dovecot - Nov 2014 - Unable to see virtual users

I'm still having trouble getting users accepted by postfix + dovecot.

I have a few (<10) virtual users configured in a passwd-style file in 
/etc/dovecot/users.  I can verify that dovecot sees those users and 
can authenticate them using 'doveadm' as well as IMAP.

I also have one system user configured via PAM.  I can verify that 
dovecot sees this user and can authenticate using 'doveadm' as well 
as IMAP.

I configured the 'dovecot' service in /etc/postfix/master.cf and set 
/etc/postfix/main.cf to use it to deliver virtual mail, per the 
dovecot wiki.  I also set the postfix local delivery command to 
dovecot-lda per the dovecot wiki.

I first tried telling postfix to not check local users by setting in 
/etc/postfix/main.cf:

	local_recipient_maps 
With this setup, mail is received and delivered for the system user, 
but mail to virtual users is bounced with 'unknown user':

	postfix/local ... relay=local ... status=bounced (unknown user:
"test")

So then I tried to tell postfix that it had virtual users by 
configuring them in /etc/postfix/virtual_users and creating a hash 
using 'postmap' and then in /etc/postfix/main.cf setting

local_recipient_maps =  proxy:unix:passwd.byname 
hash:/etc/postfix/virtual_users $alias_maps

This made no difference at all.  Mail to virtual users still bounces 
with 'unknown user' while mail to the system user is delivered.

So then I set 'mydestination' to an empty string in 
/etc/postfix/main.cf and set 'virtual_mailbox_domains' to the string 
that had been in 'mydestination', and set 'mydestination' to an
empty
string.

With this setup, mail to virtual users is delivered, but mail to the 
system user bounces with 'unknown user':

	dovecot: auth: passwd-file(randy): unknown user
	dovecot: auth: passwd-file(randy at domain): unknown user
	dovecot: auth-worker(12538): passwd(randy at domain): unknown user
	postfix/pipe[12548]: ... to=<randy at domain>, relay=dovecot ... 
status=bounced (user unknown)

My dovecot config:


----------
# 2.2.9: /etc/dovecot/dovecot.conf
# OS: Linux 3.13.0-39-generic x86_64 Ubuntu 14.04.1 LTS ext4
auth_verbose = yes
first_valid_gid = 120
first_valid_uid = 112
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_location = mdbox:/local/mnt/mail/%n
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date ihave
namespace inbox {
   inbox = yes
   location    mailbox Drafts {
     special_use = \Drafts
   }
   mailbox Junk {
     special_use = \Junk
   }
   mailbox Sent {
     special_use = \Sent
   }
   mailbox "Sent Messages" {
     special_use = \Sent
   }
   mailbox Trash {
     special_use = \Trash
   }
   prefix }
passdb {
   args = username_format=%n /etc/dovecot/passwd
   driver = passwd-file
}
passdb {
   args = username_format=%n
   driver = pam
}
plugin {
   sieve = ~/.dovecot.sieve
   sieve_dir = ~/sieve
}
postmaster_address = randy at domain
protocols = " imap sieve pop3"
ssl_cert = </etc/dovecot/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.pem
userdb {
   args = uid=vmail gid=vmail home=/local/mnt/home/%n
   driver = static
}
userdb {
   driver = passwd
}

----------


My postfix config:

----------
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
dovecot_destination_recipient_limit = 1
local_recipient_maps = proxy:unix:passwd.byname 
hash:/etc/postfix/virtual_users $alias_maps
mailbox_command = /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a 
"$RECIPIENT" -d "$USER"
mailbox_size_limit = 0
mydestination myhostname = ocean.qualcomm.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
readme_directory = no
recipient_delimiter = +
relayhost = mailhost.qualcomm.com
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_relay_restrictions = permit_mynetworks 
permit_sasl_authenticated defer_unauth_destination
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_mailbox_domains = domain, ocean, localhost
virtual_transport = dovecot
----------





-- 
Randall Gellens
Opinions are personal;    facts are suspect;    I speak for myself only
-------------- Randomly selected tag: ---------------
Attaccabottonai (ah-TAHKA-bo-TONE-eye; Italian; noun): a doleful bore
who buttonholes people and tells sad, pointless tales.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 27 Nov 2014, Randall Gellens wrote:
> I'm still having trouble getting users accepted by postfix + dovecot.
I suppose in your system + virtual user mix, you should use LMTP:
http://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP
So Dovecot handles the difference itself.
> userdb {
>  args = uid=vmail gid=vmail home=/local/mnt/home/%n
>  driver = static
> }
> userdb {
>  driver = passwd
> }
The static userdb does hide the passwd userdb, because it hits for all 
users. You should change the order.

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBVHgiznz1H7kL/d9rAQLiYggAmpHjMckaMLks8kYcxZ0/WSAsamIwO5G9
VnlKVClnQuE7XDZXYYpXYp5aspfUMPy4sOO22tXkFFG5lcrm9B25t24xbEzhiuG0
TB35PbAMO5It69V5VjGrqZciSoB36Oys0/Zy+SXEUJRgPrruvyp/V7N5/ht1BzZ2
7ee+h7xTzLHaHBsQXJ6cHfXIrh3ljKyE8EbrV6xuIVf1fmGPAscVKjgcj9wCuawE
0qRMOCFLlUjd2STcCFF18s/IpWRx9jkEht4adnq2JFvRdk6GTCCVHnH5xl8X2jTf
7c3GbVHxjxrpQsqePxnK/bJznh0WcA5SYNV9kVfKtbMLK7ftdPxaQw==C8Y0
-----END PGP SIGNATURE-----

Thanks very much; please see in-line for clarification questions.

At 8:22 AM +0100 11/28/14, Steffen Kaiser wrote:
>  On Thu, 27 Nov 2014, Randall Gellens wrote:
>
>>  I'm still having trouble getting users accepted by postfix +
dovecot.
>
>  I suppose in your system + virtual user mix, you should use LMTP:
>  http://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP
>  So Dovecot handles the difference itself.
I have postfix set to use dovecot-lda as the delivery agent, which I 
thought would make postfix let dovecot handle the differences.  I 
also thought if I used LMTP then I can't also use dovecot-lda and 
Sieve.  Can you help me understand?
>
>>  userdb {
>>   args = uid=vmail gid=vmail home=/local/mnt/home/%n
>>   driver = static
>>  }
>>  userdb {
>>   driver = passwd
>>  }
>
>  The static userdb does hide the passwd userdb, because it hits for 
> all users. You should change the order.
What I have in /etc/dovecot/conf.d/10-auth.conf is:
----------
passdb {
   driver = passwd-file
   # args = scheme=SHA1 /etc/dovecot/passwd
   # args = username_format=%n /etc/dovecot/users
   args = username_format=%n /etc/dovecot/passwd
}

userdb {
   driver = static
   args = uid=vmail gid=vmail home=/local/mnt/home/%n
}

!include auth-system.conf.ext
----------

What I have in /etc/dovecot/conf.d/auth-system.conf.ext is:

----------
passdb {
   driver = pam
   # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=<n>]
   # [cache_key=<key>] [<service name>]
   #args = dovecot
   args = username_format=%n
}


userdb {
   # <doc/wiki/AuthDatabase.Passwd.txt>
   driver = passwd
   # [blocking=no]
   #args 
   # Override fields from passwd
   #override_fields = home=/home/virtual/%u
}
----------

So, in  /etc/dovecot/conf.d/10-auth.conf the passwd-file userdb is 
before the static one, yet 'doveconf -n' reports them the other way 
around.  I think the system user is not in the system /etc/passwd 
file anyway, the sytem user is verified using PAM.

Sorry for being so confused.

-- 
Randall Gellens
Opinions are personal;    facts are suspect;    I speak for myself only
-------------- Randomly selected tag: ---------------
Algol was a great improvement on most of its successors.
                                          --C.A.R Hoare