diff --git a/install/tpl/debian6_dovecot-sql.conf.master b/install/tpl/debian6_dovecot-sql.conf.master index e05330dc26a4216d28e5d85f2918d005558232f4..72f286eace3c5e2a54d4a3c582a65277337f0e16 100644 --- a/install/tpl/debian6_dovecot-sql.conf.master +++ b/install/tpl/debian6_dovecot-sql.conf.master @@ -14,7 +14,8 @@ connect = host={mysql_server_host} dbname={mysql_server_database} user={mysql_se default_pass_scheme = CRYPT # password-query with prefetch -password_query = SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}' +password_query = SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}' AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = '%d' AND active = 'y' AND server_id = {server_id}) + user_query = SELECT email as user, maildir as home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as mail, uid, gid, CONCAT('*:storage=', quota, 'B') AS quota_rule, CONCAT(maildir, '/.sieve') as sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}' # The iterate_query is required for the doveadm command only and works only on dovecot 2 servers. diff --git a/install/tpl/debian_dovecot-sql.conf.master b/install/tpl/debian_dovecot-sql.conf.master index 2e0858057e8739cdc23ae8fef854b797d8b35cdf..4cbe22f1b9aa84ae26eb84345eb4242c42a87cbb 100644 --- a/install/tpl/debian_dovecot-sql.conf.master +++ b/install/tpl/debian_dovecot-sql.conf.master @@ -121,7 +121,8 @@ connect = host={mysql_server_host} dbname={mysql_server_database} user={mysql_se default_pass_scheme = CRYPT # password-query with prefetch -password_query = SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}' +password_query = SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}' AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = '%d' AND active = 'y' AND server_id = {server_id}) + user_query = SELECT email as user, maildir as home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as mail, uid, gid, CONCAT('*:storage=', quota, 'B') AS quota_rule, CONCAT(maildir, '/.sieve') as sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}' # The iterate_query is required for the doveadm command only and works only on dovecot 2 servers. diff --git a/install/tpl/debian_postfix.conf.master b/install/tpl/debian_postfix.conf.master index dcd5f592d880e0cfb8972863e89d5172eb14cf18..a6a48e0e02332626db23d6a9df83b92bb82722c9 100644 --- a/install/tpl/debian_postfix.conf.master +++ b/install/tpl/debian_postfix.conf.master @@ -28,6 +28,7 @@ proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virt smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit smtpd_sender_restrictions = {reject_aslm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks{reject_slm}, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re, check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf +smtpd_reject_unlisted_sender = yes smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated{rbl_list}, reject_unauth_pipelining {reject_unknown_client_hostname}, permit smtpd_etrn_restrictions = permit_mynetworks, reject smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit diff --git a/install/tpl/fedora_dovecot-sql.conf.master b/install/tpl/fedora_dovecot-sql.conf.master index 5d06d51e5d541447326fd90cc63c45dcd25d5bfb..00ef4faf258cd4d8b1be450a3f631814743e9b8e 100644 --- a/install/tpl/fedora_dovecot-sql.conf.master +++ b/install/tpl/fedora_dovecot-sql.conf.master @@ -134,7 +134,8 @@ connect = host={mysql_server_host} dbname={mysql_server_database} user={mysql_se default_pass_scheme = CRYPT # password-query with prefetch -password_query = SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}' +password_query = SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}' AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = '%d' AND active = 'y' AND server_id = {server_id}) + user_query = SELECT email as user, maildir as home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as mail, uid, gid, CONCAT('*:storage=', quota, 'B') AS quota_rule, CONCAT(maildir, '/.sieve') as sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}' # The iterate_query is required for the doveadm command only and works only on dovecot 2 servers. diff --git a/install/tpl/fedora_postfix.conf.master b/install/tpl/fedora_postfix.conf.master index 45bc0c117e0192ad93284f928b3303b56119316d..3cd8357a66b96917ea251064918ab99f62f0d63e 100644 --- a/install/tpl/fedora_postfix.conf.master +++ b/install/tpl/fedora_postfix.conf.master @@ -24,6 +24,7 @@ proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virt smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit smtpd_sender_restrictions = {reject_aslm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks{reject_slm}, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re, check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf +smtpd_reject_unlisted_sender = yes smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated{rbl_list}, reject_unauth_pipelining {reject_unknown_client_hostname}, permit smtpd_etrn_restrictions = permit_mynetworks, reject smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit diff --git a/install/tpl/gentoo_postfix.conf.master b/install/tpl/gentoo_postfix.conf.master index b3ff8f68041c19f7c1fd70b4464ec5414fc6a0fd..f4a1d4025c6e870dedcc031a7265a3f5f7fe65ff 100644 --- a/install/tpl/gentoo_postfix.conf.master +++ b/install/tpl/gentoo_postfix.conf.master @@ -23,6 +23,7 @@ proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virt smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit smtpd_sender_restrictions = {reject_aslm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks{reject_slm}, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re, check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf +smtpd_reject_unlisted_sender = yes smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated{rbl_list}, reject_unauth_pipelining {reject_unknown_client_hostname}, permit smtpd_etrn_restrictions = permit_mynetworks, reject smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit diff --git a/install/tpl/mysql-virtual_email2email.cf.master b/install/tpl/mysql-virtual_email2email.cf.master index 326ef2c3d98682ba18d45e0d6c4496c48323cfe1..1ae7f9addcad263574d85b5f50556464859a9794 100644 --- a/install/tpl/mysql-virtual_email2email.cf.master +++ b/install/tpl/mysql-virtual_email2email.cf.master @@ -3,5 +3,7 @@ password = {mysql_server_ispconfig_password} dbname = {mysql_server_database} hosts = {mysql_server_ip} query = SELECT email FROM mail_user WHERE email = '%s' AND forward_in_lda = 'n' AND disabledeliver = 'n' AND postfix = 'y' AND server_id = {server_id} + AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = SUBSTRING_INDEX('%s', '@', -1) AND active = 'y' AND server_id = {server_id}) UNION SELECT cc AS email FROM mail_user WHERE email = '%s' AND cc != '' AND (forward_in_lda = 'n' OR disabledeliver = 'y') AND postfix = 'y' AND server_id = {server_id} + AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = SUBSTRING_INDEX('%s', '@', -1) AND active = 'y' AND server_id = {server_id}) diff --git a/install/tpl/mysql-virtual_gids.cf.master b/install/tpl/mysql-virtual_gids.cf.master index 5611b935dd2cf6f8fa2afd10713cdf313fb9e11f..0bd2c8ec6964267a3a78516e451a1760de15ad73 100644 --- a/install/tpl/mysql-virtual_gids.cf.master +++ b/install/tpl/mysql-virtual_gids.cf.master @@ -2,4 +2,5 @@ user = {mysql_server_ispconfig_user} password = {mysql_server_ispconfig_password} dbname = {mysql_server_database} hosts = {mysql_server_ip} -query = select gid from mail_user where email = '%s' and postfix = 'y' and server_id = {server_id} +query = SELECT gid FROM mail_user WHERE email = '%s' AND postfix = 'y' AND server_id = {server_id} + AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = SUBSTRING_INDEX('%s', '@', -1) AND active = 'y' AND server_id = {server_id}) diff --git a/install/tpl/mysql-virtual_mailboxes.cf.master b/install/tpl/mysql-virtual_mailboxes.cf.master index 8b2677a1966cb2ba01add4139d06940651543e41..76cc05f46433a547860fd4b86c8e045722c64bb5 100644 --- a/install/tpl/mysql-virtual_mailboxes.cf.master +++ b/install/tpl/mysql-virtual_mailboxes.cf.master @@ -2,4 +2,5 @@ user = {mysql_server_ispconfig_user} password = {mysql_server_ispconfig_password} dbname = {mysql_server_database} hosts = {mysql_server_ip} -query = select CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') from mail_user where email = '%s' and postfix = 'y' and disabledeliver = 'n' and server_id = {server_id} +query = SELECT CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') FROM mail_user WHERE email = '%s' AND postfix = 'y' AND disabledeliver = 'n' AND server_id = {server_id} + AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = SUBSTRING_INDEX('%s', '@', -1) AND active = 'y' AND server_id = {server_id}) diff --git a/install/tpl/mysql-virtual_outgoing_bcc.cf.master b/install/tpl/mysql-virtual_outgoing_bcc.cf.master index 19b235fcf5a19c2b3a068e9a4820a671f194559d..1501154e161d63a26d27a265c557e396ae18b92f 100644 --- a/install/tpl/mysql-virtual_outgoing_bcc.cf.master +++ b/install/tpl/mysql-virtual_outgoing_bcc.cf.master @@ -4,7 +4,9 @@ dbname = {mysql_server_database} hosts = {mysql_server_ip} query = SELECT sender_cc FROM ( SELECT SUBSTRING_INDEX(sender_cc, ',', 1) AS sender_cc - FROM mail_user WHERE email = '%s' AND disablesmtp = 'n' AND sender_cc != '' AND server_id = {server_id} + FROM mail_user + WHERE email = '%s' AND disablesmtp = 'n' AND sender_cc != '' AND server_id = {server_id} + AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = SUBSTRING_INDEX('%s', '@', -1) AND active = 'y' AND server_id = {server_id}) UNION SELECT SUBSTRING_INDEX(u.sender_cc, ',', 1) AS sender_cc FROM mail_user u, mail_forwarding f @@ -13,4 +15,5 @@ query = SELECT sender_cc FROM ( '[[:blank:]]*(,[[:blank:]]*[[:alnum:]]|,?[[:blank:]]*(\\r?\\n|$))' ) AND u.disablesmtp = 'n' AND u.sender_cc != '' AND u.server_id = {server_id} AND f.source = '%s' AND f.allow_send_as = 'y' AND f.active = 'y' AND f.server_id = {server_id} + AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = SUBSTRING_INDEX('%s', '@', -1) AND active = 'y' AND server_id = {server_id}) ) table1 WHERE sender_cc != '' LIMIT 1 diff --git a/install/tpl/mysql-virtual_policy_greylist.cf.master b/install/tpl/mysql-virtual_policy_greylist.cf.master index 5203b1a2ea65a597d034d204289f4abc6bdffd1b..8896b823a7778523d87505e31d24cbf826e86200 100644 --- a/install/tpl/mysql-virtual_policy_greylist.cf.master +++ b/install/tpl/mysql-virtual_policy_greylist.cf.master @@ -5,9 +5,10 @@ hosts = {mysql_server_ip} query = SELECT 'greylisting' FROM ( SELECT `greylisting`, 1 as `prio` FROM `mail_user` WHERE `server_id` = {server_id} AND `email` = '%s' + AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = SUBSTRING_INDEX('%s', '@', -1) AND active = 'y' AND server_id = {server_id}) UNION - SELECT `greylisting`, 2 as `prio` FROM `mail_forwarding` WHERE `server_id` = {server_id} AND `source` = '%s' + SELECT `greylisting`, 2 as `prio` FROM `mail_forwarding` WHERE `server_id` = {server_id} AND `source` = '%s' AND active = 'y' UNION - SELECT `greylisting`, 3 as `prio` FROM `mail_forwarding` WHERE `server_id` = {server_id} AND `source` = '@%d' ORDER BY `prio` ASC LIMIT 1 + SELECT `greylisting`, 3 as `prio` FROM `mail_forwarding` WHERE `server_id` = {server_id} AND `source` = '@%d' AND active = 'y' ORDER BY `prio` ASC LIMIT 1 ) AS rules WHERE rules.greylisting = 'y' diff --git a/install/tpl/mysql-virtual_sender_login_maps.cf.master b/install/tpl/mysql-virtual_sender_login_maps.cf.master index f97229d213a9a549065e2ac458f31ae85dfdf3cf..165bee12311ac84879c7b0bc8555a0e8427287e2 100644 --- a/install/tpl/mysql-virtual_sender_login_maps.cf.master +++ b/install/tpl/mysql-virtual_sender_login_maps.cf.master @@ -4,4 +4,5 @@ dbname = {mysql_server_database} hosts = {mysql_server_ip} query = SELECT destination FROM mail_forwarding WHERE source = '%s' AND active = 'y' AND allow_send_as = 'y' AND server_id = {server_id} UNION - SELECT email FROM mail_user WHERE email = '%s' AND disablesmtp = 'n' AND server_id = {server_id}; + SELECT email FROM mail_user WHERE email = '%s' AND disablesmtp = 'n' AND server_id = {server_id} + AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = SUBSTRING_INDEX('%s', '@', -1) AND active = 'y' AND server_id = {server_id}) diff --git a/install/tpl/mysql-virtual_uids.cf.master b/install/tpl/mysql-virtual_uids.cf.master index de35368c0ad39dbba4ee1cfb52ed5f8a48fbab11..6fa041bae5569be38e721161ed494a33f8a8b38d 100644 --- a/install/tpl/mysql-virtual_uids.cf.master +++ b/install/tpl/mysql-virtual_uids.cf.master @@ -2,4 +2,5 @@ user = {mysql_server_ispconfig_user} password = {mysql_server_ispconfig_password} dbname = {mysql_server_database} hosts = {mysql_server_ip} -query = select uid from mail_user where email = '%s' and postfix = 'y' and server_id = {server_id} +query = SELECT uid FROM mail_user WHERE email = '%s' AND postfix = 'y' AND server_id = {server_id} + AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = SUBSTRING_INDEX('%s', '@', -1) AND active = 'y' AND server_id = {server_id}) diff --git a/install/tpl/opensuse_dovecot-sql.conf.master b/install/tpl/opensuse_dovecot-sql.conf.master index 5d06d51e5d541447326fd90cc63c45dcd25d5bfb..00ef4faf258cd4d8b1be450a3f631814743e9b8e 100644 --- a/install/tpl/opensuse_dovecot-sql.conf.master +++ b/install/tpl/opensuse_dovecot-sql.conf.master @@ -134,7 +134,8 @@ connect = host={mysql_server_host} dbname={mysql_server_database} user={mysql_se default_pass_scheme = CRYPT # password-query with prefetch -password_query = SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}' +password_query = SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}' AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = '%d' AND active = 'y' AND server_id = {server_id}) + user_query = SELECT email as user, maildir as home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as mail, uid, gid, CONCAT('*:storage=', quota, 'B') AS quota_rule, CONCAT(maildir, '/.sieve') as sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}' # The iterate_query is required for the doveadm command only and works only on dovecot 2 servers. diff --git a/install/tpl/opensuse_postfix.conf.master b/install/tpl/opensuse_postfix.conf.master index 7386fad16eb1fb40634797564be9e520b016e380..7d3669853a6ab2ec03fa7ed5264bde0d13a2d509 100644 --- a/install/tpl/opensuse_postfix.conf.master +++ b/install/tpl/opensuse_postfix.conf.master @@ -26,6 +26,7 @@ proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virt smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit smtpd_sender_restrictions = {reject_aslm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks{reject_slm}, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re, check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf +smtpd_reject_unlisted_sender = yes smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated{rbl_list}, reject_unauth_pipelining {reject_unknown_client_hostname}, permit smtpd_etrn_restrictions = permit_mynetworks, reject smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit