dovecot - May 2012 - This binary should probably be called with process group set to (vmail) instead of (userid)

Im sorry to ask another basic question, but Ive tried to find this
answer for several hours now and it eludes me.  Im getting the following
when dovecot tries to deliver an email:

May  6 19:29:21 mydomain dovecot: lda: Debug: auth input: jeff
home=/opt/imapdata/j/jeff/INBOX uid=1001 gid=999
May  6 19:29:21 mydomain dovecot: lda(jeff): Fatal: setgid(999(vmail) from
userdb lookup) failed with euid=999(vmail), gid=500(jeff), egid=500(jeff):
Operation not permitted (This binary should probably be called with process
group set to 999(vmail) instead of 500(jeff))

I cannot seem to find where its trying to call dovecot-lda with uid(jeff) at?
AFAIK Ive set everything up to use/deliver as 'vmail'.  'jeff'
is the only person on this
box with a unix account which is uid 500, but how do I make it use vmail
instead?

Thanks for the help!
Jeff

postfix master.cf:

virtual_transport = vmail
mailbox_command=/opt/dovecot/libexec/dovecot/dovecot-lda -f "$SENDER"
-a "$RECIPIENT"

dovecot -n:

# 2.1.5: /opt/dovecot/etc/dovecot/dovecot.conf
# OS: Linux 2.6.35.14-106.fc14.x86_64 x86_64 Fedora release 14 (Laughlin) ext4
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_socket_path = /opt/dovecot215/var/run/dovecot/auth-userdb
auth_verbose = yes
auth_verbose_passwords = plain
default_client_limit = 225
default_internal_user = vmail
disable_plaintext_auth = no
first_valid_gid = 999
first_valid_uid = 999
listen = *
lock_method = flock
mail_debug = yes
mail_gid = vmail
mail_home = /opt/imapdata/vmailhome
mail_location = mbox:/opt/imapdata/%1n/%n:INDEX=/opt/imapdata/%1n/%n
mail_privileged_group = vmail
mail_uid = vmail
mbox_lock_timeout = 1 mins
mbox_write_locks = fcntl
namespace {
  inbox = yes
  location = 
  prefix = 
  separator = /
  type = private
}
passdb {
  args = /opt/dovecot/etc/dovecot/conf.d/dovecot-sql.conf.ext
  driver = sql
}
plugin {
  mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
  mail_log_fields = uid box msgid size
}
protocols = imap
service auth {
  inet_listener {
    port = 12345
  }
  unix_listener auth-userdb {
    group = vmail
    mode = 0666
    user = vmail
  }
  user = $default_internal_user
}
service imap-login {
  inet_listener imap {
    port = 143
  }
  service_count = 1
}
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
userdb {
  args = /opt/dovecot/etc/dovecot/conf.d/dovecot-sql.conf.ext
  driver = sql
}
userdb {
  args = /opt/dovecot/etc/dovecot/conf.d/dovecot-sql.conf.ext
  driver = sql
}
userdb {
  args = /opt/dovecot/etc/dovecot/conf.d/dovecot-sql.conf.ext
  driver = sql
}
protocol imap {
  imap_idle_notify_interval = 1 mins
  imap_max_line_length = 64 k
  mail_max_userip_connections = 5
}


/mf/home/jeep/shell/.signature

>
> Im sorry to ask another basic question, but Ive tried to find this
> answer for several hours now and it eludes me.  Im getting the following
> when dovecot tries to deliver an email:
>
> May  6 19:29:21 mydomain dovecot: lda: Debug: auth input: jeff
home=/opt/imapdata/j/jeff/INBOX uid=1001 gid=999
> May  6 19:29:21 mydomain dovecot: lda(jeff): Fatal: setgid(999(vmail) from
userdb lookup) failed with euid=999(vmail), gid=500(jeff), egid=500(jeff):
Operation not permitted (This binary should probably be called with process
group set to 999(vmail) instead of 500(jeff))
>
> I cannot seem to find where its trying to call dovecot-lda with uid(jeff)
at?
> AFAIK Ive set everything up to use/deliver as 'vmail'. 
'jeff' is the only person on this
> box with a unix account which is uid 500, but how do I make it use vmail
instead?
>
I forgot to show my dovecot-lda, it seems correct and its setuid as well:

-rwsr-x--x 1 vmail vmail 75789 Apr 28 08:15 dovecot-lda*

Anyone?  I seem to be in permissions hell trying to set things up.
Thank you

/mf/home/jeep/shell/.signature