Version 5.6 Build 450.7
- IMPORTANT: If you are upgrading from Wildcat! v5.4 or less, please
  read the change history in AUP v5.5.450.2. A few conversion steps 
  much be performed before running this new update as outlined in 
  the 450.2 Special Notes.  The Wildcat! server will also inform 
  you of this required conversion if it not done.

- IMPORTANT: If you are upgrading from Wildcat! v5.5.450.2, please read
  the change history in AUP v5.6.450.3.  In AUP 450.3, new optional 
  internet security features (SSL and SASL) were added and WCCONFIG 
  components related to Mail Operations was reorganized and consolidated
  under one section called "Mail Server."
- If you have the add-on product "Wildcat! List Server", it will 
  automatically perform a conversion the first time you run the
  new wcListServeSetup.exe configuration utility.
- In this v5.6.450.7 update, we concentrated on many enhancments and
  and fixes, especially in regards to the Internet Email system.  Much 
  emphasis was placed on addressing SPAM mail with the enhancements to 
  the Wildcat! SMTP SMTPFILTER wcBASIC hook system.  The FTP server
  has many new extended support features.  Many enhancements and new
  SDK/WCBASIC features were added.  It is now possible for 3rd party
  developers to write remote WEB configuration features using wcBASIC.
Changes, Fixes, New Features and Enhancements by Wildcat! Component
WCSERVER (Wildcat! Server)

- Minor change to UpdateFileRec() when renaming a file.  If the record
  exist for renaming, the original file does not exist but the new file
  exist, then it will check for the old file before it internally
  renames the file.  This helps the situation when a file is named
  externally and the sysop uses the File Manager to correct the record
  file name.  With this change, the new file name was deleted.
- Enhanced the Configuration Login client session to check for WCX access by
  remote client IP address. This augments the new ability for wcBASIC WCX 
  applications to perform configuration operations. See the new WCCONFIG |
  System Securities options.
- Added logic to address the intermittent Windows 2000 "RPC Error 1740" when
  wcserver is started.  This may occur for some systems because there is an 
  Windows 2000 installation problem causing duplicate NCALRPC end-points.
  The Wildcat! Server will now ignore the second NCALRPC thus allowing it 
  to continue to start.  However, please note that this is still considered 
  a Windows 2000 installation issue that should be addressed.  We don't know
  why this happens. It seems harmless but it does seem to be an Windows 
  installation issue. WCSERVER will write a warning in WILDCAT.LOG if it 
  finds duplicate end-points. If you find there are strange RPC related issues, 
  you might want to check the log for this "duplicate RPC end-point" warning 
  and address the installation issue until WCSERVER no longer issues the warning 
  in the log.
WCCONFIG (Wildcat! Configuration)

- WCMENU was cleaned up. Printing the menu tree was enhanced.

- Fixed Bounce Mail option (was forcing true)

- Added new SMTP Server options:

    [ ] Enable Receiver Bin

  Only set this TRUE if you intend to use the anti-spam SMTPFILTER wcBASIC
  hook system.  If this option is set and no SMTPFILTERxxxxx.WCX application
  is available, the mail will be received but not processed. It will remain
  in the NEW directory off the your primary host spool directory.

    [ ] Retries include each MX attempt
  Enable this option if you wish to include each MX mail server connection
  attempt as part of the total retries when sending mail. If this option is
  off, one attempt include all the MX records for a particular site domain.
  Enable this option if you wish to speed up the rejection/bouncing of mail.
- Added new System Security Options.
  In WCCONFIG | System Securities, there are two new options:

    [ ] Allow WCX Configuration
	[ ] Check Client IP Network Access
  Wildcat! now offers wcBASIC wcx applications the ability to perform
  wcCONFIG-like configuration/setup operations.  This opens up the 
  possibilities for new/future WEB-based Wildcat! Remote Configuration 
  applications to be written.

  By default, WCX applications are not allowed to perform configuration 
  operations.  You must first enable the System Security option:

    [X] Allow WCX Configuration

  In addition, Wildcat! can check the IP of the client machine performing
  the remote configuration.  If this option is checked, enter the IP
  of the client machine (i.e, the browser) in the Network Access table.
  This allows you to restrict the remote client machines allowed to
  perform remote WCX configuration operations.
WCSSLCONFIG (Wildcat! SSL Configuration)

- Updated help for Verify Level. If you are using an InstantSSL certificate, 
  you need to set the Verify Level to "FAIL IF NO PEER CERTIFICATE", and
  you need to make sure the file ssl\cacert\ca-bundle.txt is updated with
  the new Comodo Trusted Root Certificate. You can download the latest
  version from the following URL:
  Using your mouse, Right Click the URL and select "Save Target As" and
  save the file in your SSL\CACERT directory.
WCONLINE (Wildcat! Online Controller)

- no changes

WCWEB (Wildcat! WEB Server)

- Fixed a memory handle leak

- Fixed the WEB SSL option, "Required for all connections."  Now it
  is possible to use the WEB server for SSL operations only.

- In version 449.5, the web IMG counter (hits) logic was changed to allow
  automatically creation the counter file in your data folder.  In previous
  version, the file had to exist first before the counter worked.

  Since the WEB allows URL access from remote sites, it was possible for
  a remote site to create unwanted counter files. In short, they were
  using YOUR machine as storage system.

  In this update, the WEB server reverted to the old logic to address
  this possible issue.

  If you want to use the <IMG src="counter?XXXX"> url to create a web
  hits counter on your web site, you must first create the DATA\XXXX.ctr
  file.  It will not be automatically created.  The HITS counter will
  show zero (0) if the file does not exist.

- The WEB server questionnaire processor will now support the phone
  number validation check file, data\badphone.lst.  If the phone number
  or mask is in this file, the user be redirected to the error file:
  InvalidPhone.htm.  The default message is:

        Phone number is invalid or not permitted.
        Click the browser back button and try again.

- Cleaned up the WEB server questionnaire processor when dealing with
  double entrys in the answer file.  This might occur if a questionnaire
  expired or the original URL did not have &js=1. For example:


  Without the &js=1 parameter, the web server will generate a non-javascript
  questionnaire html form with a small javascript to redirect back to
  the same question.  If the browser supports javascript, the form is
  regenerated with javascript form field validation logic.   Under this
  situation, a double entry of the answer file occured.  This is now fixed.


- Fixed a compiler bug for an ASC conversion to a const integer.
  Example: Const xxxxx = asc("$")

- Fixed a bug in the DATELIB.WCC library function DayOfWeekStr()showing
  wrong day of week string.  Note: The GetDateOfWeek() returns an index of
  1 to 7 where 1 corresponds to Sunday.
- Fixed a bug in the Questionnaire handler (QUES.WCC) where it was not updating
  user time remaining when a security was changed.

- Main.wcc version display information was updated.

- Exposed existing Wildcat! SDK function to wcBASIC

    Function WildcatLoggedIn(pUser as integer) as integer

  where pUser is NULL or the address of a TUser record

  Returns one of the following constants:

    clSessionNone       if no user is logged in
    clSessionUser       if user is logged in (returns pUser if not NULL)
    clSessionSystem     if system client is logged in
    clSessionConfig     if configuration client is logged in


    if (WildcatLoggedIn(0) <> clSessionUser) then
       print "User not logged in"
    end if

- Added wcBASIC compiler defines:



  #ifdef BUILD_450_7
    if (WildcatLoggedIn(0) <> clSessionUser) then
       print "User not logged in"
    end if
    if ( = 0) then
       print "User not logged in"
    end if

- Added wcBASIC constant

  WC_VERSION    returns the current version info, i.e., "v5.6.450.7"


    print "Running Wildcat ";WC_VERSION

- New Configuration Library. wcBASIC now offers support for using the
  configuration SDK, wcsmw.dll and wcsgate.dll, functions.  New headers
  are provided, wcsmw.wch wctypemw.wch, wcsgate.wch wcgtype.wch.  The
  best way to use the configuration library is by using the new contextlib.wch
  library header which offers a way to prepare a configuration context session
  in standalone applications and via the web.

WCFTP (Wildcat! FTP Server)

- By default, the Wildcat! FTP Server will only accept a minimum Non-Passive
  data port of 1024 per the RFC 2277 FTP security guidelines.  

  This will prevent "proxy FTP Bounce Attacks" where a malicious ftp client 
  attempts to penetrate your local machine via the FTP server PORT command 
  which tells the FTP server which port to use to transfer data.  

  You do not need to do anything to secure this hole with this new version.  
  However, you now have registry control over the minimum and maximum port 
  values for both PASSIVE and NON-PASSIVE mode:


	(if you don't have a wcFTP key, create one)

	Non-passive or PORT command:

	  DWORD: NonPassiveMinDataPort   (default is 1024)
	  DWORD: NonPassiveMaxDataPort   (default is 65355)
	Passive or PASV command:

	  DWORD: PassiveMinDataPort      (default is 1024)
	  DWORD: PassiveMaxDataPort      (default is 65355)

  NOTE: VERY IMPORTANT! If you use these registry DWORD values, make sure you 
  define them as DECIMAL values, not as HEXDECIMAL. ALSO, in general you do not
  need to define Passive port values since the server will control the port values.
  The main point of this new security feature is to control the FTP client's
  ability to use a non-passive PORT command to tell the server which PORT to use 
  to open a connection to something other than a FTP data transfer request.
- Enhanced FTP wildcard search specification to better support the '?'
  character in search specification.

- Fixed an explicit SSL connection problem with FTP client WS_FTP.

- Fixed a state machine problem with the DATA port. This showed
  up when using extended QUOTE commands. It was not a problem
  for standard FTP client operations.

- Added a FTPLOGON.WCX hook for FTP login operations.  Now it is
  possible to perform customize user operations when a user logs
  in.  The most obvious feature is to switch to a particular user
  directory, another could be to send a message to the sysop when
  the user logs in.

- Added support for extended FTP commands, MLST and MLSD. Supportive FTP
  client required. The MLSx commands show extended information about the
  file.  MLST will show infomation for one file  MLSD will list the
  directory extended information.

- Added support for MSDOS or UNIX style directory displays.

  The default style is unix which is the standard among FTP servers.

  The key difference is the MSDOS format offers a complete DATE/TIME
  format for the file.

  With the unix style, depending on the FTP server, the time of the file
  could be the YEAR or TIME depending on the age of the file.

- Added support for "Unix-style 6 month range" for date/time display of
  directory listings of files.

- Added support checking the data\badfiles.lst list file for uploads.
  If the file name or mask is found in the badfiles.lst file, the upload
  is not permitted with a 550 response code.  Example:

    ftp> put
    550 Specific file name not permitted.

WCSMTP (Wildcat! SMTP Server)

- Added Enable Receiver Bin ON/OFF log entry in wcSMTP.

- Now supports the Return-Path: header line for better identication
  of bounce addresses.  This fixes a bounce mail problem where under
  special conditions, an extra unnecessary messages can be created.

- Added some enhancements for SMTPFILTER.WCC operations to better support
  3rd party ANTI-SPAM applications using the SMTPFILTER technology in
  Wildcat!. See SMTPFILTER.WCC
- Fixed EHLO/HELO command for non-extended SMTP servers when the option
  [X] Enable SSL Outbound SMTP is enabled.  If the server did not support
  the EHLO command, wcSMTP was not trying the HELO command.  You could
  just turn off the option, but this update fixes the problem.  wcSMTP
  will try HELO if EHLO fails at the remote server.

- The registry option EnableReceiverBin was required to enabled the
  SMTPFILTER.WCX operation.  This option will be now be available as a
  Check Box in the WCCONFIG | MAIL SERVER | SMTP SERVER setup as:

      [X] Enable Receiver Bin (for SMTPFILTER operations)

  Note: If you had this registry option enabled, you need to now set it
  in WCCONFIG to enable the smtp filter system.

- SMTPFILTER.WCC Enhancements:

  WcSMTP will now look for the wcx SmtpFilterHookLoader.wcx before
  looking for SmtpFilter.wcx.  The purpose to is support a multi-hook
  layer system.

  If you are currently using SFHOOK.ZIP and you renamed SmtpFilterHookLoader.wcx
  to SMTPFILTER.WCX, you should rename it back or delete it and unzip the
  original smtpfilterhookloader.wcx from SFHOOK.ZIP

  The SmtpFilterHookLoader.wcx program is designed to run each program
  listed in the data\smtpfilter-hooklist.txt file one at a time.

- Standard TSL AUTH (sasllogin.dll) is now automatically installed for
  smtp AUTH operations.  This reduces the need to unzip this file from

- New Auto-Forwarding Feature:
  This is not new, but it was never documented.   For local mail delivery,
  (your local users),  wcSMTP will look for an extended user profile field
  called "SmtpForward" containing the forwarding address for a particular

  The easiest way to add an extended user profile field is with the
  wcReport utility:

	1) Start Wcreport and go to the Setup Options page.
	2) Add SMTPFORWARD to one of the empty User Defined Fields.
  Now all user accounts will have this extra field as part of their
  record.   Simply put the forwarding address in this field for the
  particular user.

- Fixed the "Use SSL for Outgoing mail" option.  It was not working. Now
  it is.

WCPOP3 (Wildcat! POP3 Server)

- New registry option to add the Received: when the user picks up
  his mail.  This use to be TRUE by default.  However, some mail
  clients do not sort multiple received mail well with this option.

  DWORD: EnableReceivedLine
  VALUE: 1 or 0

WCMAIL (Wildcat! Mail Gateway)

- Fixed the reloading of cached information when a restart signal
  is sent to wcMAIL.

- Now supports Return-Path: header line for bounce messages.
WCLISTSERVER (Wildcat! List Server)

- no changes
WCNNTPSERVER (Wildcat! NNTP News Server)

- Changed "Authentication Required" response code from 502 to 480. This
  will have no effect on news readers. However, 480 is the proper 
  response to used when authentication is required.
WCREPORT (Wildcat! Reports)

- Fixed the automated script command line mode where an extra 
  "Cancel Update?" window prompt was displayed.