successful create but unsuccessful subscribe

[Dan White]

On 12/14/12 09:50 +0100, Kerstin Espey wrote:
>The configs are attached.
>
>We have 4 frontend and 4 backend server, but thunderbird and
>webmail-client are configured to use only one frontend, as this is
>easier to debug.

frontend:

>configdirectory: /var/lib/cyrus
>servername: amanda
>defaultpartition: default
>partition-default: /var/spool/cyrus/mail
>delete_mode: immediate
>partition-news: /var/spool/cyrus/news
>newsspool: /var/spool/news
>annotation_db: skiplist
>duplicate_db: skiplist
>mboxlist_db: skiplist
>quota_db: quotalegacy
>seenstate_db: skiplist
>statuscache_db: skiplist
>subscription_db: flat
>tlscache_db: skiplist
>altnamespace: no
>unixhierarchysep: yes
>lmtp_downcase_rcpt: yes
>admins: cyrus
>lmtp_admins: cyrus murder
>mupdate_admins: murder
>proxy_authname: cyrus
>proxy_password: xxx
>proxyd_disable_mailbox_referrals: 1
>allowsubscribes: yes
>allowanonymouslogin: no
>allowusermoves: yes
>popminpoll: 1
>autocreatequota: 0
>umask: 077
>sieveusehomedir: false
>sievedir: /var/spool/sieve
>hashimapspool: true
>allowplaintext: yes
>sasl_mech_list: PLAIN LOGIN DIGEST-MD5
>sasl_minimum_layer: 0
>sasl_pwcheck_method: saslauthd
>sasl_auto_transition: no
>tls_ca_path: /etc/ssl/certs
>tls_session_timeout: 1440
>tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH
>mupdate_server: murder
>mupdate_port: 3905
>mupdate_username: murder
>mupdate_authname: murder
>mupdate_password: xxx
>idlemethod: poll
>idlesocket: /var/run/cyrus/socket/idle
>notifysocket: /var/run/cyrus/socket/notify
>syslog_prefix: cyrus

See if setting

allowallsubscribe: 1

on your frontend makes any difference.

Your combination of sasl_mech_list and sasl_pwcheck_method indicates
a possible error in configuration, unless you are also using an auxprop
plugin to authenticate DIGEST-MD5 logins. saslauthd cannot support
DIGEST-MD5.

It's likely that the mupdate server would first attempt a DIGEST-MD5
authentication to your frontend to push any updates. Your syslog (auth
facility) should indicate if that's the case.

Your proxy_authname *should* be listed within your proxyservers on the
backend, rather than listed within your admins entry.

backend:

>configdirectory: /var/mail/cyrus/lib
>defaultpartition: default
>partition-default: /var/mail/cyrus/mail
>delete_mode: immediate
>partition-news: /var/mail/cyrus/news
>newsspool: /var/mail/news
>annotation_db: skiplist
>duplicate_db: skiplist
>mboxlist_db: skiplist
>quota_db: quotalegacy
>seenstate_db: skiplist
>statuscache_db: skiplist
>subscription_db: flat
>tlscache_db: skiplist
>userdeny_db: flat
>altnamespace: no
>unixhierarchysep: yes
>lmtp_downcase_rcpt: yes
>admins: cyrus murder backend
>lmtp_admins: cyrus murder
>mupdate_admins: murder cyrus
>proxyservers: amanda sara janis tegan
>allowallsubscribe: yes
>allowanonymouslogin: no
>allowusermoves: yes
>popminpoll: 1
>autocreatequota: 0
>umask: 077
>sieveusehomedir: false
>sievedir: /var/spool/sieve
>hashimapspool: true
>allowplaintext: yes
>sasl_mech_list: PLAIN LOGIN DIGEST-MD5
>sasl_minimum_layer: 0
>sasl_pwcheck_method: auxprop
>sasl_auxprop_plugin: sasldb
>sasl_auto_transition: no
>tls_key_file: /etc/ssl/private/cyrus.key
>tls_ca_path: /etc/ssl/certs
>tls_session_timeout: 1440
>tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH
>mupdate_server: murder
>mupdate_port: 3905
>mupdate_username: murder
>mupdate_authname: murder
>mupdate_password: xxx
>lmtpsocket: /var/run/cyrus/socket/lmtp
>idlesocket: /var/run/cyrus/socket/idle
>notifysocket: /var/run/cyrus/socket/notify
>syslog_prefix: cyrus

mupdate:

>configdirectory: /var/lib/cyrus
>defaultpartition: default
>partition-default: /var/spool/cyrus/mail
>partition-news: /var/spool/cyrus/news
>newsspool: /var/spool/news
>altnamespace: no
>unixhierarchysep: yes
>lmtp_downcase_rcpt: yes
>admins: cyrus murder
>mupdate_admins: murder cyrus
>proxy_authname: backend
>proxy_password: xxx
>allowanonymouslogin: no
>allowusermoves: yes
>popminpoll: 1
>autocreatequota: 0
>umask: 077
>sieveusehomedir: false
>sievedir: /var/spool/sieve
>hashimapspool: true
>allowplaintext: yes
>sasl_mech_list: PLAIN LOGIN DIGEST-MD5
>sasl_minimum_layer: 0
>sasl_pwcheck_method: auxprop
>sasl_auxprop_plugin: sasldb
>sasl_auto_transition: no
>tls_ca_path: /etc/ssl/certs
>tls_session_timeout: 1440
>tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH
>mupdate_server: murder
>mupdate_port: 3905
>mupdate_username: murder
>mupdate_authname: murder
>lmtpsocket: /var/run/cyrus/socket/lmtp
>idlesocket: /var/run/cyrus/socket/idle
>notifysocket: /var/run/cyrus/socket/notify
>syslog_prefix: cyrus

proxy_authname and proxy_password should not be necessary on the mupdate
master, unless it's also a frontend.

Also compare your /etc/cyrus.conf entries with:

http://cyrusimap.org/docs/cyrus-imapd/2.4.17/install-murder.php

and with the configs listed in master/conf/ within the source.

-- 
Dan White