId::SELF);
-    assert_eq!(msg.to_id, ContactId::SELF);
    let chat = Chat::load_from_db(t, msg.chat_id).await?;
-    assert_eq!(chat.typ, Chattype::Group);
-    assert!(!chat.is_encrypted(t).await?);
-    assert!(chat.grpid.is_empty());
+    assert_eq!(chat.typ, Chattype::Single);

    // Check that the weird group name is sanitzied correctly:
    let mail = mailparse::parse_mail(raw).unwrap();
@@ -5046,7 +5017,7 @@ Hello!"
            .get_value_raw(),
        "Group\n name\u{202B}".as_bytes()
    );
-    assert_eq!(chat.name, "Group name");
+    assert_eq!(chat.name, "Saved messages");

    Ok(())
 }
@@ -5183,58 +5154,6 @@ async fn test_dont_reverify_by_self_on_outgoing_msg() -> Result<()> {
    Ok(())
 }

-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_dont_verify_by_verified_by_unknown() -> Result<()> {
-    let mut tcm = TestContextManager::new();
-    let a0 = &tcm.alice().await;
-    let a1 = &tcm.alice().await;
-    let bob = &tcm.bob().await;
-    let fiona = &tcm.fiona().await;
-
-    let bob_chat_id = chat::create_group(bob, "Group").await?;
-    bob.set_chat_protected(bob_chat_id).await;
-    let qr = get_securejoin_qr(bob, Some(bob_chat_id)).await?;
-    tcm.exec_securejoin_qr(a0, bob, &qr).await;
-
-    let qr = get_securejoin_qr(bob, None).await?;
-    tcm.exec_securejoin_qr(fiona, bob, &qr).await;
-
-    // Bob verifies Fiona for Alice#0.
-    let bob_fiona_id = bob.add_or_lookup_contact_id(fiona).await;
-    add_contact_to_chat(bob, bob_chat_id, bob_fiona_id).await?;
-    let sent_msg = bob.pop_sent_msg().await;
-    a0.recv_msg(&sent_msg).await;
-    fiona.recv_msg(&sent_msg).await;
-    let a0_bob = a0.add_or_lookup_contact(bob).await;
-    let a0_fiona = a0.add_or_lookup_contact(fiona).await;
-    assert_eq!(a0_fiona.get_verifier_id(a0).await?, Some(Some(a0_bob.id)));
-
-    let chat_id = a0.create_group_with_members("", &[fiona]).await;
-    a0.set_chat_protected(chat_id).await;
-    a1.recv_msg(&a0.send_text(chat_id, "Hi").await).await;
-    let a1_fiona = a1.add_or_lookup_contact(fiona).await;
-    assert_eq!(a1_fiona.get_verifier_id(a1).await?, Some(None));
-
-    let some_time_to_regossip = Duration::from_secs(20 * 24 * 3600);
-    SystemTime::shift(some_time_to_regossip);
-    let fiona_chat_id = fiona.get_last_msg().await.chat_id;
-    fiona.set_chat_protected(fiona_chat_id).await;
-    a1.recv_msg(&fiona.send_text(fiona_chat_id, "Hi").await)
-        .await;
-    let a1_bob = a1.add_or_lookup_contact(bob).await;
-    // There was a bug that Bob is verified by Fiona on Alice's other device.
-    assert_eq!(a1_bob.get_verifier_id(a1).await?, Some(None));
-
-    SystemTime::shift(some_time_to_regossip);
-    tcm.execute_securejoin(a1, fiona).await;
-    a1.recv_msg(&fiona.send_text(fiona_chat_id, "Hi").await)
-        .await;
-    // But now Bob's verifier id must be updated because Fiona is verified by a known verifier
-    // (moreover, directly), so Alice has reverse verification chains on her devices.
-    assert_eq!(a1_bob.get_verifier_id(a1).await?, Some(Some(a1_fiona.id)));
-    Ok(())
-}
-
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_sanitize_filename_in_received() -> Result<()> {
    let alice = &TestContext::new_alice().await;
--- a/src/scheduler.rs
+++ b/src/scheduler.rs
@@ -1,4 +1,5 @@
 use std::cmp;
+use std::iter::{self, once};
 use std::num::NonZeroUsize;

 use anyhow::{Context as _, Error, Result, bail};
@@ -25,7 +26,6 @@ use crate::smtp::{Smtp, send_smtp_messages};
 use crate::sql;
 use crate::stats::maybe_send_stats;
 use crate::tools::{self, duration_to_str, maybe_add_time_based_warnings, time, time_elapsed};
-use crate::transport::ConfiguredLoginParam;
 use crate::{constants, stats};

 pub(crate) mod connectivity;
@@ -145,14 +145,14 @@ impl SchedulerState {
                InnerSchedulerState::Started(_) => {
                    let new_state = InnerSchedulerState::Paused {
                        started: true,
-                        pause_guards_count: NonZeroUsize::MIN,
+                        pause_guards_count: NonZeroUsize::new(1).unwrap(),
                    };
                    Self::do_stop(&mut inner, context, new_state).await;
                }
                InnerSchedulerState::Stopped => {
                    *inner = InnerSchedulerState::Paused {
                        started: false,
-                        pause_guards_count: NonZeroUsize::MIN,
+                        pause_guards_count: NonZeroUsize::new(1).unwrap(),
                    };
                }
                InnerSchedulerState::Paused {
@@ -183,7 +183,7 @@ impl SchedulerState {
                    ref started,
                    ref mut pause_guards_count,
                } => {
-                    if *pause_guards_count == NonZeroUsize::MIN {
+                    if *pause_guards_count == NonZeroUsize::new(1).unwrap() {
                        match *started {
                            true => SchedulerState::do_start(&mut inner, &context).await,
                            false => *inner = InnerSchedulerState::Stopped,
@@ -212,25 +212,21 @@ impl SchedulerState {
    /// Indicate that the network likely has come back.
    pub(crate) async fn maybe_network(&self) {
        let inner = self.inner.read().await;
-        let (inboxes, oboxes) = match *inner {
+        let (inbox, oboxes) = match *inner {
            InnerSchedulerState::Started(ref scheduler) => {
                scheduler.maybe_network();
-                let inboxes = scheduler
-                    .inboxes
-                    .iter()
-                    .map(|b| b.conn_state.state.connectivity.clone())
-                    .collect::<Vec<_>>();
+                let inbox = scheduler.inbox.conn_state.state.connectivity.clone();
                let oboxes = scheduler
                    .oboxes
                    .iter()
                    .map(|b| b.conn_state.state.connectivity.clone())
                    .collect::<Vec<_>>();
-                (inboxes, oboxes)
+                (inbox, oboxes)
            }
            _ => return,
        };
        drop(inner);
-        connectivity::idle_interrupted(inboxes, oboxes);
+        connectivity::idle_interrupted(inbox, oboxes);
    }

    /// Indicate that the network likely is lost.
@@ -335,8 +331,7 @@ struct SchedBox {
 /// Job and connection scheduler.
 #[derive(Debug)]
 pub(crate) struct Scheduler {
-    /// Inboxes, one per transport.
-    inboxes: Vec<SchedBox>,
+    inbox: SchedBox,
    /// Optional boxes -- mvbox.
    oboxes: Vec<SchedBox>,
    smtp: SmtpConnectionState,
@@ -578,19 +573,12 @@ async fn fetch_idle(
                mvbox.as_deref().unwrap_or(&watch_folder)
            }
        };
-        if ctx
-            .get_config(Config::ConfiguredAddr)
-            .await?
-            .unwrap_or_default()
-            == connection.addr
-        {
-            session
-                .send_sync_msgs(ctx, syncbox)
-                .await
-                .context("fetch_idle: send_sync_msgs")
-                .log_err(ctx)
-                .ok();
-        }
+        session
+            .send_sync_msgs(ctx, syncbox)
+            .await
+            .context("fetch_idle: send_sync_msgs")
+            .log_err(ctx)
+            .ok();

        session
            .store_seen_flags_on_imap(ctx)
@@ -869,40 +857,34 @@ impl Scheduler {
        let (ephemeral_interrupt_send, ephemeral_interrupt_recv) = channel::bounded(1);
        let (location_interrupt_send, location_interrupt_recv) = channel::bounded(1);

-        let mut inboxes = Vec::new();
        let mut oboxes = Vec::new();
        let mut start_recvs = Vec::new();

-        for (transport_id, configured_login_param) in ConfiguredLoginParam::load_all(ctx).await? {
-            let (conn_state, inbox_handlers) =
-                ImapConnectionState::new(ctx, transport_id, configured_login_param.clone()).await?;
-            let (inbox_start_send, inbox_start_recv) = oneshot::channel();
-            let handle = {
-                let ctx = ctx.clone();
-                task::spawn(inbox_loop(ctx, inbox_start_send, inbox_handlers))
-            };
-            let inbox = SchedBox {
-                meaning: FolderMeaning::Inbox,
+        let (conn_state, inbox_handlers) = ImapConnectionState::new(ctx).await?;
+        let (inbox_start_send, inbox_start_recv) = oneshot::channel();
+        let handle = {
+            let ctx = ctx.clone();
+            task::spawn(inbox_loop(ctx, inbox_start_send, inbox_handlers))
+        };
+        let inbox = SchedBox {
+            meaning: FolderMeaning::Inbox,
+            conn_state,
+            handle,
+        };
+        start_recvs.push(inbox_start_recv);
+
+        if ctx.should_watch_mvbox().await? {
+            let (conn_state, handlers) = ImapConnectionState::new(ctx).await?;
+            let (start_send, start_recv) = oneshot::channel();
+            let ctx = ctx.clone();
+            let meaning = FolderMeaning::Mvbox;
+            let handle = task::spawn(simple_imap_loop(ctx, start_send, handlers, meaning));
+            oboxes.push(SchedBox {
+                meaning,
                conn_state,
                handle,
-            };
-            inboxes.push(inbox);
-            start_recvs.push(inbox_start_recv);
-
-            if ctx.should_watch_mvbox().await? {
-                let (conn_state, handlers) =
-                    ImapConnectionState::new(ctx, transport_id, configured_login_param).await?;
-                let (start_send, start_recv) = oneshot::channel();
-                let ctx = ctx.clone();
-                let meaning = FolderMeaning::Mvbox;
-                let handle = task::spawn(simple_imap_loop(ctx, start_send, handlers, meaning));
-                oboxes.push(SchedBox {
-                    meaning,
-                    conn_state,
-                    handle,
-                });
-                start_recvs.push(start_recv);
-            }
+            });
+            start_recvs.push(start_recv);
        }

        let smtp_handle = {
@@ -928,7 +910,7 @@ impl Scheduler {
        let recently_seen_loop = RecentlySeenLoop::new(ctx.clone());

        let res = Self {
-            inboxes,
+            inbox,
            oboxes,
            smtp,
            smtp_handle,
@@ -948,8 +930,8 @@ impl Scheduler {
        Ok(res)
    }

-    fn boxes(&self) -> impl Iterator<Item = &SchedBox> {
-        self.inboxes.iter().chain(self.oboxes.iter())
+    fn boxes(&self) -> iter::Chain<iter::Once<&SchedBox>, std::slice::Iter<'_, SchedBox>> {
+        once(&self.inbox).chain(self.oboxes.iter())
    }

    fn maybe_network(&self) {
@@ -967,9 +949,7 @@ impl Scheduler {
    }

    fn interrupt_inbox(&self) {
-        for b in &self.inboxes {
-            b.conn_state.interrupt();
-        }
+        self.inbox.conn_state.interrupt();
    }

    fn interrupt_oboxes(&self) {
@@ -1009,7 +989,7 @@ impl Scheduler {
        let timeout_duration = std::time::Duration::from_secs(30);

        let tracker = TaskTracker::new();
-        for b in self.inboxes.into_iter().chain(self.oboxes.into_iter()) {
+        for b in once(self.inbox).chain(self.oboxes) {
            let context = context.clone();
            tracker.spawn(async move {
                tokio::time::timeout(timeout_duration, b.handle)
@@ -1115,17 +1095,12 @@ pub(crate) struct ImapConnectionState {

 impl ImapConnectionState {
    /// Construct a new connection.
-    async fn new(
-        context: &Context,
-        transport_id: u32,
-        login_param: ConfiguredLoginParam,
-    ) -> Result<(Self, ImapConnectionHandlers)> {
+    async fn new(context: &Context) -> Result<(Self, ImapConnectionHandlers)> {
        let stop_token = CancellationToken::new();
        let (idle_interrupt_sender, idle_interrupt_receiver) = channel::bounded(1);

        let handlers = ImapConnectionHandlers {
-            connection: Imap::new(context, transport_id, login_param, idle_interrupt_receiver)
-                .await?,
+            connection: Imap::new_configured(context, idle_interrupt_receiver).await?,
            stop_token: stop_token.clone(),
        };

--- a/src/scheduler/connectivity.rs
+++ b/src/scheduler/connectivity.rs
@@ -201,20 +201,19 @@ impl ConnectivityStore {
 /// Set all folder states to InterruptingIdle in case they were `Idle` before.
 /// Called during `dc_maybe_network()` to make sure that `all_work_done()`
 /// returns false immediately after `dc_maybe_network()`.
-pub(crate) fn idle_interrupted(inboxes: Vec<ConnectivityStore>, oboxes: Vec<ConnectivityStore>) {
-    for inbox in inboxes {
-        let mut connectivity_lock = inbox.0.lock();
-        // For the inbox, we also have to set the connectivity to InterruptingIdle if it was
-        // NotConfigured before: If all folders are NotConfigured, dc_get_connectivity()
-        // returns Connected. But after dc_maybe_network(), dc_get_connectivity() must not
-        // return Connected until DC is completely done with fetching folders; this also
-        // includes scan_folders() which happens on the inbox thread.
-        if *connectivity_lock == DetailedConnectivity::Idle
-            || *connectivity_lock == DetailedConnectivity::NotConfigured
-        {
-            *connectivity_lock = DetailedConnectivity::InterruptingIdle;
-        }
+pub(crate) fn idle_interrupted(inbox: ConnectivityStore, oboxes: Vec<ConnectivityStore>) {
+    let mut connectivity_lock = inbox.0.lock();
+    // For the inbox, we also have to set the connectivity to InterruptingIdle if it was
+    // NotConfigured before: If all folders are NotConfigured, dc_get_connectivity()
+    // returns Connected. But after dc_maybe_network(), dc_get_connectivity() must not
+    // return Connected until DC is completely done with fetching folders; this also
+    // includes scan_folders() which happens on the inbox thread.
+    if *connectivity_lock == DetailedConnectivity::Idle
+        || *connectivity_lock == DetailedConnectivity::NotConfigured
+    {
+        *connectivity_lock = DetailedConnectivity::InterruptingIdle;
    }
+    drop(connectivity_lock);

    for state in oboxes {
        let mut connectivity_lock = state.0.lock();
--- a/src/securejoin.rs
+++ b/src/securejoin.rs
@@ -118,7 +118,7 @@ pub async fn get_securejoin_qr(context: &Context, chat: Option<ChatId>) -> Resul
                        chat.id,
                    );
                    let text = BROADCAST_INCOMPATIBILITY_MSG;
-                    add_info_msg(context, chat.id, text).await?;
+                    add_info_msg(context, chat.id, text, time()).await?;
                    bail!(text.to_string());
                }
            }
--- a/src/securejoin/bob.rs
+++ b/src/securejoin/bob.rs
@@ -127,7 +127,7 @@ pub(super) async fn start_protocol(context: &Context, invite: QrInvite) -> Resul
        QrInvite::Group { .. } => {
            let joining_chat_id = joining_chat_id(context, &invite, private_chat_id).await?;
            let msg = stock_str::secure_join_started(context, invite.contact_id()).await;
-            chat::add_info_msg(context, joining_chat_id, &msg).await?;
+            chat::add_info_msg(context, joining_chat_id, &msg, time()).await?;
            Ok(joining_chat_id)
        }
        QrInvite::Broadcast { .. } => {
@@ -144,23 +144,32 @@ pub(super) async fn start_protocol(context: &Context, invite: QrInvite) -> Resul
            }

            // If we were not in the broadcast channel before, show a 'please wait' info message.
+            // Since we don't have any specific stock string for this,
+            // use the generic `Establishing guaranteed end-to-end encryption, please wait…`
            if !is_contact_in_chat(context, joining_chat_id, ContactId::SELF).await? {
-                let msg =
-                    stock_str::secure_join_broadcast_started(context, invite.contact_id()).await;
-                chat::add_info_msg(context, joining_chat_id, &msg).await?;
+                let msg = stock_str::securejoin_wait(context).await;
+                chat::add_info_msg(context, joining_chat_id, &msg, time()).await?;
            }
            Ok(joining_chat_id)
        }
        QrInvite::Contact { .. } => {
            // For setup-contact the BobState already ensured the 1:1 chat exists because it
            // uses it to send the handshake messages.
+            // Calculate the sort timestamp before checking the chat protection status so that if we
+            // race with its change, we don't add our message below the protection message.
+            let sort_to_bottom = true;
+            let (received, incoming) = (false, false);
+            let ts_sort = private_chat_id
+                .calc_sort_timestamp(context, 0, sort_to_bottom, received, incoming)
+                .await?;
+            let ts_start = time();
            chat::add_info_msg_with_cmd(
                context,
                private_chat_id,
                &stock_str::securejoin_wait(context).await,
                SystemMessage::SecurejoinWait,
-                None,
-                time(),
+                ts_sort,
+                Some(ts_start),
                None,
                None,
                None,
@@ -234,7 +243,7 @@ pub(super) async fn handle_auth_required(
                let contact_id = invite.contact_id();
                let msg = stock_str::secure_join_replies(context, contact_id).await;
                let chat_id = joining_chat_id(context, &invite, chat_id).await?;
-                chat::add_info_msg(context, chat_id, &msg).await?;
+                chat::add_info_msg(context, chat_id, &msg, time()).await?;
            }
        }

--- a/src/smtp.rs
+++ b/src/smtp.rs
@@ -89,7 +89,7 @@ impl Smtp {
        }

        self.connectivity.set_connecting(context);
-        let (_transport_id, lp) = ConfiguredLoginParam::load(context)
+        let lp = ConfiguredLoginParam::load(context)
            .await?
            .context("Not configured")?;
        let proxy_config = ProxyConfig::load(context).await?;
@@ -443,11 +443,11 @@ pub(crate) async fn send_msg_to_smtp(
                        chat_id,
                        &text,
                        crate::mimeparser::SystemMessage::InvalidUnencryptedMail,
-                        Some(timestamp_sort),
                        timestamp_sort,
                        None,
                        None,
                        None,
+                        None,
                    )
                    .await?;
                };
--- a/src/smtp/connect.rs
+++ b/src/smtp/connect.rs
@@ -228,7 +228,6 @@ async fn connect_secure_proxy(
    strict_tls: bool,
    proxy_config: ProxyConfig,
 ) -> Result<Box<dyn SessionBufStream>> {
-    let use_sni = true;
    let proxy_stream = proxy_config
        .connect(context, hostname, port, strict_tls)
        .await?;
@@ -236,7 +235,6 @@ async fn connect_secure_proxy(
        strict_tls,
        hostname,
        port,
-        use_sni,
        alpn(port),
        proxy_stream,
        &context.tls_session_store,
@@ -255,7 +253,6 @@ async fn connect_starttls_proxy(
    strict_tls: bool,
    proxy_config: ProxyConfig,
 ) -> Result<Box<dyn SessionBufStream>> {
-    let use_sni = false;
    let proxy_stream = proxy_config
        .connect(context, hostname, port, strict_tls)
        .await?;
@@ -269,7 +266,6 @@ async fn connect_starttls_proxy(
        strict_tls,
        hostname,
        port,
-        use_sni,
        "",
        tcp_stream,
        &context.tls_session_store,
@@ -320,7 +316,6 @@ async fn connect_starttls(
    strict_tls: bool,
    tls_session_store: &TlsSessionStore,
 ) -> Result<Box<dyn SessionBufStream>> {
-    let use_sni = false;
    let tcp_stream = connect_tcp_inner(addr).await?;

    // Run STARTTLS command and convert the client back into a stream.
@@ -332,7 +327,6 @@ async fn connect_starttls(
        strict_tls,
        host,
        addr.port(),
-        use_sni,
        "",
        tcp_stream,
        tls_session_store,
--- a/src/sql.rs
+++ b/src/sql.rs
@@ -2,13 +2,13 @@

 use std::collections::{HashMap, HashSet};
 use std::path::{Path, PathBuf};
-use std::time::Duration;

 use anyhow::{Context as _, Result, bail, ensure};
 use rusqlite::{Connection, OpenFlags, Row, config::DbConfig, types::ValueRef};
 use tokio::sync::RwLock;

 use crate::blob::BlobObject;
+use crate::chat::add_device_msg;
 use crate::config::Config;
 use crate::constants::DC_CHAT_ID_TRASH;
 use crate::context::Context;
@@ -17,11 +17,12 @@ use crate::ephemeral::start_ephemeral_timers;
 use crate::imex::BLOBS_BACKUP_NAME;
 use crate::location::delete_orphaned_poi_locations;
 use crate::log::{LogExt, warn};
-use crate::message::MsgId;
+use crate::message::{Message, MsgId};
 use crate::net::dns::prune_dns_cache;
 use crate::net::http::http_cache_cleanup;
 use crate::net::prune_connection_history;
 use crate::param::{Param, Params};
+use crate::stock_str;
 use crate::tools::{SystemTime, Time, delete_file, time, time_elapsed};

 /// Extension to [`rusqlite::ToSql`] trait
@@ -214,13 +215,26 @@ impl Sql {
        // this should be done before updates that use high-level objects that
        // rely themselves on the low-level structure.

-        let recode_avatar = migrations::run(context, self)
+        // `update_icons` is not used anymore, since it's not necessary anymore to "update" icons:
+        let (_update_icons, disable_server_delete, recode_avatar) = migrations::run(context, self)
            .await
            .context("failed to run migrations")?;

        // (2) updates that require high-level objects
        // the structure is complete now and all objects are usable

+        if disable_server_delete {
+            // We now always watch all folders and delete messages there if delete_server is enabled.
+            // So, for people who have delete_server enabled, disable it and add a hint to the devicechat:
+            if context.get_config_delete_server_after().await?.is_some() {
+                let mut msg = Message::new_text(stock_str::delete_server_turned_off(context).await);
+                add_device_msg(context, None, Some(&mut msg)).await?;
+                context
+                    .set_config_internal(Config::DeleteServerAfter, Some("0"))
+                    .await?;
+            }
+        }
+
        if recode_avatar && let Some(avatar) = context.get_config(Config::Selfavatar).await? {
            let mut blob = BlobObject::from_path(context, Path::new(&avatar))?;
            match blob.recode_to_avatar_size(context).await {
@@ -746,6 +760,7 @@ fn new_connection(path: &Path, passphrase: &str) -> Result<Connection> {
    conn.execute_batch(
        "PRAGMA cipher_memory_security = OFF; -- Too slow on Android
         PRAGMA secure_delete=on;
+         PRAGMA busy_timeout = 0; -- fail immediately
         PRAGMA soft_heap_limit = 8388608; -- 8 MiB limit, same as set in Android SQLiteDatabase.
         PRAGMA foreign_keys=on;
         ",
@@ -758,22 +773,6 @@ fn new_connection(path: &Path, passphrase: &str) -> Result<Connection> {
        conn.pragma_update(None, "temp_store", "memory")?;
    }

-    // Fail immediately when the database is busy,
-    // except for iOS. On iOS we don't have
-    // `accounts.lock` lockfile and the database
-    // is used by two processes:
-    // main process and the notification extension.
-    // Due to a bug they both may run at the same time
-    // and try to write to the database.
-    // As a workaround, we wait up to 1 minute and retry
-    // instead of failing immediately and
-    // possibly missing a message.
-    if cfg!(target_os = "ios") {
-        conn.busy_timeout(Duration::new(60, 0))?;
-    } else {
-        conn.busy_timeout(Duration::ZERO)?;
-    }
-
    if !passphrase.is_empty() {
        conn.pragma_update(None, "key", passphrase)?;
    }
--- a/src/sql/migrations.rs
+++ b/src/sql/migrations.rs
@@ -31,7 +31,7 @@ tokio::task_local! {
    static STOP_MIGRATIONS_AT: i32;
 }

-pub async fn run(context: &Context, sql: &Sql) -> Result<bool> {
+pub async fn run(context: &Context, sql: &Sql) -> Result<(bool, bool, bool)> {
    let mut exists_before_update = false;
    let mut dbversion_before_update = DBVERSION;

@@ -68,6 +68,8 @@ pub async fn run(context: &Context, sql: &Sql) -> Result<bool> {
    }

    let dbversion = dbversion_before_update;
+    let mut update_icons = !exists_before_update;
+    let mut disable_server_delete = false;
    let mut recode_avatar = false;

    if dbversion < 1 {
@@ -297,6 +299,7 @@ CREATE INDEX devmsglabels_index1 ON devmsglabels (label);"#, 59)
            61,
        )
        .await?;
+        update_icons = true;
    }
    if dbversion < 62 {
        sql.execute_migration(
@@ -324,6 +327,7 @@ ALTER TABLE msgs ADD COLUMN ephemeral_timestamp INTEGER DEFAULT 0;"#,
        .await?;
    }
    if dbversion < 66 {
+        update_icons = true;
        sql.set_db_version(66).await?;
    }
    if dbversion < 67 {
@@ -441,6 +445,17 @@ CREATE TABLE imap_sync (folder TEXT PRIMARY KEY, uidvalidity INTEGER DEFAULT 0,
                }
            }
        }
+        if exists_before_update {
+            disable_server_delete = true;
+
+            // Don't disable server delete if it was on by default (Nauta):
+            if let Some(provider) = context.get_configured_provider().await?
+                && let Some(defaults) = &provider.config_defaults
+                && defaults.iter().any(|d| d.key == Config::DeleteServerAfter)
+            {
+                disable_server_delete = false;
+            }
+        }
        sql.set_db_version(73).await?;
    }
    if dbversion < 74 {
@@ -1387,73 +1402,6 @@ CREATE INDEX gossip_timestamp_index ON gossip_timestamp (chat_id, fingerprint);
        .await?;
    }

-    inc_and_check(&mut migration_version, 140)?;
-    if dbversion < migration_version {
-        sql.execute_migration(
-            "
-CREATE TABLE new_imap (
-id INTEGER PRIMARY KEY AUTOINCREMENT,
-transport_id INTEGER NOT NULL, -- ID of the transport in the `transports` table.
-rfc724_mid TEXT NOT NULL, -- Message-ID header
-folder TEXT NOT NULL, -- IMAP folder
-target TEXT NOT NULL, -- Destination folder. Empty string means that the message shall be deleted.
-uid INTEGER NOT NULL, -- UID
-uidvalidity INTEGER NOT NULL,
-UNIQUE (transport_id, folder, uid, uidvalidity)
-) STRICT;
-
-INSERT OR IGNORE INTO new_imap SELECT
-  id, 1, rfc724_mid, folder, target, uid, uidvalidity
-FROM imap;
-DROP TABLE imap;
-ALTER TABLE new_imap RENAME TO imap;
-CREATE INDEX imap_folder ON imap(transport_id, folder);
-CREATE INDEX imap_rfc724_mid ON imap(transport_id, rfc724_mid);
-
-CREATE TABLE new_imap_sync (
-    transport_id INTEGER NOT NULL, -- ID of the transport in the `transports` table.
-    folder TEXT NOT NULL,
-    uidvalidity INTEGER NOT NULL DEFAULT 0,
-    uid_next INTEGER NOT NULL DEFAULT 0,
-    modseq INTEGER NOT NULL DEFAULT 0,
-    UNIQUE (transport_id, folder)
-) STRICT;
-INSERT OR IGNORE INTO new_imap_sync SELECT
-    1, folder, uidvalidity, uid_next, modseq
-FROM imap_sync;
-DROP TABLE imap_sync;
-ALTER TABLE new_imap_sync RENAME TO imap_sync;
-CREATE INDEX imap_sync_index ON imap_sync(transport_id, folder);
-",
-            migration_version,
-        )
-        .await?;
-    }
-
-    inc_and_check(&mut migration_version, 141)?;
-    if dbversion < migration_version {
-        sql.execute_migration(
-            "CREATE INDEX imap_only_rfc724_mid ON imap(rfc724_mid)",
-            migration_version,
-        )
-        .await?;
-    }
-
-    inc_and_check(&mut migration_version, 142)?;
-    if dbversion < migration_version {
-        sql.execute_migration(
-            "ALTER TABLE transports
-             ADD COLUMN add_timestamp INTEGER NOT NULL DEFAULT 0;
-             CREATE TABLE removed_transports (
-                 addr TEXT NOT NULL,
-                 remove_timestamp INTEGER NOT NULL,
-                 UNIQUE(addr)
-             ) STRICT;",
-            migration_version,
-        )
-        .await?;
-    }
-
    let new_version = sql
        .get_raw_config_int(VERSION_CFG)
        .await?
@@ -1468,7 +1416,7 @@ CREATE INDEX imap_sync_index ON imap_sync(transport_id, folder);
    }
    info!(context, "Database version: v{new_version}.");

-    Ok(recode_avatar)
+    Ok((update_icons, disable_server_delete, recode_avatar))
 }

 fn migrate_key_contacts(
--- a/src/sql/sql_tests.rs
+++ b/src/sql/sql_tests.rs
@@ -1,5 +1,4 @@
 use super::*;
-use crate::message::Message;
 use crate::{EventType, test_utils::TestContext};

 #[test]
@@ -180,7 +179,9 @@ async fn test_migration_flags() -> Result<()> {
    // as migrations::run() was already executed on context creation,
    // another call should not result in any action needed.
    // this test catches some bugs where dbversion was forgotten to be persisted.
-    let recode_avatar = migrations::run(&t, &t.sql).await?;
+    let (update_icons, disable_server_delete, recode_avatar) = migrations::run(&t, &t.sql).await?;
+    assert!(!update_icons);
+    assert!(!disable_server_delete);
    assert!(!recode_avatar);

    info!(&t, "test_migration_flags: XXX END MARKER");
--- a/src/stock_str.rs
+++ b/src/stock_str.rs
@@ -13,7 +13,7 @@ use crate::accounts::Accounts;
 use crate::blob::BlobObject;
 use crate::chat::{self, Chat, ChatId};
 use crate::config::Config;
-use crate::contact::{Contact, ContactId};
+use crate::contact::{Contact, ContactId, Origin};
 use crate::context::Context;
 use crate::message::{Message, Viewtype};
 use crate::param::Param;
@@ -155,6 +155,13 @@ pub enum StockMessage {
                    To use the \"Saved messages\" feature again, create a new chat with yourself."))]
    SelfDeletedMsgBody = 91,

+    #[strum(props(
+        fallback = "⚠️ The \"Delete messages from server\" feature now also deletes messages in folders other than Inbox, DeltaChat and Sent.\n\n\
+                    ℹ️ To avoid accidentally deleting messages, we turned it off for you. Please turn it on again at \
+                    Settings → \"Chats and Media\" → \"Delete messages from server\" to continue using it."
+    ))]
+    DeleteServerTurnedOff = 92,
+
    #[strum(props(fallback = "Forwarded"))]
    Forwarded = 97,

@@ -234,6 +241,11 @@ pub enum StockMessage {
    #[strum(props(fallback = "Not connected"))]
    NotConnected = 121,

+    #[strum(props(
+        fallback = "You changed your email address from %1$s to %2$s.\n\nIf you now send a message to a verified group, contacts there will automatically replace the old with your new address.\n\nIt's highly advised to set up your old email provider to forward all emails to your new email address. Otherwise you might miss messages of contacts who did not get your new address yet."
+    ))]
+    AeapExplanationAndLink = 123,
+
    #[strum(props(fallback = "You changed group name from \"%1$s\" to \"%2$s\"."))]
    MsgYouChangedGrpName = 124,

@@ -344,9 +356,22 @@ pub enum StockMessage {
    #[strum(props(fallback = "ℹ️ Account transferred to your second device."))]
    BackupTransferMsgBody = 163,

+    #[strum(props(fallback = "I added member %1$s."))]
+    MsgIAddMember = 164,
+
+    #[strum(props(fallback = "I removed member %1$s."))]
+    MsgIDelMember = 165,
+
+    #[strum(props(fallback = "I left the group."))]
+    MsgILeftGroup = 166,
+
    #[strum(props(fallback = "Messages are end-to-end encrypted."))]
    ChatProtectionEnabled = 170,

+    // deprecated 2025-07
+    #[strum(props(fallback = "%1$s sent a message from another device."))]
+    ChatProtectionDisabled = 171,
+
    #[strum(props(fallback = "Others will only see this group after you sent a first message."))]
    NewGroupSendFirstMessage = 172,

@@ -367,7 +392,7 @@ pub enum StockMessage {
    #[strum(props(fallback = "Member %1$s removed."))]
    MsgDelMember = 178,

-    #[strum(props(fallback = "Establishing connection, please wait…"))]
+    #[strum(props(fallback = "Establishing guaranteed end-to-end encryption, please wait…"))]
    SecurejoinWait = 190,

    #[strum(props(fallback = "❤️ Seems you're enjoying Delta Chat!
@@ -404,10 +429,6 @@ https://delta.chat/donate"))]
    #[strum(props(fallback = "You joined the channel."))]
    MsgYouJoinedBroadcast = 202,

-    #[strum(props(fallback = "%1$s invited you to join this channel.\n\n\
-                             Waiting for the device of %2$s to reply…"))]
-    SecureJoinBroadcastStarted = 203,
-
    #[strum(props(
        fallback = "The attachment contains anonymous usage statistics, which helps us improve Delta Chat. Thank you!"
    ))]
@@ -601,6 +622,25 @@ pub(crate) async fn msg_grp_img_changed(context: &Context, by_contact: ContactId
    }
 }

+/// Stock string: `I added member %1$s.`.
+/// This one is for sending in group chats.
+///
+/// The `added_member_addr` parameter should be an email address and is looked up in the
+/// contacts to combine with the authorized display name.
+pub(crate) async fn msg_add_member_remote(context: &Context, added_member_addr: &str) -> String {
+    let addr = added_member_addr;
+    let whom = &match Contact::lookup_id_by_addr(context, addr, Origin::Unknown).await {
+        Ok(Some(contact_id)) => Contact::get_by_id(context, contact_id)
+            .await
+            .map(|contact| contact.get_authname_or_addr())
+            .unwrap_or_else(|_| addr.to_string()),
+        _ => addr.to_string(),
+    };
+    translated(context, StockMessage::MsgIAddMember)
+        .await
+        .replace1(whom)
+}
+
 /// Stock string: `You added member %1$s.` or `Member %1$s added by %2$s.`.
 ///
 /// The `added_member_addr` parameter should be an email address and is looked up in the
@@ -627,6 +667,24 @@ pub(crate) async fn msg_add_member_local(
    }
 }

+/// Stock string: `I removed member %1$s.`.
+///
+/// The `removed_member_addr` parameter should be an email address and is looked up in
+/// the contacts to combine with the display name.
+pub(crate) async fn msg_del_member_remote(context: &Context, removed_member_addr: &str) -> String {
+    let addr = removed_member_addr;
+    let whom = &match Contact::lookup_id_by_addr(context, addr, Origin::Unknown).await {
+        Ok(Some(contact_id)) => Contact::get_by_id(context, contact_id)
+            .await
+            .map(|contact| contact.get_authname_or_addr())
+            .unwrap_or_else(|_| addr.to_string()),
+        _ => addr.to_string(),
+    };
+    translated(context, StockMessage::MsgIDelMember)
+        .await
+        .replace1(whom)
+}
+
 /// Stock string: `I added member %1$s.` or `Member %1$s removed by %2$s.`.
 ///
 /// The `removed_member_addr` parameter should be an email address and is looked up in
@@ -653,6 +711,11 @@ pub(crate) async fn msg_del_member_local(
    }
 }

+/// Stock string: `I left the group.`.
+pub(crate) async fn msg_group_left_remote(context: &Context) -> String {
+    translated(context, StockMessage::MsgILeftGroup).await
+}
+
 /// Stock string: `You left the group.` or `Group left by %1$s.`.
 pub(crate) async fn msg_group_left_local(context: &Context, by_contact: ContactId) -> String {
    if by_contact == ContactId::SELF {
@@ -674,21 +737,6 @@ pub(crate) async fn msg_you_joined_broadcast(context: &Context) -> String {
    translated(context, StockMessage::MsgYouJoinedBroadcast).await
 }

-/// Stock string: `%1$s invited you to join this channel. Waiting for the device of %2$s to reply…`.
-pub(crate) async fn secure_join_broadcast_started(
-    context: &Context,
-    inviter_contact_id: ContactId,
-) -> String {
-    if let Ok(contact) = Contact::get_by_id(context, inviter_contact_id).await {
-        translated(context, StockMessage::SecureJoinBroadcastStarted)
-            .await
-            .replace1(contact.get_display_name())
-            .replace2(contact.get_display_name())
-    } else {
-        format!("secure_join_started: unknown contact {inviter_contact_id}")
-    }
-}
-
 /// Stock string: `You reacted %1$s to "%2$s"` or `%1$s reacted %2$s to "%3$s"`.
 pub(crate) async fn msg_reacted(
    context: &Context,
@@ -763,7 +811,7 @@ pub(crate) async fn secure_join_replies(context: &Context, contact_id: ContactId
        .replace1(&contact_id.get_stock_name(context).await)
 }

-/// Stock string: `Establishing connection, please wait…`.
+/// Stock string: `Establishing guaranteed end-to-end encryption, please wait…`.
 pub(crate) async fn securejoin_wait(context: &Context) -> String {
    translated(context, StockMessage::SecurejoinWait).await
 }
@@ -1034,6 +1082,11 @@ pub(crate) async fn self_deleted_msg_body(context: &Context) -> String {
    translated(context, StockMessage::SelfDeletedMsgBody).await
 }

+/// Stock string: `⚠️ The "Delete messages from server" feature now also...`.
+pub(crate) async fn delete_server_turned_off(context: &Context) -> String {
+    translated(context, StockMessage::DeleteServerTurnedOff).await
+}
+
 /// Stock string: `Message deletion timer is set to %1$s minutes.`.
 pub(crate) async fn msg_ephemeral_timer_minutes(
    context: &Context,
@@ -1221,6 +1274,17 @@ pub(crate) async fn stats_msg_body(context: &Context) -> String {
    translated(context, StockMessage::StatsMsgBody).await
 }

+pub(crate) async fn aeap_explanation_and_link(
+    context: &Context,
+    old_addr: &str,
+    new_addr: &str,
+) -> String {
+    translated(context, StockMessage::AeapExplanationAndLink)
+        .await
+        .replace1(old_addr)
+        .replace2(new_addr)
+}
+
 /// Stock string: `Others will only see this group after you sent a first message.`.
 pub(crate) async fn new_group_send_first_message(context: &Context) -> String {
    translated(context, StockMessage::NewGroupSendFirstMessage).await
--- a/src/stock_str/stock_str_tests.rs
+++ b/src/stock_str/stock_str_tests.rs
@@ -75,6 +75,10 @@ async fn test_stock_system_msg_add_member_by_me() {
    let alice_contact_id = Contact::create(&t, "Alice", "alice@example.org")
        .await
        .expect("failed to create contact");
+    assert_eq!(
+        msg_add_member_remote(&t, "alice@example.org").await,
+        "I added member alice@example.org."
+    );
    assert_eq!(
        msg_add_member_local(&t, alice_contact_id, ContactId::SELF).await,
        "You added member Alice."
@@ -87,6 +91,10 @@ async fn test_stock_system_msg_add_member_by_me_with_displayname() {
    let alice_contact_id = Contact::create(&t, "Alice", "alice@example.org")
        .await
        .expect("failed to create contact");
+    assert_eq!(
+        msg_add_member_remote(&t, "alice@example.org").await,
+        "I added member alice@example.org."
+    );
    assert_eq!(
        msg_add_member_local(&t, alice_contact_id, ContactId::SELF).await,
        "You added member Alice."
--- a/src/storage_usage.rs
+++ b/src/storage_usage.rs
@@ -1,109 +0,0 @@
-//! Module to collect and display Disk Space Usage of a Profile.
-use crate::{context::Context, message::MsgId};
-use anyhow::Result;
-use humansize::{BINARY, format_size};
-
-/// Storage Usage Report
-/// Useful for debugging space usage problems in the deltachat database.
-#[derive(Debug)]
-pub struct StorageUsage {
-    /// Total database size, subtract this from the backup size to estimate size of all blobs
-    pub db_size: usize,
-    /// size and row count of the 10 biggest tables
-    pub largest_tables: Vec<(String, usize, Option<usize>)>,
-    /// count and total size of status updates
-    /// for the 10 webxdc apps with the most size usage in status updates
-    pub largest_webxdc_data: Vec<(MsgId, usize, usize)>,
-}
-
-impl std::fmt::Display for StorageUsage {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        writeln!(f, "Storage Usage:")?;
-        let human_db_size = format_size(self.db_size, BINARY);
-        writeln!(f, "[Database Size]: {human_db_size}")?;
-        writeln!(f, "[Largest Tables]:")?;
-        for (name, size, row_count) in &self.largest_tables {
-            let human_table_size = format_size(*size, BINARY);
-            writeln!(
-                f,
-                "   {name:<20} {human_table_size:>10}, {row_count:>6} rows",
-                name = format!("{name}:"),
-                row_count = row_count.map(|c| c.to_string()).unwrap_or("?".to_owned())
-            )?;
-        }
-        writeln!(f, "[Webxdc With Biggest Status Update Space Usage]:")?;
-        for (msg_id, size, update_count) in &self.largest_webxdc_data {
-            let human_size = format_size(*size, BINARY);
-            writeln!(
-                f,
-                "   {msg_id:<8} {human_size:>10} across {update_count:>5} updates",
-                msg_id = format!("{msg_id}:")
-            )?;
-        }
-        Ok(())
-    }
-}
-
-/// Get storage usage information for the Context's database
-pub async fn get_storage_usage(ctx: &Context) -> Result<StorageUsage> {
-    let page_size: usize = ctx
-        .sql
-        .query_get_value("PRAGMA page_size", ())
-        .await?
-        .unwrap_or_default();
-    let page_count: usize = ctx
-        .sql
-        .query_get_value("PRAGMA page_count", ())
-        .await?
-        .unwrap_or_default();
-
-    let mut largest_tables = ctx
-        .sql
-        .query_map_vec(
-            "SELECT name,
-                SUM(pgsize) AS size
-                FROM dbstat
-                WHERE name IN (SELECT name FROM sqlite_master WHERE type='table')
-                GROUP BY name ORDER BY size DESC LIMIT 10",
-            (),
-            |row| {
-                let name: String = row.get(0)?;
-                let size: usize = row.get(1)?;
-                Ok((name, size, None))
-            },
-        )
-        .await?;
-
-    for row in &mut largest_tables {
-        let name = &row.0;
-        let row_count: Result<Option<usize>> = ctx
-            .sql
-            // SECURITY: the table name comes from the db, not from the user
-            .query_get_value(&format!("SELECT COUNT(*) FROM {name}"), ())
-            .await;
-        row.2 = row_count.unwrap_or_default();
-    }
-
-    let largest_webxdc_data = ctx
-        .sql
-        .query_map_vec(
-            "SELECT msg_id, SUM(length(update_item)) as size, COUNT(*) as update_count
-                 FROM msgs_status_updates
-                 GROUP BY msg_id ORDER BY size DESC LIMIT 10",
-            (),
-            |row| {
-                let msg_id: MsgId = row.get(0)?;
-                let size: usize = row.get(1)?;
-                let count: usize = row.get(2)?;
-
-                Ok((msg_id, size, count))
-            },
-        )
-        .await?;
-
-    Ok(StorageUsage {
-        db_size: page_size * page_count,
-        largest_tables,
-        largest_webxdc_data,
-    })
-}
--- a/src/sync.rs
+++ b/src/sync.rs
@@ -9,15 +9,14 @@ use crate::config::Config;
 use crate::constants::Blocked;
 use crate::contact::ContactId;
 use crate::context::Context;
-use crate::log::{LogExt as _, warn};
-use crate::login_param::EnteredLoginParam;
+use crate::log::LogExt;
+use crate::log::warn;
 use crate::message::{Message, MsgId, Viewtype};
 use crate::mimeparser::SystemMessage;
 use crate::param::Param;
 use crate::sync::SyncData::{AddQrToken, AlterChat, DeleteQrToken};
 use crate::token::Namespace;
 use crate::tools::time;
-use crate::transport::{ConfiguredLoginParamJson, sync_transports};
 use crate::{message, stock_str, token};
 use std::collections::HashSet;

@@ -53,29 +52,6 @@ pub(crate) struct QrTokenData {
    pub(crate) grpid: Option<String>,
 }

-#[derive(Debug, Serialize, Deserialize)]
-pub(crate) struct TransportData {
-    /// Configured login parameters.
-    pub(crate) configured: ConfiguredLoginParamJson,
-
-    /// Login parameters entered by the user.
-    ///
-    /// They can be used to reconfigure the transport.
-    pub(crate) entered: EnteredLoginParam,
-
-    /// Timestamp of when the transport was last time (re)configured.
-    pub(crate) timestamp: i64,
-}
-
-#[derive(Debug, Serialize, Deserialize)]
-pub(crate) struct RemovedTransportData {
-    /// Address of the removed transport.
-    pub(crate) addr: String,
-
-    /// Timestamp of when the transport was removed.
-    pub(crate) timestamp: i64,
-}
-
 #[derive(Debug, Serialize, Deserialize)]
 pub(crate) enum SyncData {
    AddQrToken(QrTokenData),
@@ -95,28 +71,6 @@ pub(crate) enum SyncData {
    DeleteMessages {
        msgs: Vec<String>, // RFC724 id (i.e. "Message-Id" header)
    },
-
-    /// Update transport configuration.
-    ///
-    /// This message contains a list of all added transports
-    /// together with their addition timestamp,
-    /// and all removed transports together with
-    /// the removal timestamp.
-    ///
-    /// In case of a tie, addition and removal timestamps
-    /// being the same, removal wins.
-    /// It is more likely that transport is added
-    /// and then removed within a second,
-    /// but unlikely the other way round
-    /// as adding new transport takes time
-    /// to run configuration.
-    Transports {
-        /// Active transports.
-        transports: Vec<TransportData>,
-
-        /// Removed transports with the timestamp of removal.
-        removed_transports: Vec<RemovedTransportData>,
-    },
 }

 #[derive(Debug, Serialize, Deserialize)]
@@ -320,10 +274,6 @@ impl Context {
                    SyncData::Config { key, val } => self.sync_config(key, val).await,
                    SyncData::SaveMessage { src, dest } => self.save_message(src, dest).await,
                    SyncData::DeleteMessages { msgs } => self.sync_message_deletion(msgs).await,
-                    SyncData::Transports {
-                        transports,
-                        removed_transports,
-                    } => sync_transports(self, transports, removed_transports).await,
                },
                SyncDataOrUnknown::Unknown(data) => {
                    warn!(self, "Ignored unknown sync item: {data}.");
--- a/src/test_utils.rs
+++ b/src/test_utils.rs
@@ -33,7 +33,6 @@ use crate::context::Context;
 use crate::events::{Event, EventEmitter, EventType, Events};
 use crate::key::{self, DcKey, DcSecretKey, self_fingerprint};
 use crate::log::warn;
-use crate::login_param::EnteredLoginParam;
 use crate::message::{Message, MessageState, MsgId, update_msg_state};
 use crate::mimeparser::{MimeMessage, SystemMessage};
 use crate::pgp::KeyPair;
@@ -201,18 +200,6 @@ impl TestContextManager {
            "{} changes her self address and reconfigures",
            test_context.name()
        ));
-
-        // Insert a transport for the new address.
-        test_context.sql
-          .execute(
-            "INSERT OR IGNORE INTO transports (addr, entered_param, configured_param) VALUES (?, ?, ?)",
-               (
-                   new_addr,
-                   serde_json::to_string(&EnteredLoginParam::default()).unwrap(),
-                   format!(r#"{{"addr":"{new_addr}","imap":[],"imap_user":"","imap_password":"","smtp":[],"smtp_user":"","smtp_password":"","certificate_checks":"Automatic","oauth2":false}}"#)
-              ),
-          ).await.unwrap();
-
        test_context.set_primary_self_addr(new_addr).await.unwrap();
        // ensure_secret_key_exists() is called during configure
        crate::e2ee::ensure_secret_key_exists(test_context)
@@ -600,7 +587,7 @@ impl TestContext {
        self.ctx
            .set_config(Config::ConfiguredAddr, Some(addr))
            .await
-            .expect("Failed to configure address");
+            .unwrap();

        if let Some(name) = addr.split('@').next() {
            self.set_name(name);
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
link2xt	6162fc1bc5	move pthreads to buildInputs	2025-11-17 09:42:30 +00:00
link2xt	1b572361f5	build(nix): nix flake update nixpkgs	2025-11-17 09:21:21 +00:00
link2xt	8f99cf810f	build(nix): move pthreads to nativeBuildInputs for windows builds	2025-11-17 08:32:03 +00:00
link2xt	da3d35e3ff	build(nix): nix flake update nixpkgs --override-input nixpkgs github:nixos/nixpkgs/6b076a71fad8106e7ef8910a1ecf46dea6c003d6	2025-11-16 19:25:24 +00:00
link2xt	83529099b4	build(nix): run `nix flake update fenix`	2025-11-16 15:29:51 +00:00
@@ -1 +1 @@
 -12-04
 -11-16