How can I use /etc/passwd auth for linux users and a passwd-file for virtual mailbox users?
Hello, I hope this is the right mailing list to send questions to. Please direct me where to go if it is not. Thanks.
I am setting up a postfix/dovecot email server on a Debian 13 VPS. Dovecot is v2.4.1. I have thus far been able to successfully configure the server for smtp and imap support for my primary domain (we'll say user@example.com who is a linux user with a home folder). I have been even been able to configure postfix to have virtual mailboxes and aliases, and from ssh I can can even see that the mail gets delivered to the correct place. However, I am struggling to set up dovecot to authenticate a virtual mailbox user (we'll say user@example.net who only has a virtual mailbox).
This documentation page describes the process to configure multiple authentication databases. It describes being able to use multiple passdb and userdb sections in order to authenticate dovecot users. Based upon what it suggested, I tried this configuration:
Snippet from /etc/dovecot/dovecot.conf
passdb passwd-file {
So example.net => /etc/dovecot/passwd/example.net
passwd_file_path = /etc/dovecot/passwd/%{user | domain} }
Fall thru to PAM for unix users
passdb pam { }
userdb passwd-file { passwd_file_path = /etc/dovecot/passwd/%{user | domain} }
Fall thru to /etc/passwd for unix users
userdb passwd { }
Snippet from /etc/dovecot/passwd/example.net
support@example.net:$y$j9...hash...:800:800::/var/postfix/virtual/example.net/support::
This is the configuration I landed on that hypothetically checks multiple databases for authentication that allows at least user@example.com to still login with Thunderbird and do email stuff. However it does not authenticate user@example.net. The biggest difference between my config and the example is that they use a sql database while I am trying the passwd-file database. In principle this seems like it should work, unless I am understanding the dovecot docs or have made my passwd file incorrectly. I even tried reversing the order of userdb and passdb sections to see if it would help to no avail.
This thread seems to address a similar issue, and more or less has the same configuration setup suggested as the one in the snippet above. It's also from 2006 so the API looks kinda different from the current docs.
This thread is from 2013 addressing a similar issue, but despite again different API it translates to more or less what the snippet above shows.
Here is the journalctl output from when I tried to login as user@example.net:
journalctl -xeu dovecot | tail
Dec 29 11:38:19 example.com auth[4719]: pam_unix(dovecot:auth): check pass; user unknown Dec 29 11:38:19 example.com auth[4719]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=user@example.net rhost=10.0.0.1 Dec 29 11:38:28 example.com auth[4719]: pam_unix(dovecot:auth): check pass; user unknown Dec 29 11:38:28 example.com auth[4719]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=user@example.net rhost=10.0.0.1 Dec 29 11:41:19 example.com dovecot[4700]: imap-login: Login aborted: Inactivity (auth failed, 2 attempts in 180 secs) (auth_failed): user=<user@example.net>, method=LOGIN, rip=10.0.0.1, lip=10.0.0.2, TLS, session=<z8Tj3hlHkLxJMmuL>
The last message referring to "Inactivity" is because at that point fail2ban blocked my IP, but before that it was consistent with results I have been getting.
I'm at an absolute loss. I feel like I've trawled every doc I could find, every config file involved in the setup process, all the Stack Exchange answers that seem to exist. Honestly it baffles me to see that even what looks like the same setup as official documentation, it just doesn't... work? Can anybody point to me what is going wrong?
Thanks for reading, ~ Ethan Merrill
Hello, I hope this is the right mailing list to send questions to. Please direct me where to go if it is not. Thanks.
I am setting up a postfix/dovecot email server on a Debian 13 VPS. Dovecot
is v2.4.1. I have thus far been able to successfully configure the server
for smtp and imap support for my primary domain (we'll say
user@example.com who is a linux user with a home folder). I have been
even been able to configure postfix to have virtual mailboxes and aliases,
and from ssh I can can even see that the mail gets delivered to the
correct place. However, I am struggling to set up dovecot to authenticate
a virtual mailbox user (we'll say user@example.net who only has a
virtual mailbox).
[1]This documentation page describes the process to configure multiple
authentication databases. It describes being able to use multiple passdb
and userdb sections in order to authenticate dovecot users. Based upon
what it suggested, I tried this configuration:
## Snippet from /etc/dovecot/dovecot.conf ##
passdb passwd-file {
# So [2]example.net => /etc/dovecot/passwd/example.net
passwd_file_path = /etc/dovecot/passwd/%{user | domain}
}
# Fall thru to PAM for unix users
passdb pam {
}
userdb passwd-file {
passwd_file_path = /etc/dovecot/passwd/%{user | domain}
}
# Fall thru to /etc/passwd for unix users
userdb passwd {
}
## Snippet from /etc/dovecot/passwd/example.net ##
[3]support@example.net:$y$j9...hash...:800:800::/var/postfix/virtual/example.net/support::This is the configuration I landed on that hypothetically checks multiple
databases for authentication that allows at least user@example.com to
still login with Thunderbird and do email stuff. However it does not
authenticate user@example.net. The biggest difference between my config
and the example is that they use a sql database while I am trying the
passwd-file database. In principle this seems like it should work,
unless I am understanding the dovecot docs or have made my passwd file
incorrectly. I even tried reversing the order of userdb and passdb
sections to see if it would help to no avail.
[4]This thread seems to address a similar issue, and more or less has the
same configuration setup suggested as the one in the snippet above. It's
also from 2006 so the API looks kinda different from the current docs.
[5]This thread is from 2013 addressing a similar issue, but despite again
different API it translates to more or less what the snippet above shows.
Here is the journalctl output from when I tried to login as
user@example.net:
# journalctl -xeu dovecot | tail
Dec 29 11:38:19 [6]example.com auth[4719]: pam_unix(dovecot:auth): check
pass; user unknown
Dec 29 11:38:19 [7]example.com auth[4719]: pam_unix(dovecot:auth):
authentication failure; logname= uid=0 euid=0 tty=dovecot
[8]ruser=user@example.net rhost=10.0.0.1
Dec 29 11:38:28 [9]example.com auth[4719]: pam_unix(dovecot:auth): check
pass; user unknown
Dec 29 11:38:28 [10]example.com auth[4719]: pam_unix(dovecot:auth):
authentication failure; logname= uid=0 euid=0 tty=dovecot
[11]ruser=user@example.net rhost=10.0.0.1
Dec 29 11:41:19 [12]example.com dovecot[4700]: imap-login: Login
aborted: Inactivity (auth failed, 2 attempts in 180 secs) (auth_failed):
user=<[13]user@example.net>, method=LOGIN, rip=10.0.0.1, lip=10.0.0.2,
TLS, session=<z8Tj3hlHkLxJMmuL>The last message referring to "Inactivity" is because at that point fail2ban blocked my IP, but before that it was consistent with results I have been getting. I'm at an absolute loss. I feel like I've trawled every doc I could find, every config file involved in the setup process, all the Stack Exchange answers that seem to exist. Honestly it baffles me to see that even what looks like the same setup as official documentation, it just doesn't... work? Can anybody point to me what is going wrong? Thanks for reading, ~ Ethan Merrill
References
Visible links
- This documentation page https://doc.dovecot.org/2.4.2/core/config/auth/mutltiple.html
- http://example.net/
- mailto:support@example.net
- This thread https://dovecot.org/mailman3/archives/list/dovecot@dovecot.org/thread/VMXU2Q...
- This thread https://dovecot.org/mailman3/archives/list/dovecot@dovecot.org/thread/YO3DFD...
- http://example.com/
- http://example.com/
- mailto:ruser=user@example.net
- http://example.com/
- http://example.com/
- mailto:ruser=user@example.net
- http://example.com/
- mailto:user@example.net
December 29, 2025 at 3:28 PM, "Ethan Merrill via dovecot" <dovecot@dovecot.org mailto:dovecot@dovecot.org?to=%22Ethan%20Merrill%20via%20dovecot%22%20%3Cdovecot%40dovecot.org%3E > wrote:
Hello, I hope this is the right mailing list to send questions to. Please direct me where to go if it is not. Thanks.
I am setting up a postfix/dovecot email server on a Debian 13 VPS. Dovecot is v2.4.1. I have thus far been able to successfully configure the server for smtp and imap support for my primary domain (we'll say
user@example.comwho is a linux user with a home folder). I have been even been able to configure postfix to have virtual mailboxes and aliases, and from ssh I can can even see that the mail gets delivered to the correct place. However, I am struggling to set up dovecot to authenticate a virtual mailbox user (we'll sayuser@example.netwho only has a virtual mailbox).This documentation page describes the process to configure multiple authentication databases. It describes being able to use multiple
passdbanduserdbsections in order to authenticate dovecot users. Based upon what it suggested, I tried this configuration:Snippet from /etc/dovecot/dovecot.conf
passdb passwd-file {
So example.net => /etc/dovecot/passwd/example.net
passwd_file_path = /etc/dovecot/passwd/%{user | domain} }
Fall thru to PAM for unix users
passdb pam { }
userdb passwd-file { passwd_file_path = /etc/dovecot/passwd/%{user | domain} }
Fall thru to /etc/passwd for unix users
userdb passwd { }
Snippet from /etc/dovecot/passwd/example.net
support@example.net:$y$j9...hash...:800:800::/var/postfix/virtual/example.net/support:: mailto:support@example.net:$y$j9...hash...:800:800::/var/postfix/virtual/example.net/support::
This is the configuration I landed on that hypothetically checks multiple databases for authentication that allows at least
user@example.comto still login with Thunderbird and do email stuff. However it does not authenticateuser@example.net. The biggest difference between my config and the example is that they use asqldatabase while I am trying thepasswd-filedatabase. In principle this seems like it should work, unless I am understanding the dovecot docs or have made my passwd file incorrectly. I even tried reversing the order ofuserdbandpassdbsections to see if it would help to no avail.This thread seems to address a similar issue, and more or less has the same configuration setup suggested as the one in the snippet above. It's also from 2006 so the API looks kinda different from the current docs.
This thread is from 2013 addressing a similar issue, but despite again different API it translates to more or less what the snippet above shows.
Here is the journalctl output from when I tried to login as
user@example.net:journalctl -xeu dovecot | tail
Dec 29 11:38:19 example.com auth[4719]: pam_unix(dovecot:auth): check pass; user unknown Dec 29 11:38:19 example.com auth[4719]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=user@example.net rhost=10.0.0.1 Dec 29 11:38:28 example.com auth[4719]: pam_unix(dovecot:auth): check pass; user unknown Dec 29 11:38:28 example.com auth[4719]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=user@example.net rhost=10.0.0.1 Dec 29 11:41:19 example.com dovecot[4700]: imap-login: Login aborted: Inactivity (auth failed, 2 attempts in 180 secs) (auth_failed): user=<user@example.net>, method=LOGIN, rip=10.0.0.1, lip=10.0.0.2, TLS, session=<z8Tj3hlHkLxJMmuL>
The last message referring to "Inactivity" is because at that point fail2ban blocked my IP, but before that it was consistent with results I have been getting.
I'm at an absolute loss. I feel like I've trawled every doc I could find, every config file involved in the setup process, all the Stack Exchange answers that seem to exist. Honestly it baffles me to see that even what looks like the same setup as official documentation, it just doesn't... work? Can anybody point to me what is going wrong?
Thanks for reading, ~ Ethan Merrill Hello, I hope this is the right mailing list to send questions to. Please direct me where to go if it is not. Thanks.
I am setting up a postfix/dovecot email server on a Debian 13 VPS. Dovecot is v2.4.1. I have thus far been able to successfully configure the server for smtp and imap support for my primary domain (we'll say
user@example.comwho is a linux user with a home folder). I have been even been able to configure postfix to have virtual mailboxes and aliases, and from ssh I can can even see that the mail gets delivered to the correct place. However, I am struggling to set up dovecot to authenticate a virtual mailbox user (we'll sayuser@example.netwho only has a virtual mailbox). [1]This documentation page describes the process to configure multiple authentication databases. It describes being able to use multiplepassdbanduserdbsections in order to authenticate dovecot users. Based upon what it suggested, I tried this configuration:Snippet from /etc/dovecot/dovecot.conf
passdb passwd-file {
So [2]example.net => /etc/dovecot/passwd/example.net
passwd_file_path = /etc/dovecot/passwd/%{user | domain} }
Fall thru to PAM for unix users
passdb pam { } userdb passwd-file { passwd_file_path = /etc/dovecot/passwd/%{user | domain} }
Fall thru to /etc/passwd for unix users
userdb passwd { }
Snippet from /etc/dovecot/passwd/example.net
[3]support@example.net:$y$j9...hash...:800:800::/var/postfix/virtual/example.net/support::
This is the configuration I landed on that hypothetically checks multiple databases for authentication that allows at least
user@example.comto still login with Thunderbird and do email stuff. However it does not authenticateuser@example.net. The biggest difference between my config and the example is that they use asqldatabase while I am trying thepasswd-filedatabase. In principle this seems like it should work, unless I am understanding the dovecot docs or have made my passwd file incorrectly. I even tried reversing the order ofuserdbandpassdbsections to see if it would help to no avail. [4]This thread seems to address a similar issue, and more or less has the same configuration setup suggested as the one in the snippet above. It's also from 2006 so the API looks kinda different from the current docs. [5]This thread is from 2013 addressing a similar issue, but despite again different API it translates to more or less what the snippet above shows. Here is the journalctl output from when I tried to login asuser@example.net:journalctl -xeu dovecot | tail
Dec 29 11:38:19 [6]example.com auth[4719]: pam_unix(dovecot:auth): check pass; user unknown Dec 29 11:38:19 [7]example.com auth[4719]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot [8]ruser=user@example.net rhost=10.0.0.1 Dec 29 11:38:28 [9]example.com auth[4719]: pam_unix(dovecot:auth): check pass; user unknown Dec 29 11:38:28 [10]example.com auth[4719]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot [11]ruser=user@example.net rhost=10.0.0.1 Dec 29 11:41:19 [12]example.com dovecot[4700]: imap-login: Login aborted: Inactivity (auth failed, 2 attempts in 180 secs) (auth_failed): user=<[13]user@example.net>, method=LOGIN, rip=10.0.0.1, lip=10.0.0.2, TLS, session=<z8Tj3hlHkLxJMmuL>
The last message referring to "Inactivity" is because at that point fail2ban blocked my IP, but before that it was consistent with results I have been getting. I'm at an absolute loss. I feel like I've trawled every doc I could find, every config file involved in the setup process, all the Stack Exchange answers that seem to exist. Honestly it baffles me to see that even what looks like the same setup as official documentation, it just doesn't... work? Can anybody point to me what is going wrong? Thanks for reading, ~ Ethan Merrill
References
I simply define my virtual domains in Postfix:
==============================
VIRTUAL DOMAINS
==============================
virtual_alias_domains = new.domain virtual_alias_maps = hash:/etc/postfix/virtual
Then, in /etc/postfix/virtual, I add the alias:
newuser@new.domain newuser
And that’s it.
Could you share your doveconf -n?
I simply define my virtual domains in Postfix:
VIRTUAL DOMAINS
virtual_alias_domains = new.domain virtual_alias_maps = hash:/etc/postfix/virtual Then, in /etc/postfix/virtual, I add the alias: newuser@new.domain newuser And that’s it. Could you share your doveconf -n?
That set up is different than what I am trying to achieve. You have a virtual alias set up, which redirects mail from an email address to an arbitrary linux user. I am trying to avoid creating linux users for every email account, which is why I need to be able to use dovecot's multiple authentication database feature to facilitate virtual mailboxes. Here is that section from my /etc/postfix/main.cf:
virtual_mailbox_domains = example.net
virtual_uid_maps = static:1001
virtual_gid_maps = static:1001
virtual_mailbox_base = /var/postfix/virtual
virtual_mailbox_maps = hash:/etc/postfix/virtual/recipients
virtual_alias_maps = hash:/etc/postfix/virtual/aliases
virtual_alias_domains = hash:/etc/postfix/virtual/domains
Then the mailbox is defined in /etc/postfix/virtual/recipients:
user@example.net example.net/user
Which means that rather than being set up as a linux user with a /home directory, user@example.net should have a virtual mailbox in /var/postfix/virtual/example.net/user. This actually works as far as postfix is concerned, and as the root user I can peek in that folder to see a message sent to it from my personal email account. Then here is doveconf -n:
# 2.4.1-4 (7d8c0e5759): /etc/dovecot/dovecot.conf
# Pigeonhole version 2.4.1-4 (0a86619f)
# OS: Linux 6.12.57+deb13-amd64 x86_64 Debian 13.2
# Hostname: example.com
dovecot_config_version = 2.4.1
auth_mechanisms = plain login
auth_username_format = %{user}
dovecot_storage_version = 2.4.1
mail_driver = sdbox
mail_inbox_path = ~/Mail/Inbox
mail_path = ~/Mail
protocols = imap
ssl = required
ssl_server {
cert_file = /etc/letsencrypt/live/mail.example.com/fullchain.pem
dh_file = /usr/share/dovecot/dh.pem
key_file = /etc/letsencrypt/live/mail.example.com/privkey.pem
prefer_ciphers = server
}
userdb passwd-file {
passwd_file_path = /etc/dovecot/passwd/%{user | domain}
}
userdb passwd {
}
passdb passwd-file {
passwd_file_path = /etc/dovecot/passwd/%{user | domain}
}
passdb pam {
}
namespace inbox {
inbox = yes
mailbox Drafts {
auto = subscribe
special_use = "\\Drafts"
}
mailbox Junk {
auto = subscribe
autoexpunge = 30d
special_use = "\\Junk"
}
mailbox Sent {
auto = subscribe
special_use = "\\Sent"
}
mailbox Trash {
special_use = "\\Trash"
}
mailbox Archive {
special_use = "\\Archive"
}
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
protocol lda {
mail_plugins = sieve
}
protocol lmtp {
mail_plugins = sieve
}
protocol pop3 {
pop3_no_flag_updates = yes
pop3_uidl_format = UID%{uid}-%{uidvalidity}
}
sieve_script default {
}
Basically the problem is that this virtual mailbox user has a mailbox that receives mail, but the user cannot log onto their account with an email client. My guess is that I either have misconfigured the userdb and/or passdb entries in the dovecot.conf file, or the passwd-file at /etc/dovecot/passwd/example.net I created is not formatted correctly, because the ultimate problem is that the system cannot authenticate the user when they attempt to connect via imap/smtp. From all of the documentation and help threads referenced in my first message, I cannot tell what I've done wrong and I'm at a total loss.
Thanks for the prompt reply. This is my first time using one of these mail lists, so I did not see you responded right away.
I was wondering if this was a good use case for the creation of a user without a dedicated home directory.
The user will not be able to 'log in' in the traditional way, but they would have an entry in /etc/passwd. Then you would only need to create a link from /home/user into your selected location (in your instance /var/postfix/virtual/example.net/[user <http://example.net/user>Name] ).
please note : this isn't something that I have done, but I'm sure there are other more experienced admins on this list that will pipe up if this is not a good solution, and explain why its not, and propose alternatives.
Le mer. 31 déc. 2025 à 09:55, animerrill--- via dovecot <dovecot@dovecot.org> a écrit :
I simply define my virtual domains in Postfix:
VIRTUAL DOMAINS
virtual_alias_domains = new.domain virtual_alias_maps = hash:/etc/postfix/virtual Then, in /etc/postfix/virtual, I add the alias: newuser@new.domain newuser And that’s it. Could you share your doveconf -n?
That set up is different than what I am trying to achieve. You have a virtual alias set up, which redirects mail from an email address to an arbitrary linux user. I am trying to avoid creating linux users for every email account, which is why I need to be able to use dovecot's multiple authentication database feature to facilitate virtual mailboxes. Here is that section from my /etc/postfix/main.cf:
virtual_mailbox_domains = example.net virtual_uid_maps = static:1001 virtual_gid_maps = static:1001 virtual_mailbox_base = /var/postfix/virtual virtual_mailbox_maps = hash:/etc/postfix/virtual/recipients virtual_alias_maps = hash:/etc/postfix/virtual/aliases virtual_alias_domains = hash:/etc/postfix/virtual/domainsThen the mailbox is defined in /etc/postfix/virtual/recipients:
user@example.net example.net/userWhich means that rather than being set up as a linux user with a /home directory, user@example.net should have a virtual mailbox in /var/postfix/virtual/example.net/user. This actually works as far as postfix is concerned, and as the root user I can peek in that folder to see a message sent to it from my personal email account. Then here is
doveconf -n:# 2.4.1-4 (7d8c0e5759): /etc/dovecot/dovecot.conf # Pigeonhole version 2.4.1-4 (0a86619f) # OS: Linux 6.12.57+deb13-amd64 x86_64 Debian 13.2 # Hostname: example.com dovecot_config_version = 2.4.1 auth_mechanisms = plain login auth_username_format = %{user} dovecot_storage_version = 2.4.1 mail_driver = sdbox mail_inbox_path = ~/Mail/Inbox mail_path = ~/Mail protocols = imap ssl = required ssl_server { cert_file = /etc/letsencrypt/live/mail.example.com/fullchain.pem dh_file = /usr/share/dovecot/dh.pem key_file = /etc/letsencrypt/live/mail.example.com/privkey.pem prefer_ciphers = server } userdb passwd-file { passwd_file_path = /etc/dovecot/passwd/%{user | domain} } userdb passwd { } passdb passwd-file { passwd_file_path = /etc/dovecot/passwd/%{user | domain} } passdb pam { } namespace inbox { inbox = yes mailbox Drafts { auto = subscribe special_use = "\\Drafts" } mailbox Junk { auto = subscribe autoexpunge = 30d special_use = "\\Junk" } mailbox Sent { auto = subscribe special_use = "\\Sent" } mailbox Trash { special_use = "\\Trash" } mailbox Archive { special_use = "\\Archive" } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } protocol lda { mail_plugins = sieve } protocol lmtp { mail_plugins = sieve } protocol pop3 { pop3_no_flag_updates = yes pop3_uidl_format = UID%{uid}-%{uidvalidity} } sieve_script default { }Basically the problem is that this virtual mailbox user has a mailbox that receives mail, but the user cannot log onto their account with an email client. My guess is that I either have misconfigured the
userdband/orpassdbentries in the dovecot.conf file, or the passwd-file at /etc/dovecot/passwd/example.net I created is not formatted correctly, because the ultimate problem is that the system cannot authenticate the user when they attempt to connect via imap/smtp. From all of the documentation and help threads referenced in my first message, I cannot tell what I've done wrong and I'm at a total loss.Thanks for the prompt reply. This is my first time using one of these mail lists, so I did not see you responded right away.
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
I was wondering if this was a good use case for the creation of a user without a dedicated home directory. The user will not be able to 'log in' in the traditional way, but they would have an entry in /etc/passwd. Then you would only need to create a link from /home/user into your selected location (in your instance /var/postfix/virtual/[1]example.net/[userName] ). please note : this isn't something that I have done, but I'm sure there are other more experienced admins on this list that will pipe up if this is not a good solution, and explain why its not, and propose alternatives.
Le mer. 31 dec. 2025 `a 09:55, animerrill--- via dovecot <[2]dovecot@dovecot.org> a ecrit :
> I simply define my virtual domains in Postfix:
> ==============================
> VIRTUAL DOMAINS
> ==============================
>
> virtual_alias_domains = new.domain
> virtual_alias_maps = hash:/etc/postfix/virtual
> Then, in /etc/postfix/virtual, I add the alias:
> newuser@new.domain newuser
> And that's it.
> Could you share your doveconf -n?
That set up is different than what I am trying to achieve. You have a
virtual alias set up, which redirects mail from an email address to an
arbitrary linux user. I am trying to avoid creating linux users for
every email account, which is why I need to be able to use dovecot's
multiple authentication database feature to facilitate virtual
mailboxes. Here is that section from my /etc/postfix/[3]main.cf:
```
virtual_mailbox_domains = [4]example.net
virtual_uid_maps = static:1001
virtual_gid_maps = static:1001
virtual_mailbox_base = /var/postfix/virtual
virtual_mailbox_maps = hash:/etc/postfix/virtual/recipients
virtual_alias_maps = hash:/etc/postfix/virtual/aliases
virtual_alias_domains = hash:/etc/postfix/virtual/domains
```
Then the mailbox is defined in /etc/postfix/virtual/recipients:
```
[5]user@example.net [6]example.net/user
```
Which means that rather than being set up as a linux user with a /home
directory, [7]user@example.net should have a virtual mailbox in
/var/postfix/virtual/[8]example.net/user. This actually works as far as
postfix is concerned, and as the root user I can peek in that folder to
see a message sent to it from my personal email account. Then here is
`doveconf -n`:
```
# 2.4.1-4 (7d8c0e5759): /etc/dovecot/dovecot.conf
# Pigeonhole version 2.4.1-4 (0a86619f)
# OS: Linux 6.12.57+deb13-amd64 x86_64 Debian 13.2
# Hostname: [9]example.com
dovecot_config_version = 2.4.1
auth_mechanisms = plain login
auth_username_format = %{user}
dovecot_storage_version = 2.4.1
mail_driver = sdbox
mail_inbox_path = ~/Mail/Inbox
mail_path = ~/Mail
protocols = imap
ssl = required
ssl_server {
cert_file = /etc/letsencrypt/live/[10]mail.example.com/fullchain.pem
dh_file = /usr/share/dovecot/dh.pem
key_file = /etc/letsencrypt/live/[11]mail.example.com/privkey.pem
prefer_ciphers = server
}
userdb passwd-file {
passwd_file_path = /etc/dovecot/passwd/%{user | domain}
}
userdb passwd {
}
passdb passwd-file {
passwd_file_path = /etc/dovecot/passwd/%{user | domain}
}
passdb pam {
}
namespace inbox {
inbox = yes
mailbox Drafts {
auto = subscribe
special_use = "\\Drafts"
}
mailbox Junk {
auto = subscribe
autoexpunge = 30d
special_use = "\\Junk"
}
mailbox Sent {
auto = subscribe
special_use = "\\Sent"
}
mailbox Trash {
special_use = "\\Trash"
}
mailbox Archive {
special_use = "\\Archive"
}
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
protocol lda {
mail_plugins = sieve
}
protocol lmtp {
mail_plugins = sieve
}
protocol pop3 {
pop3_no_flag_updates = yes
pop3_uidl_format = UID%{uid}-%{uidvalidity}
}
sieve_script default {
}
```
Basically the problem is that this virtual mailbox user has a mailbox
that receives mail, but the user cannot log onto their account with an
email client. My guess is that I either have misconfigured the `userdb`
and/or `passdb` entries in the dovecot.conf file, or the passwd-file at
/etc/dovecot/passwd/[12]example.net I created is not formatted
correctly, because the ultimate problem is that the system cannot
authenticate the user when they attempt to connect via imap/smtp. From
all of the documentation and help threads referenced in my first
message, I cannot tell what I've done wrong and I'm at a total loss.
Thanks for the prompt reply. This is my first time using one of these
mail lists, so I did not see you responded right away.
_______________________________________________
dovecot mailing list -- [13]dovecot@dovecot.org
To unsubscribe send an email to [14]dovecot-leave@dovecot.orgReferences
Visible links
- http://example.net/user
- mailto:dovecot@dovecot.org
- http://main.cf/
- http://example.net/
- mailto:user@example.net
- http://example.net/user
- mailto:user@example.net
- http://example.net/user
- http://example.com/
- http://mail.example.com/fullchain.pem
- http://mail.example.com/privkey.pem
- http://example.net/
- mailto:dovecot@dovecot.org
- mailto:dovecot-leave@dovecot.org
Would that not be akin to a nologin shell?
Set the user home to /var/postfix/virtual/example.net/usename on creation.
useradd -d /var/postfix/virtual/example.net/username -s /sbin/nologin username
Personally I prefer /home/example.net/username but.
Bypassing creating a link from /home/username to the /var....
User can then be verfied by the system for mails but can't actually access the system. Dovecot/postfix reads the home dir and delivers mail where required.
Again I'm sure there are other more experienced admins.....
On 2 January 2026 19:35:39 GMT, David Myers via dovecot <dovecot@dovecot.org> wrote:
I was wondering if this was a good use case for the creation of a user without a dedicated home directory.
The user will not be able to 'log in' in the traditional way, but they would have an entry in /etc/passwd. Then you would only need to create a link from /home/user into your selected location (in your instance /var/postfix/virtual/example.net/[user <http://example.net/user>Name] ).
please note : this isn't something that I have done, but I'm sure there are other more experienced admins on this list that will pipe up if this is not a good solution, and explain why its not, and propose alternatives.
Le mer. 31 déc. 2025 à 09:55, animerrill--- via dovecot <dovecot@dovecot.org> a écrit :
I simply define my virtual domains in Postfix:
VIRTUAL DOMAINS
virtual_alias_domains = new.domain virtual_alias_maps = hash:/etc/postfix/virtual Then, in /etc/postfix/virtual, I add the alias: newuser@new.domain newuser And that’s it. Could you share your doveconf -n?
That set up is different than what I am trying to achieve. You have a virtual alias set up, which redirects mail from an email address to an arbitrary linux user. I am trying to avoid creating linux users for every email account, which is why I need to be able to use dovecot's multiple authentication database feature to facilitate virtual mailboxes. Here is that section from my /etc/postfix/main.cf:
virtual_mailbox_domains = example.net virtual_uid_maps = static:1001 virtual_gid_maps = static:1001 virtual_mailbox_base = /var/postfix/virtual virtual_mailbox_maps = hash:/etc/postfix/virtual/recipients virtual_alias_maps = hash:/etc/postfix/virtual/aliases virtual_alias_domains = hash:/etc/postfix/virtual/domainsThen the mailbox is defined in /etc/postfix/virtual/recipients:
user@example.net example.net/userWhich means that rather than being set up as a linux user with a /home directory, user@example.net should have a virtual mailbox in /var/postfix/virtual/example.net/user. This actually works as far as postfix is concerned, and as the root user I can peek in that folder to see a message sent to it from my personal email account. Then here is
doveconf -n:# 2.4.1-4 (7d8c0e5759): /etc/dovecot/dovecot.conf # Pigeonhole version 2.4.1-4 (0a86619f) # OS: Linux 6.12.57+deb13-amd64 x86_64 Debian 13.2 # Hostname: example.com dovecot_config_version = 2.4.1 auth_mechanisms = plain login auth_username_format = %{user} dovecot_storage_version = 2.4.1 mail_driver = sdbox mail_inbox_path = ~/Mail/Inbox mail_path = ~/Mail protocols = imap ssl = required ssl_server { cert_file = /etc/letsencrypt/live/mail.example.com/fullchain.pem dh_file = /usr/share/dovecot/dh.pem key_file = /etc/letsencrypt/live/mail.example.com/privkey.pem prefer_ciphers = server } userdb passwd-file { passwd_file_path = /etc/dovecot/passwd/%{user | domain} } userdb passwd { } passdb passwd-file { passwd_file_path = /etc/dovecot/passwd/%{user | domain} } passdb pam { } namespace inbox { inbox = yes mailbox Drafts { auto = subscribe special_use = "\\Drafts" } mailbox Junk { auto = subscribe autoexpunge = 30d special_use = "\\Junk" } mailbox Sent { auto = subscribe special_use = "\\Sent" } mailbox Trash { special_use = "\\Trash" } mailbox Archive { special_use = "\\Archive" } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } protocol lda { mail_plugins = sieve } protocol lmtp { mail_plugins = sieve } protocol pop3 { pop3_no_flag_updates = yes pop3_uidl_format = UID%{uid}-%{uidvalidity} } sieve_script default { }Basically the problem is that this virtual mailbox user has a mailbox that receives mail, but the user cannot log onto their account with an email client. My guess is that I either have misconfigured the
userdband/orpassdbentries in the dovecot.conf file, or the passwd-file at /etc/dovecot/passwd/example.net I created is not formatted correctly, because the ultimate problem is that the system cannot authenticate the user when they attempt to connect via imap/smtp. From all of the documentation and help threads referenced in my first message, I cannot tell what I've done wrong and I'm at a total loss.Thanks for the prompt reply. This is my first time using one of these mail lists, so I did not see you responded right away.
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
Would that not be akin to a nologin shell?
Set the user home to /var/postfix/virtual/example.net/usename on creation.
useradd -d /var/postfix/virtual/example.net/username -s /sbin/nologin username
Personally I prefer /home/example.net/username but.
Bypassing creating a link from /home/username to the /var....
User can then be verfied by the system for mails but can't actually access the system. Dovecot/postfix reads the home dir and delivers mail where required.
Again I'm sure there are other more experienced admins.....
On 2 January 2026 19:35:39 GMT, David Myers via dovecot <dovecot@dovecot.org> wrote:
I was wondering if this was a good use case for the creation of a user without a dedicated home directory.
The user will not be able to 'log in' in the traditional way, but they would have an entry in /etc/passwd. Then you would only need to create a link from /home/user into your selected location (in your instance /var/postfix/virtual/example.net/[user <[1]http://example.net/user>Name] ).
please note : this isn't something that I have done, but I'm sure there are other more experienced admins on this list that will pipe up if this is not a good solution, and explain why its not, and propose alternatives.
Le mer. 31 dec. 2025 `a 09:55, animerrill--- via dovecot <dovecot@dovecot.org> a ecrit :
I simply define my virtual domains in Postfix:
VIRTUAL DOMAINS
virtual_alias_domains = new.domain virtual_alias_maps = hash:/etc/postfix/virtual Then, in /etc/postfix/virtual, I add the alias: newuser@new.domain newuser And that's it. Could you share your doveconf -n?
That set up is different than what I am trying to achieve. You have a virtual alias set up, which redirects mail from an email address to an arbitrary linux user. I am trying to avoid creating linux users for every email account, which is why I need to be able to use dovecot's multiple authentication database feature to facilitate virtual mailboxes. Here is that section from my /etc/postfix/main.cf:
virtual_mailbox_domains = example.net
virtual_uid_maps = static:1001
virtual_gid_maps = static:1001
virtual_mailbox_base = /var/postfix/virtual
virtual_mailbox_maps = hash:/etc/postfix/virtual/recipients
virtual_alias_maps = hash:/etc/postfix/virtual/aliases
virtual_alias_domains = hash:/etc/postfix/virtual/domains
Then the mailbox is defined in /etc/postfix/virtual/recipients:
user@example.net example.net/user
Which means that rather than being set up as a linux user with a /home
directory, user@example.net should have a virtual mailbox in
/var/postfix/virtual/example.net/user. This actually works as far as
postfix is concerned, and as the root user I can peek in that folder to see
a message sent to it from my personal email account. Then here is doveconf -n:
# 2.4.1-4 (7d8c0e5759): /etc/dovecot/dovecot.conf
# Pigeonhole version 2.4.1-4 (0a86619f)
# OS: Linux 6.12.57+deb13-amd64 x86_64 Debian 13.2
# Hostname: example.com
dovecot_config_version = 2.4.1
auth_mechanisms = plain login
auth_username_format = %{user}
dovecot_storage_version = 2.4.1
mail_driver = sdbox
mail_inbox_path = ~/Mail/Inbox
mail_path = ~/Mail
protocols = imap
ssl = required
ssl_server {
cert_file = /etc/letsencrypt/live/mail.example.com/fullchain.pem
dh_file = /usr/share/dovecot/dh.pem
key_file = /etc/letsencrypt/live/mail.example.com/privkey.pem
prefer_ciphers = server
}
userdb passwd-file {
passwd_file_path = /etc/dovecot/passwd/%{user | domain}
}
userdb passwd {
}
passdb passwd-file {
passwd_file_path = /etc/dovecot/passwd/%{user | domain}
}
passdb pam {
}
namespace inbox {
inbox = yes
mailbox Drafts {
auto = subscribe
special_use = "\\Drafts"
}
mailbox Junk {
auto = subscribe
autoexpunge = 30d
special_use = "\\Junk"
}
mailbox Sent {
auto = subscribe
special_use = "\\Sent"
}
mailbox Trash {
special_use = "\\Trash"
}
mailbox Archive {
special_use = "\\Archive"
}
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
protocol lda {
mail_plugins = sieve
}
protocol lmtp {
mail_plugins = sieve
}
protocol pop3 {
pop3_no_flag_updates = yes
pop3_uidl_format = UID%{uid}-%{uidvalidity}
}
sieve_script default {
}
Basically the problem is that this virtual mailbox user has a mailbox that
receives mail, but the user cannot log onto their account with an email
client. My guess is that I either have misconfigured the userdb and/or
passdb entries in the dovecot.conf file, or the passwd-file at
/etc/dovecot/passwd/example.net I created is not formatted correctly,
because the ultimate problem is that the system cannot authenticate the
user when they attempt to connect via imap/smtp. From all of the
documentation and help threads referenced in my first message, I cannot
tell what I've done wrong and I'm at a total loss.
Thanks for the prompt reply. This is my first time using one of these mail lists, so I did not see you responded right away.
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
References
Visible links
Yes I had thought of that idea too ... but I have a preference for creating the home then adding in a link to the required location.
It creates the opportunity for creating an 'actual' home in the future if required.
Le ven. 2 janv. 2026 à 22:12, Chris Twinn <chris@twinn.co.uk> a écrit :
Would that not be akin to a nologin shell?
Set the user home to /var/postfix/virtual/example.net/usename on creation.
useradd -d /var/postfix/virtual/example.net/username -s /sbin/nologin username
Personally I prefer /home/example.net/username but.
Bypassing creating a link from /home/username to the /var....
User can then be verfied by the system for mails but can't actually access the system. Dovecot/postfix reads the home dir and delivers mail where required.
Again I'm sure there are other more experienced admins.....
On 2 January 2026 19:35:39 GMT, David Myers via dovecot < dovecot@dovecot.org> wrote:
I was wondering if this was a good use case for the creation of a user without a dedicated home directory.
The user will not be able to 'log in' in the traditional way, but they would have an entry in /etc/passwd. Then you would only need to create a link from /home/user into your selected location (in your instance /var/postfix/virtual/example.net/[user <http://example.net/%5Buser> <http://example.net/user>Name] ).
please note : this isn't something that I have done, but I'm sure there are other more experienced admins on this list that will pipe up if this is not a good solution, and explain why its not, and propose alternatives.
Le mer. 31 déc. 2025 à 09:55, animerrill--- via dovecot <dovecot@dovecot.org> a écrit :
I simply define my virtual domains in Postfix:
VIRTUAL DOMAINS
virtual_alias_domains = new.domain virtual_alias_maps = hash:/etc/postfix/virtual Then, in /etc/postfix/virtual, I add the alias: newuser@new.domain newuser And that’s it. Could you share your doveconf -n?
That set up is different than what I am trying to achieve. You have a virtual alias set up, which redirects mail from an email address to an arbitrary linux user. I am trying to avoid creating linux users for every email account, which is why I need to be able to use dovecot's multiple authentication database feature to facilitate virtual mailboxes. Here is that section from my /etc/postfix/main.cf:
virtual_mailbox_domains = example.net virtual_uid_maps = static:1001 virtual_gid_maps = static:1001 virtual_mailbox_base = /var/postfix/virtual virtual_mailbox_maps = hash:/etc/postfix/virtual/recipients virtual_alias_maps = hash:/etc/postfix/virtual/aliases virtual_alias_domains = hash:/etc/postfix/virtual/domainsThen the mailbox is defined in /etc/postfix/virtual/recipients:
user@example.net example.net/userWhich means that rather than being set up as a linux user with a /home directory, user@example.net should have a virtual mailbox in /var/postfix/virtual/example.net/user. This actually works as far as postfix is concerned, and as the root user I can peek in that folder to see a message sent to it from my personal email account. Then here is
doveconf -n:# 2.4.1-4 (7d8c0e5759): /etc/dovecot/dovecot.conf # Pigeonhole version 2.4.1-4 (0a86619f) # OS: Linux 6.12.57+deb13-amd64 x86_64 Debian 13.2 # Hostname: example.com dovecot_config_version = 2.4.1 auth_mechanisms = plain login auth_username_format = %{user} dovecot_storage_version = 2.4.1 mail_driver = sdbox mail_inbox_path = ~/Mail/Inbox mail_path = ~/Mail protocols = imap ssl = required ssl_server { cert_file = /etc/letsencrypt/live/mail.example.com/fullchain.pem dh_file = /usr/share/dovecot/dh.pem key_file = /etc/letsencrypt/live/mail.example.com/privkey.pem prefer_ciphers = server } userdb passwd-file { passwd_file_path = /etc/dovecot/passwd/%{user | domain} } userdb passwd { } passdb passwd-file { passwd_file_path = /etc/dovecot/passwd/%{user | domain} } passdb pam { } namespace inbox { inbox = yes mailbox Drafts { auto = subscribe special_use = "\\Drafts" } mailbox Junk { auto = subscribe autoexpunge = 30d special_use = "\\Junk" } mailbox Sent { auto = subscribe special_use = "\\Sent" } mailbox Trash { special_use = "\\Trash" } mailbox Archive { special_use = "\\Archive" } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } protocol lda { mail_plugins = sieve } protocol lmtp { mail_plugins = sieve } protocol pop3 { pop3_no_flag_updates = yes pop3_uidl_format = UID%{uid}-%{uidvalidity} } sieve_script default { }Basically the problem is that this virtual mailbox user has a mailbox that receives mail, but the user cannot log onto their account with an email client. My guess is that I either have misconfigured the
userdband/orpassdbentries in the dovecot.conf file, or the passwd-file at /etc/dovecot/passwd/example.net I created is not formatted correctly, because the ultimate problem is that the system cannot authenticate the user when they attempt to connect via imap/smtp. From all of the documentation and help threads referenced in my first message, I cannot tell what I've done wrong and I'm at a total loss.Thanks for the prompt reply. This is my first time using one of these mail lists, so I did not see you responded right away.
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
Yes I had thought of that idea too ... but I have a preference for creating the home then adding in a link to the required location. It creates the opportunity for creating an 'actual' home in the future if required. Le ven. 2 janv. 2026 `a 22:12, Chris Twinn <[1]chris@twinn.co.uk> a ecrit :
Would that not be akin to a nologin shell?
Set the user home to /var/postfix/virtual/[2]example.net/usename on
creation.
useradd -d /var/postfix/virtual/[3]example.net/username -s
/sbin/nologin username
Personally I prefer /home/[4]example.net/username but.
Bypassing creating a link from /home/username to the /var....
User can then be verfied by the system for mails but can't actually
access the system. Dovecot/postfix reads the home dir and delivers mail
where required.
Again I'm sure there are
other more experienced admins.....
On 2 January 2026 19:35:39 GMT, David Myers via dovecot
<[5]dovecot@dovecot.org> wrote:I was wondering if this was a good use case for the creation of a user without a dedicated home directory.
The user will not be able to 'log in' in the traditional way, but they would have an entry in /etc/passwd. Then you would only need to create a link from /home/user into your selected location (in your instance /var/postfix/virtual/[6]example.net/[user <[7]http://example.net/user>Name] ).
please note : this isn't something that I have done, but I'm sure there are other more experienced admins on this list that will pipe up if this is not a good solution, and explain why its not, and propose alternatives.
Le mer. 31 dec. 2025 `a 09:55, animerrill--- via dovecot <[8]dovecot@dovecot.org> a ecrit :
I simply define my virtual domains in Postfix:
VIRTUAL DOMAINS
virtual_alias_domains = new.domain virtual_alias_maps = hash:/etc/postfix/virtual Then, in /etc/postfix/virtual, I add the alias: newuser@new.domain newuser And that's it. Could you share your doveconf -n?
That set up is different than what I am trying to achieve. You have a virtual alias set up, which redirects mail from an email address to an arbitrary linux user. I am trying to avoid creating linux users for every email account, which is why I need to be able to use dovecot's multiple authentication database feature to facilitate virtual mailboxes. Here is that section from my /etc/postfix/[9]main.cf:
virtual_mailbox_domains = [10]example.net
virtual_uid_maps = static:1001
virtual_gid_maps = static:1001
virtual_mailbox_base = /var/postfix/virtual
virtual_mailbox_maps = hash:/etc/postfix/virtual/recipients
virtual_alias_maps = hash:/etc/postfix/virtual/aliases
virtual_alias_domains = hash:/etc/postfix/virtual/domains
Then the mailbox is defined in /etc/postfix/virtual/recipients:
[11]user@example.net [12]example.net/user
Which means that rather than being set up as a linux user with a /home
directory, [13]user@example.net should have a virtual mailbox in
/var/postfix/virtual/[14]example.net/user. This actually works as far as
postfix is concerned, and as the root user I can peek in that folder to see
a message sent to it from my personal email account. Then here is doveconf -n:
# 2.4.1-4 (7d8c0e5759): /etc/dovecot/dovecot.conf
# Pigeonhole version 2.4.1-4 (0a86619f)
# OS: Linux 6.12.57+deb13-amd64 x86_64 Debian 13.2
# Hostname: [15]example.com
dovecot_config_version = 2.4.1
auth_mechanisms = plain login
auth_username_format = %{user}
dovecot_storage_version = 2.4.1
mail_driver = sdbox
mail_inbox_path = ~/Mail/Inbox
mail_path = ~/Mail
protocols = imap
ssl = required
ssl_server {
cert_file = /etc/letsencrypt/live/[16]mail.example.com/fullchain.pem
dh_file = /usr/share/dovecot/dh.pem
key_file = /etc/letsencrypt/live/[17]mail.example.com/privkey.pem
prefer_ciphers = server
}
userdb passwd-file {
passwd_file_path = /etc/dovecot/passwd/%{user | domain}
}
userdb passwd {
}
passdb passwd-file {
passwd_file_path = /etc/dovecot/passwd/%{user | domain}
}
passdb pam {
}
namespace inbox {
inbox = yes
mailbox Drafts {
auto = subscribe
special_use = "\\Drafts"
}
mailbox Junk {
auto = subscribe
autoexpunge = 30d
special_use = "\\Junk"
}
mailbox Sent {
auto = subscribe
special_use = "\\Sent"
}
mailbox Trash {
special_use = "\\Trash"
}
mailbox Archive {
special_use = "\\Archive"
}
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
protocol lda {
mail_plugins = sieve
}
protocol lmtp {
mail_plugins = sieve
}
protocol pop3 {
pop3_no_flag_updates = yes
pop3_uidl_format = UID%{uid}-%{uidvalidity}
}
sieve_script default {
}
Basically the problem is that this virtual mailbox user has a mailbox that
receives mail, but the user cannot log onto their account with an email
client. My guess is that I either have misconfigured the userdb and/or
passdb entries in the dovecot.conf file, or the passwd-file at
/etc/dovecot/passwd/[18]example.net I created is not formatted correctly,
because the ultimate problem is that the system cannot authenticate the
user when they attempt to connect via imap/smtp. From all of the
documentation and help threads referenced in my first message, I cannot
tell what I've done wrong and I'm at a total loss.
Thanks for the prompt reply. This is my first time using one of these mail lists, so I did not see you responded right away.
dovecot mailing list -- [19]dovecot@dovecot.org To unsubscribe send an email to [20]dovecot-leave@dovecot.org
References
Visible links
- mailto:chris@twinn.co.uk
- http://example.net/usename
- http://example.net/username
- http://example.net/username
- mailto:dovecot@dovecot.org
- http://example.net/%5Buser
- http://example.net/user
- mailto:dovecot@dovecot.org
- http://main.cf/
- http://example.net/
- mailto:user@example.net
- http://example.net/user
- mailto:user@example.net
- http://example.net/user
- http://example.com/
- http://mail.example.com/fullchain.pem
- http://mail.example.com/privkey.pem
- http://example.net/
- mailto:dovecot@dovecot.org
- mailto:dovecot-leave@dovecot.org
Thank you David and Chris, I appreciate your replies. Fortunately, I did actually manage to solve this virtual user authentication issue. However, it seems there is still some issue that prevents Thunderbird from being able to download mail from imap.
First the matter of the multiple database authentication issue. My doveconf remains the same as when I last reported it. The major changes were in my postfix login map and my passwd-file for the virtual mailbox. In /etc/postfix/main.cf I have smtpd_sender_login_maps = pcre:/etc/postfix/login_maps.pcre. In that file, I previously only had the first line for my main domain and I had to add a second for the hosted domain:
/^(.*)@example\.com$/ ${1}
/^(.*)@example\.net$/ ${1}@example.net
For some reason this is required to get postfix to recognize that accounts from example.net are valid, or to otherwise be handed off to authentication properly. The other mistake was in my passwd-file at /etc/dovecot/passwd/example.net where I did not properly specify the password format:
user@example.net:{crypt}...long..hash...::/var/postfix/virtual/example.net/user::
With these changes, I am able to login to Thunderbird as user@example.net. I can send mail from user@example.net, and allegedly look at my mailboxes on the server for this user. However, due to some weird quirk I cannot actually collect mail from my inbox on the server.
For user@example.com, who is a linux user with a home directory, this is seemingly no problem and their mailbox is set up according to the configuration:
/home/user/
Mail/
Inbox/
mailboxes/
...indexes and logs...
However our virtual mailbox for user@example.net looks like this:
/var/postfix/virtual/example.net/user/
Mail/
Inbox/
mailboxes/
...indexes and logs...
cur/
mailboxes/
new/
tmp/
subscriptions
...indexes and logs...
Clearly dovecot is trying it's best to make the Mail directory as defined in the conf for the virtual user in their defined home. However, the mail is instead delivered to the new directory which is not configured to be there. This confirms this user is actually recieving all mail sent to it, but because the inbox is not configured correctly (somehow) it is not possible to actually read it in Thunderbird.
From what I've read this pattern (cur, new, and tmp directories) is associated with Maildir, which is confusing because the mail_driver is explicitly set to sdbox. I am not sure how to resolve this, or where exactly the issue is being caused.
Alright, I actually think I might have solved it. Earlier, I sent an email from this account to both of my server accounts at the same time and tracked down the log entries for them. Here was my postfix log:
Jan 02 23:13:15 example.com postfix/local[10106]: 79078120D26: to=<user@example.com>, relay=local, delay=0.12, delays=0.08/0/0/0.03, dsn=2.0.0, status=sent (delivered to command: /usr/lib/dovecot/deliver)
...
Jan 02 23:13:15 example.com postfix/virtual[10134]: 89786120D23: to=<user@example.net>, relay=virtual, delay=0.1, delays=0.09/0/0/0, dsn=2.0.0, status=sent (delivered to maildir)
This is when I realized the reason these two accounts have been acting so differently is because postfix has an alternate transport for virtual accounts that needs to be set up apparently. Dovecot had this documentation which finally helped me put the final pieces together:
<https://doc.dovecot.org/2.4.2/howto/lda.html>
In my /etc/postfix/master.cf I had:
spamassassin unix - n n - - pipe
user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
So I added this to the end of my /etc/postfix/main.cf:
virtual_transport = spamassassin
dovecot_destination_recipient_limit = 1
After reloading, this seemed to finally allow for both accounts to receive mail through dovecot properly, which then allows me to read it from Thunderbird.
Jan 03 01:24:11 example.com postfix/local[12072]: 759EE120DBF: to=<goblin@example.com>, relay=local, delay=0.09, delays=0.05/0.01/0/0.03, dsn=2.0.0, status=sent (delivered to command: /usr/lib/dovecot/deliver)
...
Jan 03 01:24:12 example.com postfix/pipe[12067]: D517E120D9D: to=<user@example.net>, relay=spamassassin, delay=1.2, delays=0.23/0.01/0/0.99, dsn=2.0.0, status=sent (delivered via spamassassin service)
The docs also give advice on how to transport it to dovecot-lda or dovecot-lmtp. I'm not sure what the optimal setup here, a lot of my starting point was this setup script:
<https://github.com/LukeSmithxyz/emailwiz/blob/master/emailwiz.sh>
Which has a lot of the basics lined out, but is unfortunately old enough that a lot of the features it uses were depricated when the API changed. Plus it does not use virtual mailboxes or aliases in its example, opting instead to only use linux users. I'm sure that my configuration is sort of slapped together though, but it still manages to work somehow?
I would be interested if anybody has insight about my configuration or how to optimize it. For my purposes, this definitely seems like good enough though. Hopefully the question helps someone else later, there seems to be a lack of info on this topic (at least collated together in a more helpful way). Will probably aspire to write a guide on my setup once the server is complete and secured.
~ Ethan Merrill
On Friday, January 2nd, 2026 at 6:41 PM, animerrill--- via dovecot <dovecot@dovecot.org> wrote:
Thank you David and Chris, I appreciate your replies. Fortunately, I did actually manage to solve this virtual user authentication issue. However, it seems there is still some issue that prevents Thunderbird from being able to download mail from imap.
First the matter of the multiple database authentication issue. My
doveconfremains the same as when I last reported it. The major changes were in my postfix login map and my passwd-file for the virtual mailbox. In/etc/postfix/main.cfI havesmtpd_sender_login_maps = pcre:/etc/postfix/login_maps.pcre. In that file, I previously only had the first line for my main domain and I had to add a second for the hosted domain:
/^(.*)@example\\.com$/ ${1} /^(.*)@example\\.net$/ ${1}@example.netFor some reason this is required to get postfix to recognize that accounts from
example.netare valid, or to otherwise be handed off to authentication properly. The other mistake was in my passwd-file at/etc/dovecot/passwd/example.netwhere I did not properly specify the password format:
user@example.net:{crypt}...long..hash...::/var/postfix/virtual/example.net/user::With these changes, I am able to login to Thunderbird as
user@example.net. I can send mail fromuser@example.net, and allegedly look at my mailboxes on the server for this user. However, due to some weird quirk I cannot actually collect mail from my inbox on the server.For
user@example.com, who is a linux user with a home directory, this is seemingly no problem and their mailbox is set up according to the configuration:
/home/user/ Mail/ Inbox/ mailboxes/ ...indexes and logs...However our virtual mailbox for
user@example.netlooks like this:
/var/postfix/virtual/example.net/user/ Mail/ Inbox/ mailboxes/ ...indexes and logs... cur/ mailboxes/ new/ tmp/ subscriptions ...indexes and logs...Clearly dovecot is trying it's best to make the Mail directory as defined in the conf for the virtual user in their defined home. However, the mail is instead delivered to the
newdirectory which is not configured to be there. This confirms this user is actually recieving all mail sent to it, but because the inbox is not configured correctly (somehow) it is not possible to actually read it in Thunderbird.From what I've read this pattern (cur, new, and tmp directories) is associated with Maildir, which is confusing because the mail_driver is explicitly set to
sdbox. I am not sure how to resolve this, or where exactly the issue is being caused.
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
On 03/01/2026 19:50, Ethan Merrill via dovecot wrote:
I would be interested if anybody has insight about my configuration or how to optimize it. For my purposes, this definitely seems like good enough though. Hopefully the question helps someone else later, there seems to be a lack of info on this topic (at least collated together in a more helpful way). Will probably aspire to write a guide on my setup once the server is complete and secured.
Hi Ethan.
It sounds like in the process of getting this working you're getting a good understanding of the mechanics of how Dovecot and Postfix work! :-)
Here are some ideas to consider as next steps:
- You've probably done this already, but if not, it would be worth setting up SASL authentication between Postfix and Dovecot, so that Postfix can get Dovecot to authenticate users submitting emails. https://doc.dovecot.org/2.4.2/howto/sasl/postfix.html
- You could set up Dovecot to do LMTP, and use that as your 'virtual' transport in Postfix/SpamAssassin. The advantages of doing this is that you no longer need to configure a custom transport ("dovecot") in Postfix, and you can deliver an email to more than one recipient in a single LMTP conversation (instead of launching a separate 'dovecot-lda' process for each recipient). https://doc.dovecot.org/2.4.2/howto/lmtp/postfix.html
- You could vastly simplify your Postfix configuration, by getting rid of your 'local' transport completely, and have all emails delivered via your 'virtual' transport. The idea here is that Postfix uses Dovecot to authenticate users and deliver emails, so it shouldn't need to concern itself with whether a user is a 'system' user or a 'virtual' user.
Nick.
On 03/01/2026 19:50, Ethan Merrill via dovecot wrote:
I would be interested if anybody has insight about my configuration or how to optimize it. For my purposes, this definitely seems like good enough though. Hopefully the question helps someone else later, there seems to be a lack of info on this topic (at least collated together in a more helpful way). Will probably aspire to write a guide on my setup once the server is complete and secured.
Hi Ethan.
It sounds like in the process of getting this working you're getting a good understanding of the mechanics of how Dovecot and Postfix work! :-)
Here are some ideas to consider as next steps:
o You've probably done this already, but if not, it would be worth
setting up SASL authentication between Postfix and Dovecot, so that
Postfix can get Dovecot to authenticate users submitting emails.
[1]https://doc.dovecot.org/2.4.2/howto/sasl/postfix.html
o You could set up Dovecot to do LMTP, and use that as your 'virtual'
transport in Postfix/SpamAssassin. The advantages of doing this is
that you no longer need to configure a custom transport ("dovecot") in
Postfix, and you can deliver an email to more than one recipient in a
single LMTP conversation (instead of launching a separate
'dovecot-lda' process for each recipient).
[2]https://doc.dovecot.org/2.4.2/howto/lmtp/postfix.html
o You could vastly simplify your Postfix configuration, by getting rid
of your 'local' transport completely, and have all emails delivered
via your 'virtual' transport. The idea here is that Postfix uses
Dovecot to authenticate users and deliver emails, so it shouldn't need
to concern itself with whether a user is a 'system' user or a
'virtual' user.Nick.
References
Visible links
These ended up all being pretty good tips, so thanks for the advice. I had indeed already set up SASL but the other two ended up being the key to getting all the features I wanted.
It's always rewarding but baffling how good open source software can be and how all these separate programs controlling single functions can dance in harmony. But at the same time, confusing docs and places like StackOverflow can make it hard to find all the answers you need sometimes... at least for beginners and everyone is a beginner at some point with every piece of software.
Gonna get my whole website config setup, then I will probably try to convert a lot of these notes into a guide. Thanks everyone for the help~!
~ Ethan Merrill
On Saturday, January 3rd, 2026 at 4:51 PM, Nick Tait via dovecot <dovecot@dovecot.org> wrote:
On 03/01/2026 19:50, Ethan Merrill via dovecot wrote:
I would be interested if anybody has insight about my configuration or how to optimize it. For my purposes, this definitely seems like good enough though. Hopefully the question helps someone else later, there seems to be a lack of info on this topic (at least collated together in a more helpful way). Will probably aspire to write a guide on my setup once the server is complete and secured.
Hi Ethan.
It sounds like in the process of getting this working you're getting a good understanding of the mechanics of how Dovecot and Postfix work! :-)
Here are some ideas to consider as next steps:
- You've probably done this already, but if not, it would be worth setting up SASL authentication between Postfix and Dovecot, so that Postfix can get Dovecot to authenticate users submitting emails. https://doc.dovecot.org/2.4.2/howto/sasl/postfix.html
- You could set up Dovecot to do LMTP, and use that as your 'virtual' transport in Postfix/SpamAssassin. The advantages of doing this is that you no longer need to configure a custom transport ("dovecot") in Postfix, and you can deliver an email to more than one recipient in a single LMTP conversation (instead of launching a separate 'dovecot-lda' process for each recipient). https://doc.dovecot.org/2.4.2/howto/lmtp/postfix.html
- You could vastly simplify your Postfix configuration, by getting rid of your 'local' transport completely, and have all emails delivered via your 'virtual' transport. The idea here is that Postfix uses Dovecot to authenticate users and deliver emails, so it shouldn't need to concern itself with whether a user is a 'system' user or a 'virtual' user.
Nick. On 03/01/2026 19:50, Ethan Merrill via dovecot wrote:
I would be interested if anybody has insight about my configuration or how to optimize it. For my purposes, this definitely seems like good enough though. Hopefully the question helps someone else later, there seems to be a lack of info on this topic (at least collated together in a more helpful way). Will probably aspire to write a guide on my setup once the server is complete and secured.
Hi Ethan.
It sounds like in the process of getting this working you're getting a good understanding of the mechanics of how Dovecot and Postfix work! :-)
Here are some ideas to consider as next steps:
o You've probably done this already, but if not, it would be worth setting up SASL authentication between Postfix and Dovecot, so that Postfix can get Dovecot to authenticate users submitting emails. [1]https://doc.dovecot.org/2.4.2/howto/sasl/postfix.html o You could set up Dovecot to do LMTP, and use that as your 'virtual' transport in Postfix/SpamAssassin. The advantages of doing this is that you no longer need to configure a custom transport ("dovecot") in Postfix, and you can deliver an email to more than one recipient in a single LMTP conversation (instead of launching a separate 'dovecot-lda' process for each recipient). [2]https://doc.dovecot.org/2.4.2/howto/lmtp/postfix.html o You could vastly simplify your Postfix configuration, by getting rid of your 'local' transport completely, and have all emails delivered via your 'virtual' transport. The idea here is that Postfix uses Dovecot to authenticate users and deliver emails, so it shouldn't need to concern itself with whether a user is a 'system' user or a 'virtual' user.
Nick.
References
Visible links
- https://doc.dovecot.org/2.4.2/howto/sasl/postfix.html
- https://doc.dovecot.org/2.4.2/howto/lmtp/postfix.html
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
Hello Ethan,
Glad you got everything sorted.
I agree with your assesment of open source. unfortunately people are lazy, following the river is easier, even if it leads to a water fall.
Le mar. 6 janv. 2026 à 14:27, Ethan Merrill via dovecot <dovecot@dovecot.org> a écrit :
These ended up all being pretty good tips, so thanks for the advice. I had indeed already set up SASL but the other two ended up being the key to getting all the features I wanted.
It's always rewarding but baffling how good open source software can be and how all these separate programs controlling single functions can dance in harmony. But at the same time, confusing docs and places like StackOverflow can make it hard to find all the answers you need sometimes... at least for beginners and everyone is a beginner at some point with every piece of software.
Gonna get my whole website config setup, then I will probably try to convert a lot of these notes into a guide. Thanks everyone for the help~!
~ Ethan Merrill
On Saturday, January 3rd, 2026 at 4:51 PM, Nick Tait via dovecot < dovecot@dovecot.org> wrote:
On 03/01/2026 19:50, Ethan Merrill via dovecot wrote:
I would be interested if anybody has insight about my configuration or how to optimize it. For my purposes, this definitely seems like good enough though. Hopefully the question helps someone else later, there seems to be a lack of info on this topic (at least collated together in a more helpful way). Will probably aspire to write a guide on my setup once the server is complete and secured.
Hi Ethan.
It sounds like in the process of getting this working you're getting a good understanding of the mechanics of how Dovecot and Postfix work! :-)
Here are some ideas to consider as next steps:
- You've probably done this already, but if not, it would be worth setting up SASL authentication between Postfix and Dovecot, so that Postfix can get Dovecot to authenticate users submitting emails. https://doc.dovecot.org/2.4.2/howto/sasl/postfix.html
- You could set up Dovecot to do LMTP, and use that as your 'virtual' transport in Postfix/SpamAssassin. The advantages of doing this is that you no longer need to configure a custom transport ("dovecot") in Postfix, and you can deliver an email to more than one recipient in a single LMTP conversation (instead of launching a separate 'dovecot-lda' process for each recipient). https://doc.dovecot.org/2.4.2/howto/lmtp/postfix.html
- You could vastly simplify your Postfix configuration, by getting rid of your 'local' transport completely, and have all emails delivered via your 'virtual' transport. The idea here is that Postfix uses Dovecot to authenticate users and deliver emails, so it shouldn't need to concern itself with whether a user is a 'system' user or a 'virtual' user.
Nick. On 03/01/2026 19:50, Ethan Merrill via dovecot wrote:
I would be interested if anybody has insight about my configuration or how to optimize it. For my purposes, this definitely seems like good enough though. Hopefully the question helps someone else later, there seems to be a lack of info on this topic (at least collated together in a more helpful way). Will probably aspire to write a guide on my setup once the server is complete and secured.
Hi Ethan.
It sounds like in the process of getting this working you're getting a good understanding of the mechanics of how Dovecot and Postfix work! :-)
Here are some ideas to consider as next steps:
o You've probably done this already, but if not, it would be worth setting up SASL authentication between Postfix and Dovecot, so that Postfix can get Dovecot to authenticate users submitting emails. [1]https://doc.dovecot.org/2.4.2/howto/sasl/postfix.html o You could set up Dovecot to do LMTP, and use that as your 'virtual' transport in Postfix/SpamAssassin. The advantages of doing this is that you no longer need to configure a custom transport ("dovecot") in Postfix, and you can deliver an email to more than one recipient in a single LMTP conversation (instead of launching a separate 'dovecot-lda' process for each recipient). [2]https://doc.dovecot.org/2.4.2/howto/lmtp/postfix.html o You could vastly simplify your Postfix configuration, by getting rid of your 'local' transport completely, and have all emails delivered via your 'virtual' transport. The idea here is that Postfix uses Dovecot to authenticate users and deliver emails, so it shouldn't need to concern itself with whether a user is a 'system' user or a 'virtual' user.
Nick.
References
Visible links
- https://doc.dovecot.org/2.4.2/howto/sasl/postfix.html
- https://doc.dovecot.org/2.4.2/howto/lmtp/postfix.html
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
Hello Ethan, Glad you got everything sorted. I agree with your assesment of open source. unfortunately people are lazy, following the river is easier, even if it leads to a water fall. Le mar. 6 janv. 2026 `a 14:27, Ethan Merrill via dovecot <[1]dovecot@dovecot.org> a ecrit :
These ended up all being pretty good tips, so thanks for the advice. I
had indeed already set up SASL but the other two ended up being the key
to getting all the features I wanted.
It's always rewarding but baffling how good open source software can be
and how all these separate programs controlling single functions can
dance in harmony. But at the same time, confusing docs and places like
StackOverflow can make it hard to find all the answers you need
sometimes... at least for beginners and everyone is a beginner at some
point with every piece of software.
Gonna get my whole website config setup, then I will probably try to
convert a lot of these notes into a guide. Thanks everyone for the
help~!
~ Ethan Merrill
On Saturday, January 3rd, 2026 at 4:51 PM, Nick Tait via dovecot
<[2]dovecot@dovecot.org> wrote:
> On 03/01/2026 19:50, Ethan Merrill via dovecot wrote:
>
> > I would be interested if anybody has insight about my configuration
or how to optimize it. For my purposes, this definitely seems like good
enough though. Hopefully the question helps someone else later, there
seems to be a lack of info on this topic (at least collated together in
a more helpful way). Will probably aspire to write a guide on my setup
once the server is complete and secured.
>
>
> Hi Ethan.
>
> It sounds like in the process of getting this working you're getting a
> good understanding of the mechanics of how Dovecot and Postfix work!
:-)
>
> Here are some ideas to consider as next steps:
>
> * You've probably done this already, but if not, it would be worth
> setting up SASL authentication between Postfix and Dovecot, so that
> Postfix can get Dovecot to authenticate users submitting emails.
> [3]https://doc.dovecot.org/2.4.2/howto/sasl/postfix.html
> * You could set up Dovecot to do LMTP, and use that as your 'virtual'
> transport in Postfix/SpamAssassin. The advantages of doing this is
> that you no longer need to configure a custom transport ("dovecot")
> in Postfix, and you can deliver an email to more than one recipient
> in a single LMTP conversation (instead of launching a separate
> 'dovecot-lda' process for each recipient).
> [4]https://doc.dovecot.org/2.4.2/howto/lmtp/postfix.html
> * You could vastly simplify your Postfix configuration, by getting rid
> of your 'local' transport completely, and have all emails delivered
> via your 'virtual' transport. The idea here is that Postfix uses
> Dovecot to authenticate users and deliver emails, so it shouldn't
> need to concern itself with whether a user is a 'system' user or a
> 'virtual' user.
>
> Nick.
> On 03/01/2026 19:50, Ethan Merrill via dovecot wrote:
>
> I would be interested if anybody has insight about my configuration or
how to optimize it. For my purposes, this definitely seems like good
enough though. Hopefully the question helps someone else later, there
seems to be a lack of info on this topic (at least collated together in
a more helpful way). Will probably aspire to write a guide on my setup
once the server is complete and secured.
>
> Hi Ethan.
>
> It sounds like in the process of getting this working you're getting a
> good understanding of the mechanics of how Dovecot and Postfix work!
:-)
>
> Here are some ideas to consider as next steps:
>
> o You've probably done this already, but if not, it would be worth
> setting up SASL authentication between Postfix and Dovecot, so that
> Postfix can get Dovecot to authenticate users submitting emails.
> [1][5]https://doc.dovecot.org/2.4.2/howto/sasl/postfix.html
> o You could set up Dovecot to do LMTP, and use that as your 'virtual'
> transport in Postfix/SpamAssassin. The advantages of doing this is
> that you no longer need to configure a custom transport ("dovecot") in
> Postfix, and you can deliver an email to more than one recipient in a
> single LMTP conversation (instead of launching a separate
> 'dovecot-lda' process for each recipient).
> [2][6]https://doc.dovecot.org/2.4.2/howto/lmtp/postfix.html
> o You could vastly simplify your Postfix configuration, by getting rid
> of your 'local' transport completely, and have all emails delivered
> via your 'virtual' transport. The idea here is that Postfix uses
> Dovecot to authenticate users and deliver emails, so it shouldn't need
> to concern itself with whether a user is a 'system' user or a
> 'virtual' user.
>
> Nick.
>
> References
>
> Visible links
> 1. [7]https://doc.dovecot.org/2.4.2/howto/sasl/postfix.html
> 2. [8]https://doc.dovecot.org/2.4.2/howto/lmtp/postfix.html
> _______________________________________________
> dovecot mailing list -- [9]dovecot@dovecot.org
> To unsubscribe send an email to [10]dovecot-leave@dovecot.org
_______________________________________________
dovecot mailing list -- [11]dovecot@dovecot.org
To unsubscribe send an email to [12]dovecot-leave@dovecot.orgReferences
Visible links
- mailto:dovecot@dovecot.org
- mailto:dovecot@dovecot.org
- https://doc.dovecot.org/2.4.2/howto/sasl/postfix.html
- https://doc.dovecot.org/2.4.2/howto/lmtp/postfix.html
- https://doc.dovecot.org/2.4.2/howto/sasl/postfix.html
- https://doc.dovecot.org/2.4.2/howto/lmtp/postfix.html
- https://doc.dovecot.org/2.4.2/howto/sasl/postfix.html
- https://doc.dovecot.org/2.4.2/howto/lmtp/postfix.html
- mailto:dovecot@dovecot.org
- mailto:dovecot-leave@dovecot.org
- mailto:dovecot@dovecot.org
- mailto:dovecot-leave@dovecot.org
participants (6)
-
animerrill@proton.me
-
Chris Twinn
-
David Myers
-
Ethan Merrill
-
n4ch0
-
Nick Tait