Version 5.6 Build 450.7
SPECIAL NOTES ABOUT THIS UPDATE:
- IMPORTANT: If you are upgrading from Wildcat! v5.4 or less, please read the change history in AUP v5.5.450.2. A few conversion steps much be performed before running this new update as outlined in the 450.2 Special Notes. The Wildcat! server will also inform you of this required conversion if it not done. - IMPORTANT: If you are upgrading from Wildcat! v5.5.450.2, please read the change history in AUP v5.6.450.3. In AUP 450.3, new optional internet security features (SSL and SASL) were added and WCCONFIG components related to Mail Operations was reorganized and consolidated under one section called "Mail Server."
- If you have the add-on product "Wildcat! List Server", it will automatically perform a conversion the first time you run the new wcListServeSetup.exe configuration utility.
- In this v5.6.450.7 update, we concentrated on many enhancments and and fixes, especially in regards to the Internet Email system. Much emphasis was placed on addressing SPAM mail with the enhancements to the Wildcat! SMTP SMTPFILTER wcBASIC hook system. The FTP server has many new extended support features. Many enhancements and new SDK/WCBASIC features were added. It is now possible for 3rd party developers to write remote WEB configuration features using wcBASIC.
Changes, Fixes, New Features and Enhancements by Wildcat! Component
WCSERVER (Wildcat! Server) - Minor change to UpdateFileRec() when renaming a file. If the record exist for renaming, the original file does not exist but the new file exist, then it will check for the old file before it internally renames the file. This helps the situation when a file is named externally and the sysop uses the File Manager to correct the record file name. With this change, the new file name was deleted.
- Enhanced the Configuration Login client session to check for WCX access by remote client IP address. This augments the new ability for wcBASIC WCX applications to perform configuration operations. See the new WCCONFIG | System Securities options.
- Added logic to address the intermittent Windows 2000 "RPC Error 1740" when wcserver is started. This may occur for some systems because there is an Windows 2000 installation problem causing duplicate NCALRPC end-points. The Wildcat! Server will now ignore the second NCALRPC thus allowing it to continue to start. However, please note that this is still considered a Windows 2000 installation issue that should be addressed. We don't know why this happens. It seems harmless but it does seem to be an Windows installation issue. WCSERVER will write a warning in WILDCAT.LOG if it finds duplicate end-points. If you find there are strange RPC related issues, you might want to check the log for this "duplicate RPC end-point" warning and address the installation issue until WCSERVER no longer issues the warning in the log.
WCCONFIG (Wildcat! Configuration) - WCMENU was cleaned up. Printing the menu tree was enhanced. - Fixed Bounce Mail option (was forcing true) - Added new SMTP Server options: [ ] Enable Receiver Bin Only set this TRUE if you intend to use the anti-spam SMTPFILTER wcBASIC hook system. If this option is set and no SMTPFILTERxxxxx.WCX application is available, the mail will be received but not processed. It will remain in the NEW directory off the your primary host spool directory. [ ] Retries include each MX attempt
Enable this option if you wish to include each MX mail server connection attempt as part of the total retries when sending mail. If this option is off, one attempt include all the MX records for a particular site domain. Enable this option if you wish to speed up the rejection/bouncing of mail.
- Added new System Security Options.
In WCCONFIG | System Securities, there are two new options: [ ] Allow WCX Configuration [ ] Check Client IP Network Access
Wildcat! now offers wcBASIC wcx applications the ability to perform wcCONFIG-like configuration/setup operations. This opens up the possibilities for new/future WEB-based Wildcat! Remote Configuration applications to be written. By default, WCX applications are not allowed to perform configuration operations. You must first enable the System Security option: [X] Allow WCX Configuration In addition, Wildcat! can check the IP of the client machine performing the remote configuration. If this option is checked, enter the IP of the client machine (i.e, the browser) in the Network Access table. This allows you to restrict the remote client machines allowed to perform remote WCX configuration operations.
WCSSLCONFIG (Wildcat! SSL Configuration) - Updated help for Verify Level. If you are using an InstantSSL certificate, you need to set the Verify Level to "FAIL IF NO PEER CERTIFICATE", and you need to make sure the file ssl\cacert\ca-bundle.txt is updated with the new Comodo Trusted Root Certificate. You can download the latest version from the following URL:
Using your mouse, Right Click the URL and select "Save Target As" and save the file in your SSL\CACERT directory.
- Fixed a bug in the Questionnaire handler (QUES.WCC) where it was not updating user time remaining when a security was changed. - Main.wcc version display information was updated. - Exposed existing Wildcat! SDK function to wcBASIC Function WildcatLoggedIn(pUser as integer) as integer where pUser is NULL or the address of a TUser record Returns one of the following constants: clSessionNone if no user is logged in clSessionUser if user is logged in (returns pUser if not NULL) clSessionSystem if system client is logged in clSessionConfig if configuration client is logged in Example: if (WildcatLoggedIn(0) <> clSessionUser) then print "User not logged in" end end if - Added wcBASIC compiler defines: BUILD_450_7 WILDCAT_V56 example: #ifdef BUILD_450_7 if (WildcatLoggedIn(0) <> clSessionUser) then print "User not logged in" end end if #else if (user.info.id = 0) then print "User not logged in" end end if #endif - Added wcBASIC constant WC_VERSION returns the current version info, i.e., "v5.6.450.7" example: print "Running Wildcat ";WC_VERSION - New Configuration Library. wcBASIC now offers support for using the configuration SDK, wcsmw.dll and wcsgate.dll, functions. New headers are provided, wcsmw.wch wctypemw.wch, wcsgate.wch wcgtype.wch. The best way to use the configuration library is by using the new contextlib.wch library header which offers a way to prepare a configuration context session in standalone applications and via the web. WCFTP (Wildcat! FTP Server) - By default, the Wildcat! FTP Server will only accept a minimum Non-Passive data port of 1024 per the RFC 2277 FTP security guidelines. This will prevent "proxy FTP Bounce Attacks" where a malicious ftp client attempts to penetrate your local machine via the FTP server PORT command which tells the FTP server which port to use to transfer data. You do not need to do anything to secure this hole with this new version. However, you now have registry control over the minimum and maximum port values for both PASSIVE and NON-PASSIVE mode: HKEY_LOCAL_MACHINE/Software/SSI/Wildcat/wcFTP (if you don't have a wcFTP key, create one) Non-passive or PORT command: DWORD: NonPassiveMinDataPort (default is 1024) DWORD: NonPassiveMaxDataPort (default is 65355)
Passive or PASV command: DWORD: PassiveMinDataPort (default is 1024) DWORD: PassiveMaxDataPort (default is 65355) NOTE: VERY IMPORTANT! If you use these registry DWORD values, make sure you define them as DECIMAL values, not as HEXDECIMAL. ALSO, in general you do not need to define Passive port values since the server will control the port values. The main point of this new security feature is to control the FTP client's ability to use a non-passive PORT command to tell the server which PORT to use to open a connection to something other than a FTP data transfer request.
- Enhanced FTP wildcard search specification to better support the '?' character in search specification. - Fixed an explicit SSL connection problem with FTP client WS_FTP. - Fixed a state machine problem with the DATA port. This showed up when using extended QUOTE commands. It was not a problem for standard FTP client operations. - Added a FTPLOGON.WCX hook for FTP login operations. Now it is possible to perform customize user operations when a user logs in. The most obvious feature is to switch to a particular user directory, another could be to send a message to the sysop when the user logs in. - Added support for extended FTP commands, MLST and MLSD. Supportive FTP client required. The MLSx commands show extended information about the file. MLST will show infomation for one file MLSD will list the directory extended information. - Added support for MSDOS or UNIX style directory displays. The default style is unix which is the standard among FTP servers. The key difference is the MSDOS format offers a complete DATE/TIME format for the file. With the unix style, depending on the FTP server, the time of the file could be the YEAR or TIME depending on the age of the file. - Added support for "Unix-style 6 month range" for date/time display of directory listings of files. - Added support checking the data\badfiles.lst list file for uploads. If the file name or mask is found in the badfiles.lst file, the upload is not permitted with a 550 response code. Example: ftp> put command.com 550 Specific file name not permitted. WCSMTP (Wildcat! SMTP Server) - Added Enable Receiver Bin ON/OFF log entry in wcSMTP. - Now supports the Return-Path: header line for better identication of bounce addresses. This fixes a bounce mail problem where under special conditions, an extra unnecessary messages can be created. - Added some enhancements for SMTPFILTER.WCC operations to better support 3rd party ANTI-SPAM applications using the SMTPFILTER technology in Wildcat!. See SMTPFILTER.WCC
- Fixed EHLO/HELO command for non-extended SMTP servers when the option [X] Enable SSL Outbound SMTP is enabled. If the server did not support the EHLO command, wcSMTP was not trying the HELO command. You could just turn off the option, but this update fixes the problem. wcSMTP will try HELO if EHLO fails at the remote server. - The registry option EnableReceiverBin was required to enabled the SMTPFILTER.WCX operation. This option will be now be available as a Check Box in the WCCONFIG | MAIL SERVER | SMTP SERVER setup as: [X] Enable Receiver Bin (for SMTPFILTER operations) Note: If you had this registry option enabled, you need to now set it in WCCONFIG to enable the smtp filter system. - SMTPFILTER.WCC Enhancements: WcSMTP will now look for the wcx SmtpFilterHookLoader.wcx before looking for SmtpFilter.wcx. The purpose to is support a multi-hook layer system. If you are currently using SFHOOK.ZIP and you renamed SmtpFilterHookLoader.wcx to SMTPFILTER.WCX, you should rename it back or delete it and unzip the original smtpfilterhookloader.wcx from SFHOOK.ZIP The SmtpFilterHookLoader.wcx program is designed to run each program listed in the data\smtpfilter-hooklist.txt file one at a time. - Standard TSL AUTH (sasllogin.dll) is now automatically installed for smtp AUTH operations. This reduces the need to unzip this file from wcsasl.zip. - New Auto-Forwarding Feature:
This is not new, but it was never documented. For local mail delivery, (your local users), wcSMTP will look for an extended user profile field called "SmtpForward" containing the forwarding address for a particular user. The easiest way to add an extended user profile field is with the wcReport utility: 1) Start Wcreport and go to the Setup Options page. 2) Add SMTPFORWARD to one of the empty User Defined Fields.
Now all user accounts will have this extra field as part of their record. Simply put the forwarding address in this field for the particular user. - Fixed the "Use SSL for Outgoing mail" option. It was not working. Now it is. WCPOP3 (Wildcat! POP3 Server) - New registry option to add the Received: when the user picks up his mail. This use to be TRUE by default. However, some mail clients do not sort multiple received mail well with this option. HKLM\Software\SSI\Wildcat\wcPOP3 DWORD: EnableReceivedLine VALUE: 1 or 0 WCMAIL (Wildcat! Mail Gateway) - Fixed the reloading of cached information when a restart signal is sent to wcMAIL. - Now supports Return-Path: header line for bounce messages.
WCLISTSERVER (Wildcat! List Server) - no changes
WCNNTPSERVER (Wildcat! NNTP News Server) - Changed "Authentication Required" response code from 502 to 480. This will have no effect on news readers. However, 480 is the proper response to used when authentication is required.
WCREPORT (Wildcat! Reports) - Fixed the automated script command line mode where an extra "Cancel Update?" window prompt was displayed.