Version 5.6 Build 450.7
SPECIAL NOTES ABOUT THIS UPDATE:
- IMPORTANT: If you are upgrading from Wildcat! v5.4 or less, please
read the change history in AUP v5.5.450.2. A few conversion steps
much be performed before running this new update as outlined in
the 450.2 Special Notes. The Wildcat! server will also inform
you of this required conversion if it not done.
- IMPORTANT: If you are upgrading from Wildcat! v5.5.450.2, please read
the change history in AUP v5.6.450.3. In AUP 450.3, new optional
internet security features (SSL and SASL) were added and WCCONFIG
components related to Mail Operations was reorganized and consolidated
under one section called "Mail Server."
- If you have the add-on product "Wildcat! List Server", it will
automatically perform a conversion the first time you run the
new wcListServeSetup.exe configuration utility.
- In this v5.6.450.7 update, we concentrated on many enhancments and
and fixes, especially in regards to the Internet Email system. Much
emphasis was placed on addressing SPAM mail with the enhancements to
the Wildcat! SMTP SMTPFILTER wcBASIC hook system. The FTP server
has many new extended support features. Many enhancements and new
SDK/WCBASIC features were added. It is now possible for 3rd party
developers to write remote WEB configuration features using wcBASIC.
Changes, Fixes, New Features and Enhancements by Wildcat! Component
WCSERVER (Wildcat! Server)
- Minor change to UpdateFileRec() when renaming a file. If the record
exist for renaming, the original file does not exist but the new file
exist, then it will check for the old file before it internally
renames the file. This helps the situation when a file is named
externally and the sysop uses the File Manager to correct the record
file name. With this change, the new file name was deleted.
- Enhanced the Configuration Login client session to check for WCX access by
remote client IP address. This augments the new ability for wcBASIC WCX
applications to perform configuration operations. See the new WCCONFIG |
System Securities options.
- Added logic to address the intermittent Windows 2000 "RPC Error 1740" when
wcserver is started. This may occur for some systems because there is an
Windows 2000 installation problem causing duplicate NCALRPC end-points.
The Wildcat! Server will now ignore the second NCALRPC thus allowing it
to continue to start. However, please note that this is still considered
a Windows 2000 installation issue that should be addressed. We don't know
why this happens. It seems harmless but it does seem to be an Windows
installation issue. WCSERVER will write a warning in WILDCAT.LOG if it
finds duplicate end-points. If you find there are strange RPC related issues,
you might want to check the log for this "duplicate RPC end-point" warning
and address the installation issue until WCSERVER no longer issues the warning
in the log.
WCCONFIG (Wildcat! Configuration)
- WCMENU was cleaned up. Printing the menu tree was enhanced.
- Fixed Bounce Mail option (was forcing true)
- Added new SMTP Server options:
[ ] Enable Receiver Bin
Only set this TRUE if you intend to use the anti-spam SMTPFILTER wcBASIC
hook system. If this option is set and no SMTPFILTERxxxxx.WCX application
is available, the mail will be received but not processed. It will remain
in the NEW directory off the your primary host spool directory.
[ ] Retries include each MX attempt
Enable this option if you wish to include each MX mail server connection
attempt as part of the total retries when sending mail. If this option is
off, one attempt include all the MX records for a particular site domain.
Enable this option if you wish to speed up the rejection/bouncing of mail.
- Added new System Security Options.
In WCCONFIG | System Securities, there are two new options:
[ ] Allow WCX Configuration
[ ] Check Client IP Network Access
Wildcat! now offers wcBASIC wcx applications the ability to perform
wcCONFIG-like configuration/setup operations. This opens up the
possibilities for new/future WEB-based Wildcat! Remote Configuration
applications to be written.
By default, WCX applications are not allowed to perform configuration
operations. You must first enable the System Security option:
[X] Allow WCX Configuration
In addition, Wildcat! can check the IP of the client machine performing
the remote configuration. If this option is checked, enter the IP
of the client machine (i.e, the browser) in the Network Access table.
This allows you to restrict the remote client machines allowed to
perform remote WCX configuration operations.
WCSSLCONFIG (Wildcat! SSL Configuration)
- Updated help for Verify Level. If you are using an InstantSSL certificate,
you need to set the Verify Level to "FAIL IF NO PEER CERTIFICATE", and
you need to make sure the file ssl\cacert\ca-bundle.txt is updated with
the new Comodo Trusted Root Certificate. You can download the latest
version from the following URL:
ftp://ftp.santronics.com/wildcat/ssl/cacert/ca-bundle.txt
Using your mouse, Right Click the URL and select "Save Target As" and
save the file in your SSL\CACERT directory.
WCONLINE (Wildcat! Online Controller)
- no changes
WCWEB (Wildcat! WEB Server)
- Fixed a memory handle leak
- Fixed the WEB SSL option, "Required for all connections." Now it
is possible to use the WEB server for SSL operations only.
- In version 449.5, the web IMG counter (hits) logic was changed to allow
automatically creation the counter file in your data folder. In previous
version, the file had to exist first before the counter worked.
Since the WEB allows URL access from remote sites, it was possible for
a remote site to create unwanted counter files. In short, they were
using YOUR machine as storage system.
In this update, the WEB server reverted to the old logic to address
this possible issue.
If you want to use the <IMG src="counter?XXXX"> url to create a web
hits counter on your web site, you must first create the DATA\XXXX.ctr
file. It will not be automatically created. The HITS counter will
show zero (0) if the file does not exist.
- The WEB server questionnaire processor will now support the phone
number validation check file, data\badphone.lst. If the phone number
or mask is in this file, the user be redirected to the error file:
InvalidPhone.htm. The default message is:
Phone number is invalid or not permitted.
Click the browser back button and try again.
- Cleaned up the WEB server questionnaire processor when dealing with
double entrys in the answer file. This might occur if a questionnaire
expired or the original URL did not have &js=1. For example:
/ques?ques2
Without the &js=1 parameter, the web server will generate a non-javascript
questionnaire html form with a small javascript to redirect back to
the same question. If the browser supports javascript, the form is
regenerated with javascript form field validation logic. Under this
situation, a double entry of the answer file occured. This is now fixed.
WCBASIC
- Fixed a compiler bug for an ASC conversion to a const integer.
Example: Const xxxxx = asc("$")
- Fixed a bug in the DATELIB.WCC library function DayOfWeekStr()showing
wrong day of week string. Note: The GetDateOfWeek() returns an index of
1 to 7 where 1 corresponds to Sunday.
- Fixed a bug in the Questionnaire handler (QUES.WCC) where it was not updating
user time remaining when a security was changed.
- Main.wcc version display information was updated.
- Exposed existing Wildcat! SDK function to wcBASIC
Function WildcatLoggedIn(pUser as integer) as integer
where pUser is NULL or the address of a TUser record
Returns one of the following constants:
clSessionNone if no user is logged in
clSessionUser if user is logged in (returns pUser if not NULL)
clSessionSystem if system client is logged in
clSessionConfig if configuration client is logged in
Example:
if (WildcatLoggedIn(0) <> clSessionUser) then
print "User not logged in"
end
end if
- Added wcBASIC compiler defines:
BUILD_450_7
WILDCAT_V56
example:
#ifdef BUILD_450_7
if (WildcatLoggedIn(0) <> clSessionUser) then
print "User not logged in"
end
end if
#else
if (user.info.id = 0) then
print "User not logged in"
end
end if
#endif
- Added wcBASIC constant
WC_VERSION returns the current version info, i.e., "v5.6.450.7"
example:
print "Running Wildcat ";WC_VERSION
- New Configuration Library. wcBASIC now offers support for using the
configuration SDK, wcsmw.dll and wcsgate.dll, functions. New headers
are provided, wcsmw.wch wctypemw.wch, wcsgate.wch wcgtype.wch. The
best way to use the configuration library is by using the new contextlib.wch
library header which offers a way to prepare a configuration context session
in standalone applications and via the web.
WCFTP (Wildcat! FTP Server)
- By default, the Wildcat! FTP Server will only accept a minimum Non-Passive
data port of 1024 per the RFC 2277 FTP security guidelines.
This will prevent "proxy FTP Bounce Attacks" where a malicious ftp client
attempts to penetrate your local machine via the FTP server PORT command
which tells the FTP server which port to use to transfer data.
You do not need to do anything to secure this hole with this new version.
However, you now have registry control over the minimum and maximum port
values for both PASSIVE and NON-PASSIVE mode:
HKEY_LOCAL_MACHINE/Software/SSI/Wildcat/wcFTP
(if you don't have a wcFTP key, create one)
Non-passive or PORT command:
DWORD: NonPassiveMinDataPort (default is 1024)
DWORD: NonPassiveMaxDataPort (default is 65355)
Passive or PASV command:
DWORD: PassiveMinDataPort (default is 1024)
DWORD: PassiveMaxDataPort (default is 65355)
NOTE: VERY IMPORTANT! If you use these registry DWORD values, make sure you
define them as DECIMAL values, not as HEXDECIMAL. ALSO, in general you do not
need to define Passive port values since the server will control the port values.
The main point of this new security feature is to control the FTP client's
ability to use a non-passive PORT command to tell the server which PORT to use
to open a connection to something other than a FTP data transfer request.
- Enhanced FTP wildcard search specification to better support the '?'
character in search specification.
- Fixed an explicit SSL connection problem with FTP client WS_FTP.
- Fixed a state machine problem with the DATA port. This showed
up when using extended QUOTE commands. It was not a problem
for standard FTP client operations.
- Added a FTPLOGON.WCX hook for FTP login operations. Now it is
possible to perform customize user operations when a user logs
in. The most obvious feature is to switch to a particular user
directory, another could be to send a message to the sysop when
the user logs in.
- Added support for extended FTP commands, MLST and MLSD. Supportive FTP
client required. The MLSx commands show extended information about the
file. MLST will show infomation for one file MLSD will list the
directory extended information.
- Added support for MSDOS or UNIX style directory displays.
The default style is unix which is the standard among FTP servers.
The key difference is the MSDOS format offers a complete DATE/TIME
format for the file.
With the unix style, depending on the FTP server, the time of the file
could be the YEAR or TIME depending on the age of the file.
- Added support for "Unix-style 6 month range" for date/time display of
directory listings of files.
- Added support checking the data\badfiles.lst list file for uploads.
If the file name or mask is found in the badfiles.lst file, the upload
is not permitted with a 550 response code. Example:
ftp> put command.com
550 Specific file name not permitted.
WCSMTP (Wildcat! SMTP Server)
- Added Enable Receiver Bin ON/OFF log entry in wcSMTP.
- Now supports the Return-Path: header line for better identication
of bounce addresses. This fixes a bounce mail problem where under
special conditions, an extra unnecessary messages can be created.
- Added some enhancements for SMTPFILTER.WCC operations to better support
3rd party ANTI-SPAM applications using the SMTPFILTER technology in
Wildcat!. See SMTPFILTER.WCC
- Fixed EHLO/HELO command for non-extended SMTP servers when the option
[X] Enable SSL Outbound SMTP is enabled. If the server did not support
the EHLO command, wcSMTP was not trying the HELO command. You could
just turn off the option, but this update fixes the problem. wcSMTP
will try HELO if EHLO fails at the remote server.
- The registry option EnableReceiverBin was required to enabled the
SMTPFILTER.WCX operation. This option will be now be available as a
Check Box in the WCCONFIG | MAIL SERVER | SMTP SERVER setup as:
[X] Enable Receiver Bin (for SMTPFILTER operations)
Note: If you had this registry option enabled, you need to now set it
in WCCONFIG to enable the smtp filter system.
- SMTPFILTER.WCC Enhancements:
WcSMTP will now look for the wcx SmtpFilterHookLoader.wcx before
looking for SmtpFilter.wcx. The purpose to is support a multi-hook
layer system.
If you are currently using SFHOOK.ZIP and you renamed SmtpFilterHookLoader.wcx
to SMTPFILTER.WCX, you should rename it back or delete it and unzip the
original smtpfilterhookloader.wcx from SFHOOK.ZIP
The SmtpFilterHookLoader.wcx program is designed to run each program
listed in the data\smtpfilter-hooklist.txt file one at a time.
- Standard TSL AUTH (sasllogin.dll) is now automatically installed for
smtp AUTH operations. This reduces the need to unzip this file from
wcsasl.zip.
- New Auto-Forwarding Feature:
This is not new, but it was never documented. For local mail delivery,
(your local users), wcSMTP will look for an extended user profile field
called "SmtpForward" containing the forwarding address for a particular
user.
The easiest way to add an extended user profile field is with the
wcReport utility:
1) Start Wcreport and go to the Setup Options page.
2) Add SMTPFORWARD to one of the empty User Defined Fields.
Now all user accounts will have this extra field as part of their
record. Simply put the forwarding address in this field for the
particular user.
- Fixed the "Use SSL for Outgoing mail" option. It was not working. Now
it is.
WCPOP3 (Wildcat! POP3 Server)
- New registry option to add the Received: when the user picks up
his mail. This use to be TRUE by default. However, some mail
clients do not sort multiple received mail well with this option.
HKLM\Software\SSI\Wildcat\wcPOP3
DWORD: EnableReceivedLine
VALUE: 1 or 0
WCMAIL (Wildcat! Mail Gateway)
- Fixed the reloading of cached information when a restart signal
is sent to wcMAIL.
- Now supports Return-Path: header line for bounce messages.
WCLISTSERVER (Wildcat! List Server)
- no changes
WCNNTPSERVER (Wildcat! NNTP News Server)
- Changed "Authentication Required" response code from 502 to 480. This
will have no effect on news readers. However, 480 is the proper
response to used when authentication is required.
WCREPORT (Wildcat! Reports)
- Fixed the automated script command line mode where an extra
"Cancel Update?" window prompt was displayed.