[Dovecot] Specifying passwd-file with virtual domains?

[Jeffrey Walton]

I'm trying to use virtual domains and I'm suffering a disconnect.

I have two domains - foo.com and bar.com. On the filesystem, they are
located at /var/mail/foo.com/ and /var/mail/bar.com/. Users are
located at /var/mail/foo.com/john/, /var/mail/bar.com/jane/, etc.

There are two password files with <user>:<scheme><password> entries.
The scheme is {PLAIN}. They are located at /var/mail/foo.com/users and
/var/mail/bar.com/users. According to the wiki, these are passwd-file
databases (http://wiki2.dovecot.org/AuthDatabase/PasswdFile).

I specified the following in my dovecot.conf.

passdb {
  args = /var/mail/%d/users
  driver = passwd-file
}

Attempts to use the configuration result in an authentication failure.
Here's an entry from dovecot.log when the failure happens:

Mar 31 16:04:12 imap-login: Info: Disconnected (auth failed, 1
attempts in 5 secs): user=<jeff at foo.com>, method=PLAIN, rip=127.0.0.1,
lip=127.0.1.1, secured, session=<n5/ajez1FgB/AAAB>

What exactly goes where to have Dovecot use the 'users' files to
authenticate users?

Thanks in advance and my apologies for the question. Two days of blog
posts, mini-HowTo's and mailing lists has only help me discover ways
to do things incorrectly.

**********

# dovecot --version
2.1.7

# doveconf -n
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-4-686-pae i686 Debian 7.4
disable_plaintext_auth = no
log_path = /var/log/dovecot.log
login_trusted_networks = 127.0.0.1
mail_location = mbox:~/mail:INBOX=/var/mail/%u
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  ...
  prefix =
}
passdb {
  args = /var/mail/%d/users
  driver = passwd-file
}
passdb {
  driver = pam
}
plugin {
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/sieve
}
protocols = " imap pop3"
ssl_cert = </etc/dovecot/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.pem
userdb {
  driver = passwd
}