One more piece of the puzzle: the explanatory comment text in /etc/dovecot/conf.d/auth-system.conf.ext:
# LDA and LMTP needs to look up users only from the userdb. This of course # doesn't work with static userdb because there is no list of users. # Normally static userdb handles this by doing a passdb lookup. This works # with most passdbs, with PAM being the most notable exception. If you do # the user verification another way, you can add allow_all_users=yes to # the args in which case the passdb lookup is skipped.
This explains why the static userdb prevented the system user from being recognized, since it was in PAM not /etc/passwd.
-- Randall Gellens Opinions are personal; facts are suspect; I speak for myself only -------------- Randomly selected tag: --------------- The first ninety percent of the task takes ninety percent of the time, and the last ten percent takes the other ninety percent.