Yahoomail
Download
Download Mailwasher from: http://www.mailwasher.net
Mailwasher manual
Mailwasher manual can be found from this address: https://bit.ly/2HODjcG
Quick tips and tricks: https://bit.ly/2C8uZ6I
Quick tips and tricks: https://bit.ly/2C8uZ6I
Accounts
Email Account Settings
First go to Settings > Accounts and click Add Email Account. Then write your Account Description which in this case is Yahoomail. To Email Address field enter your own E-mail Address
Include in default main check: check
Include in default main check: check
IMAP and POP are two different protocols. There are many differences between these two. The main difference is that IMAP(Internet Messaged Access Protocol) always syncs with mail server so that any changes you make in your mail client (Mailwasher) will instantly appear on your webmail inbox.
Here is some additional information between these two protocols:
http://www.makeuseof.com/tag/pop-vs-imap
Here is some additional information between these two protocols:
http://www.makeuseof.com/tag/pop-vs-imap
Incoming settings - IMAP
If you want to use IMAP settings then follow these instructions
First click on Incoming - tab and enter data seen below.
Server Type: IMAP
Server address: imap.mail.yahoo.com
Username: Your Yahoomail username
Password: Custom 16 digit password made in Yahoo Mail Account Security. *
Remember password: check
Server Port Number: 993
This server requires a secure connection (SSL): check
Use OAUTH: uncheck **
Download read e-mails: uncheck
Move deleted messages into folder: Trash
* More information in "Making Yahoo to work with Mailwasher"
** OAUTH is a security method Yahoo uses to allow third party programs to connect to their mail servers (outdated).
First click on Incoming - tab and enter data seen below.
Server Type: IMAP
Server address: imap.mail.yahoo.com
Username: Your Yahoomail username
Password: Custom 16 digit password made in Yahoo Mail Account Security. *
Remember password: check
Server Port Number: 993
This server requires a secure connection (SSL): check
Use OAUTH: uncheck **
Download read e-mails: uncheck
Move deleted messages into folder: Trash
* More information in "Making Yahoo to work with Mailwasher"
** OAUTH is a security method Yahoo uses to allow third party programs to connect to their mail servers (outdated).
Outgoing settings - IMAP
Next click on Outgoing and enter data seen below.
SMTP server address: smtp.mail.yahoo.com
Server Port Number: 465
SMTP server requires authentication: check
Use same settings as my incoming mail server: check
Secure connection: TLS
SMTP server address: smtp.mail.yahoo.com
Server Port Number: 465
SMTP server requires authentication: check
Use same settings as my incoming mail server: check
Secure connection: TLS
Folders - IMAP
Next click on IMAP and select folders to be checked for spam
Bulk Mail is the main folder for Yahoomail spam
For some reason you cannot uncheck Inbox which is a quite a flaw. Especially when you have many unread
messages in inbox.
Bulk Mail is the main folder for Yahoomail spam
For some reason you cannot uncheck Inbox which is a quite a flaw. Especially when you have many unread
messages in inbox.
More info
Incoming settings - POP3
If you want to use POP settings then follow these instructions
Server Type: POP3
Server address: pop.mail.yahoo.com
Username: Your yahoomail username
Password: Custom 16 digit password made in Yahoo Mail Account Security. *
Remember password: check
Store cached emails: check
Server Port Number: 995
This server requires a secure connection (SSL): check
Use secure authentication: check
Use RETR instead of TOP: uncheck
Use OAUTH: uncheck **
Pipelining: Enable for checking and deleting mail
* More information in "Making Yahoo to work with Mailwasher"
** OAUTH is a security method Yahoo uses to allow third party programs to connect to their mail servers (outdated).
Server Type: POP3
Server address: pop.mail.yahoo.com
Username: Your yahoomail username
Password: Custom 16 digit password made in Yahoo Mail Account Security. *
Remember password: check
Store cached emails: check
Server Port Number: 995
This server requires a secure connection (SSL): check
Use secure authentication: check
Use RETR instead of TOP: uncheck
Use OAUTH: uncheck **
Pipelining: Enable for checking and deleting mail
* More information in "Making Yahoo to work with Mailwasher"
** OAUTH is a security method Yahoo uses to allow third party programs to connect to their mail servers (outdated).
Outgoing settings - POP3
Next click on Outgoing and enter data seen below.
SMTP server address: smtp.mail.yahoo.com
Server Port Number: 465
SMTP server requires authentication: check
Use same settings as my incoming mail server: check
Secure connection: TLS
SMTP server address: smtp.mail.yahoo.com
Server Port Number: 465
SMTP server requires authentication: check
Use same settings as my incoming mail server: check
Secure connection: TLS
More info
You can check Yahoo mail POP3 settings from:
https://help.yahoo.com/kb/SLN4724.html
https://help.yahoo.com/kb/SLN4724.html
Alternative settings
Here you can find alternative settings for your mail account.
Making Yahoo to work with Mailwasher
If OAUTH method doesn't work you need to change settings in Yahoomail.
Account info
Click on person icon on top right corner and then click Account Info.
Go to Account Security and click on "Manage app passwords".
Click on "Select your app". Choose Other app. Enter name for your application which is Mailwasher. Click on generate.
Copy the password to clipboard and paste it into password field in Mailwasher. You should also write it down to a text file for safekeeping. Click on Done.
Spam tools
Origin of Spam
Go to Spam Tools > Origin of Spam
Fill in these fields:
1. Server name: SpamCop
2. Server address: bl.spamcop.net
3. Click Add
1. Server name: Spamhaus
2. Server address: zen.spamhaus.org
3. Click Add
1. Server name: The CBL
2. Server address: cbl.abuseat.org
3. Click Add
Fill in these fields:
1. Server name: SpamCop
2. Server address: bl.spamcop.net
3. Click Add
1. Server name: Spamhaus
2. Server address: zen.spamhaus.org
3. Click Add
1. Server name: The CBL
2. Server address: cbl.abuseat.org
3. Click Add
Spam Reporting
Go to Spam Tools > Spam Reporting
Click on Add Service
Click on Add Service
APWG
1. Service name: APWG
2. Email to: [email protected]
3. Email content: empty
4. Send report via: Yahoomail
5. Choose Icon color, Text colour and letter for Service
Cyber Top Cops
1. Service name: Cyber Top Cops
2. Email to: [email protected]
3. Email content: empty
4. Send report via: Yahoomail
5. Choose Icon color, Text colour and letter for Service
Knujon
Service has been shut down, more information here
Phistank
1. Service name: Phistank
2. Email to: [email protected]
3. Email content: empty
4. Send report via: Yahoomail
5. Choose Icon color, Text colour and letter for Service
SpamCop
1. Service name: SpamCop
2. Email to: You need to register your email address at here
You receive your password to your email
Login to Spamcop with your email and password
Click on Report Spam. Copy the line after "Forward your spam to:"
(it contains your unique spamcopid).
Email to - field should be in form of: submit.spamcopid@spam.spamcop.net
3. Email content: empty
4. Send report via: Yahoomail
5. Choose Icon color, Text colour and letter for Service
1. Service name: APWG
2. Email to: [email protected]
3. Email content: empty
4. Send report via: Yahoomail
5. Choose Icon color, Text colour and letter for Service
Cyber Top Cops
1. Service name: Cyber Top Cops
2. Email to: [email protected]
3. Email content: empty
4. Send report via: Yahoomail
5. Choose Icon color, Text colour and letter for Service
Knujon
Service has been shut down, more information here
Phistank
1. Service name: Phistank
2. Email to: [email protected]
3. Email content: empty
4. Send report via: Yahoomail
5. Choose Icon color, Text colour and letter for Service
SpamCop
1. Service name: SpamCop
2. Email to: You need to register your email address at here
You receive your password to your email
Login to Spamcop with your email and password
Click on Report Spam. Copy the line after "Forward your spam to:"
(it contains your unique spamcopid).
Email to - field should be in form of: submit.spamcopid@spam.spamcop.net
3. Email content: empty
4. Send report via: Yahoomail
5. Choose Icon color, Text colour and letter for Service
Available services
Go to this address for more available spam reporting services. Caution is advised with new services.
Service settings view
Main Window
Click on Check Mail. Mailwasher lists all messages from Inbox, Spam folder and other folders you have selected. It would be useful to only list spam folder. :/ If Mailwasher Event Log shows error(s), the Mailwasher settings must be wrong some way. The other possibilities are that the service provider has some problems or Yahoomail account has wrong settings that causes to block your request(s).
Login Failure / Success in Eventlog.
Spam reporting
In order to report spam you need to click on every square side by side Spam messages. To fasten this process you can press shift and select first and last row and click on all the squares. This enables Mailwasher to send Spam Report to all services.
Sorting
You can sort emails by pressing columns above the email messages. One useful tip is to sort e-mails with "From Email" to check if there are duplicates of spam senders. If so you can block those addresses in Yahoo Mail.
Options
You can Mark messages as good or spam. If message is set to spam, it's color is red. Otherwise the message is set to green meaning good. You can also mark messages for the blacklist / friend list so next time you wash mail they follow to right criteria. You can bounce messages back to sender, although it is a controversial subject.
Blacklist
The Blacklist tab gives you an easy way to banish spammers from your inbox, as it is an effective tool against email from mailing lists that you may have unwittingly signed up for (or been submitted to), from companies who take no notice of your unsubscribe requests. If you right click on a spam message there is also an option to add domain(s) to blacklist.
If you want to work with MWP.db3 - file, you need to add emails / domains to blacklist.
If you want to work with MWP.db3 - file, you need to add emails / domains to blacklist.
Ordering spam
You can order the spam by right-clicking on messages.
Washing mail
After you have done everything click on Wash Mail. Just remember to double check
that all messages are in correct criteria.
that all messages are in correct criteria.
Recycle Bin
MailWasher keeps a copy of each deleted email in the recycle bin so you can search, view and restore email. To view the Recycle Bin click the Recycle Bin tab or use the keyboard command of [Ctrl] + [R]. By default, deleted emails are shown using todays date. More >>
Spamcop Autoresponder
After you have washed mail, you should receive SpamCop Autoresponder mail(s) to your inbox. Then you can finish reports by clicking one link at time from the list send by SpamCop. Go to the bottom of the page that pops up and click on the Send Spam Report(s) now. Remember to check that the message is really spam first. Repeat this process until you have gone through all the links in the list. This is quite laborious but I guess it is worth while to complete your reports. If you want you can put something like this in the additional notes:
To whom it may concern, Please stop these spammers from emailing me.
their subject line keeps changing.
The originating server and email address changes making it impossible to filter.
I did not opt into this and their opt out link does not work.
Please cease this spam activity.
Sincerely, Your First name
Although Please stop this spammer might be adequate as well as no comment at all.
their subject line keeps changing.
The originating server and email address changes making it impossible to filter.
I did not opt into this and their opt out link does not work.
Please cease this spam activity.
Sincerely, Your First name
Although Please stop this spammer might be adequate as well as no comment at all.
Blocking addresses in Yahoomail
Basic version
First select settings from drop-down menu and click Go.
Then click on Blocked addresses. Next enter spammers email-address to input field and click on Add. If the address is already there it wont be allowed to add. The blocking is kind a sketchy in my opinion. You can't add domains anymore and there are no option for regular expressions.
New version
First go to settings by clicking gear icon on top right corner. Then click on More Settings.
First click on Security and privacy on left. Then block spam messages by clicking Add button. Unfortunately domains can't be blocked. Be careful when opening spam messages because they might have tracking links. Spammer may know that you opened the mail by only the images you loaded.
https://en.wikipedia.org/wiki/Email_tracking
https://en.wikipedia.org/wiki/Email_tracking
Reporting abusive IP
You can report abusive IP's in https://www.abuseipdb.com/report . It is a useful tool, especially if you register to this service. Be aware that they log your IP when reporting a case unless you register to this service. You should also consider private profile if willing to sign up. Don't put any personal information to comment section.
Reporting a list of abusive IP's all at once
sqlite.zip | |
File Size: | 519 kb |
File Type: | zip |
You can download the file above that consist of all the files needed for this tutorial apart from MWP.db3 - file. IP's in this tutorial have been anonymized. Safecopy is always advised. For the MWP.db3 - file you can use both relational or non-relational locations. Relational location means relativity to current position in folder structure (which is symbolized with one or two dot). For instance if you want to refer to a file named MWP.db3 in a sub-folder named test you have to enter ./test/MWP.db3 If you want to refer to the file in a parent folder you have to enter ../MWP.db3 instead.
Locations
You can report a whole bunch of IP's using CSV - format. First we start by downloading Sqlite from https://www.sqlite.org/download.html or by using the files from sqlite.zip. The file you are looking for is: sqlite-tools-win32-x86-version.zip (if you are using this, you need to make the subfolders by yourself). Unzip the file(s) to a folder of your choice. You need a copy of the MWP.db3 - file to access the database. The file must be copied to database - subfolder every time prior export unless you are using db3 files real location (as stated in tutorial "Browsing Mailwasher database file"). You need to make csv - subfolder for csv file. csv- file will be exported there after running init.bat. At the main folder you need to have init.bat, query.sql and sqlite3.exe. For the data files you can also use non-relational locations. For the MWP.db3 - file the location should be:
"c:/Users/username/Appdata/Roaming/Firetrust/Mailwasher/cache/MWP.db3" where Username is your Windows username
(don't forget quotation marks if username got spaces) and for the csv - file you can choose the folder you want (folder has to be made first).
"c:/Users/username/Appdata/Roaming/Firetrust/Mailwasher/cache/MWP.db3" where Username is your Windows username
(don't forget quotation marks if username got spaces) and for the csv - file you can choose the folder you want (folder has to be made first).
Creating .bat - file
Create a file called init.bat (in the same directory you installed Sqlite) in which you enter this text (with default settings):
sqlite3 -header -csv ./database/MWP.db3 < query.sql > ./csv/iplist.csv
You can edit init.bat prior export if you want to change the file name of iplist.csv (for instance iplist[number].csv) or the location of db3 file. Save as init.bat (which is basically a script file that consist of commands to be executed as a series).
Here is some information about the workflow we are following.
sqlite3 -header -csv ./database/MWP.db3 < query.sql > ./csv/iplist.csv
You can edit init.bat prior export if you want to change the file name of iplist.csv (for instance iplist[number].csv) or the location of db3 file. Save as init.bat (which is basically a script file that consist of commands to be executed as a series).
Here is some information about the workflow we are following.
Creating query (.sql) - file
Query file consists of SELECT - statement that we need for creating csv - file. With AS - syntax you can change table names which is needed for correct representation (don't rename those). But you can change values for Categories - table. Simply edit query.sql from "category1,category2,etc" AS Categories by changing category-numbers. Here are the categories you can choose from.The drawback is that once you run the script the categories are all the same at every row. Same goes for Comment table.
With Idx - value you can choose where your query starts from, for instance if your previous query ended up with idx - value 1001 so next time you are using the script, the correct condition should be: WHERE idx > 1001. If you want to start exactly from index number 1 you have to enter idx >= 1. The isspam field seems to have no use since it can have either 1 or 2 on same IP address. You can check index - numbers by opening MWP.db3 file with DB Browser for SQLite. Go to Browse Data, select table rblcache and sort the list by clicking on idx - header.
With Idx - value you can choose where your query starts from, for instance if your previous query ended up with idx - value 1001 so next time you are using the script, the correct condition should be: WHERE idx > 1001. If you want to start exactly from index number 1 you have to enter idx >= 1. The isspam field seems to have no use since it can have either 1 or 2 on same IP address. You can check index - numbers by opening MWP.db3 file with DB Browser for SQLite. Go to Browse Data, select table rblcache and sort the list by clicking on idx - header.
Here is the query in text presentation:
SELECT ipaddr AS IP, "7,11" AS Categories, created_date AS ReportDate, "" AS Comment
FROM rblcache WHERE idx >= 1 AND hits == 1 GROUP BY ipaddr
SELECT ipaddr AS IP, "7,11" AS Categories, created_date AS ReportDate, "" AS Comment
FROM rblcache WHERE idx >= 1 AND hits == 1 GROUP BY ipaddr
Running the Script
Before you run the script, you should check with InfobyIP that there aren't any friendly IP's on the list. More info on tutorial "Checking IP Source". If you find any, you should note down those addresses and remove them from csv- file after exporting and editing. Easiest way to prevent this is by reading all unread mails in your inbox prior mailwash (don't open possible spam messages). Now doubleclick init.bat.
The iplist.csv is generated into csv - subfolder. Open it with Notepad++. If you want you can or order the list by clicking Edit > Line Operations > Sort Lines As Integers Ascending (it is not required). If ordering adds one empty row on the top, you have to remove it.
Now the list is ready. You can add comments inside quotation marks for individual IP addresses. It is not required. You can also change category values for individual IP addresses as well.
In order to use AbuseIPDP's Bulk Reporter you need to register to their service. You should consider a bit anonymous username and name as well as a private profile if willing to sign up. Now login to service.
Click on Bulk Reporter on top of the site. Choose your iplist[number].csv file and click on Upload.
Browsing Mailwasher database file
If you want to browse the data that Mailwasher stores to a database file you need first DB Browser for SQLite. Install the program and open it. The file you are looking for is MWP.db3 and It is usually in this folder: C:\Users\Username\Appdata\Roaming\Firetrust\Mailwasher\cache\MWP.db3 where username is your own Windows username. If you have trouble finding this folder you need to enable "Show hidden files" in Windows. More information here.
After opening the file go to Browse Data and select table blacklist. It shows blacklisted addresses Mailwasher has stored during cleanups. You can filter the results for instance by typing @a in emailaddress - field so it lists all email addresses that have "a" after at sign. You should only browse the data not to alter it. Making a safecopy is recommended (in safecopy subfolder) as well as not to run it when Mailwasher is turned on.
After opening the file go to Browse Data and select table blacklist. It shows blacklisted addresses Mailwasher has stored during cleanups. You can filter the results for instance by typing @a in emailaddress - field so it lists all email addresses that have "a" after at sign. You should only browse the data not to alter it. Making a safecopy is recommended (in safecopy subfolder) as well as not to run it when Mailwasher is turned on.
The amount of blacklisted items depends on the settings of Mailwasher. Go to Settings > Spam Tools > Blacklist > Options. Select the amount of days before data gets expired.
Exporting mail data to a text file
First click on idx - field and make sure the index numbers increase downwards. Then select emailaddresses that you haven't copied before. Click right mouse button and select copy (or press ctrl + c).
After that paste all fields to Notepad++ and choose a name for the file (for example blacklist.txt / unrefined.txt) and save it.
General info about editing with Notepad++
In order to make structural changes in a document the marker must first be set in the start of the document. The Search Mode must be set to Normal or Regular expression depending on case when using Search > Replace - tool. Whole process on both examples can be done with single macro per each. Download Notepad++ from here.
Editing blacklisted domains
Skip this if you haven't added domains to blacklist. If you have added domains to blacklist during wash, the emailaddress - field has
[\w?.""-@]+ - prefix which have no use. Click on Search > Replace on toolbar (or press ctrl + h) and set Search Mode to normal. Remove the front part of the address by typing [\w?.""-@]+@ in find what field and leave the replace with field empty. After that click on Replace All. Only domain address has use later on. Continue to refining.
[\w?.""-@]+ - prefix which have no use. Click on Search > Replace on toolbar (or press ctrl + h) and set Search Mode to normal. Remove the front part of the address by typing [\w?.""-@]+@ in find what field and leave the replace with field empty. After that click on Replace All. Only domain address has use later on. Continue to refining.
Refining
As you can see the addresses are not so refined so you need to fix it. Click on Search > Replace on toolbar (or press ctrl + h). Set search mode to Normal. In find what type: \ and leave replace with field empty. After that click Replace All. Next in Find what type: " and leave replace with field empty. After that click Replace All. You can use macros to fasten this process.
Now you have a working list. You can add more addresses using this way to a temporary txt file like unrefined.txt, clean the structure and then paste those addresses to blacklist.txt. You can sort the list by clicking on edit > line operations > sort lines lexigographically ascending.
If you want to play with regular expressions, you can trim the addresses to domains only. First make a copy of the file. Then go to Search > Replace. Set Search mode to Regular expression. In Find what type: .+(\@) and leave replace with field empty after that click on Replace all. You can sort the list again as instructed above. This is useful if you want to block domains that have multiple instances on the list.
Making a Macro in a nutshell
First click on Macro > Start Recording on Toolbar. Make changes such as replace a value and other structural fixes. Keep it simple and use keybindings like Ctrl + H. Try not to do changes by hand if possible. After you have done all the changes click on Macro > Stop Recording. Then click on Macro > Save Current Recorded Macro. Enter a name for the Macro and click OK. Now when you click on Macro on Toolbar there is the Macro you saved. Simply click on it and it makes the changes automatically.
Checking IP Source
If you want to check where IP - addresses originate, first open database and select table rblcache. As you can see in this example IP - addresses have been anonymized and they are not in chronological order in real database (if idx - value selected). Screenshots were simply easier to make this way. Mailwasher keeps track of two latest cleanups.
First click on idx - field and make sure the index numbers increase downwards. Then select IP - addresses that you haven't copied before. Click right mouse button and select copy (or press ctrl + c). You may order the list with other values such as created_date or ipaddr if you find it more practical.
Paste the IP - addresses to Notepad++.
Remove quotation marks by typing " in find what field and leave replace with field empty. Then click Replace All. Remember to set the marker on the start of the document in order the replace to work.
Now you have too many occurrences of same IP's.
Go to Search > Replace. Set Search mode to Regular expression. In find what type: ^(.*?)$\s+?^(?=.*^\1$) and leave replace with field empty. Remember to check . matches newline. After that click on Replace All. Macros are useful for this task as well.
Now you have a valid list of IP's. If the list is unordered you may order it by clicking on edit > line operations > Sort Lines As Integers Ascending. After that copy them to clipboard.
Paste the addresses to a input field in InfobyIP and click on Lookup.
Now you get list of IP's whereabouts. Some additional IP's have been added to the list. You can check maximum 100 IP's per query. If you ctrl + click on an IP there is an option to check if the IP is listed on Spamhaus or Stopforumspam. Some IP's may not be spam. There are other services similar to InfobyIP. Just search "bulk ip lookup" with Google.
IP reporting statistics
Epilogue
Thank you, please come again.
I take no responsibility of using this manual.
I take no responsibility of using this manual.
Image copyright Matt Groening © and Wikipedia