auth-worker unknown user

Thu Apr 11 15:36:28 EEST 2019

pam(foobar at example.com,192.0.1.1,<9zMTUUCGNfHZzMpL>): unknown user (SHA1 of given password: ff75068c2f4d700a49dae204d56477a5ffa5d23d)

The password is correct, i.e. 'echo -n 'passed' | openssl dgst -sha1' matches.

The user is setup correctly in /etc/dovecot/users (the /etc/dovecot/users was copied from another known-good server, so the syntax is correct and appropriate adjustments have been made for chmod and directory).

doveconf -N follows:

# 2.3.3 (dcead646b): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.3 (f018bbab)
# OS: Linux 4.12.14-lp150.12.48-default x86_64
# Hostname: foobar
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = sha1
doveadm_password = # hidden, use -P to show it
first_valid_uid = 471
imapc_features = rfc822.size fetch-headers
imapc_host = foobar.example.com
imapc_password = # hidden, use -P to show it
imapc_port = 993
imapc_ssl = imaps
imapc_user = %u
mail_location = maildir:~/Maildir
mail_plugin_dir = /usr/lib64/dovecot/modules
mail_prefetch_count = 20
mailbox_list_index = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body environment mailbox date ihave enotify
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
}
passdb {
  driver = pam
  name =
}
plugin {
  sieve = file:~/.dovecot.sieve
}
protocols = imap lmtp
service auth {
  unix_listener /var/spool/postfix/private/dovecot-auth {
    group = postfix
    mode = 0660
    user = postfix
  }
}
service imap-login {
  process_min_avail = 3
}
service lmtp {
  process_min_avail = 5
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    group = postfix
    mode = 0660
    user = postfix
  }
  user = my_virtmailuser
}
service managesieve-login {
  inet_listener sieve {
    port = 4190
  }
  inet_listener sieves {
    address =
    port = 5190
    ssl = yes
  }
}
ssl = required
ssl_ca = </etc/dovecot/ssl/certbot_ca.pem
ssl_cert = </etc/dovecot/ssl/certbot.pem
ssl_cipher_list = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_min_protocol = TLSv1.2
ssl_options = no_compression
ssl_prefer_server_ciphers = yes
userdb {
  driver = passwd
  name =
}
userdb {
  args = scheme=ARGON2ID username_format=%u /etc/dovecot/users
  auth_verbose = yes
  driver = passwd-file
  name =
}
protocol lmtp {
  mail_plugins = sieve
  postmaster_address = foobar at example.com
}
protocol lda {
  deliver_log_format = msgid=%m: %$
  mail_plugins = sieve
  postmaster_address = postmaster
  quota_full_tempfail = yes
  rejection_reason = Your message to <%t> was automatically rejected:%n%r
}
protocol imap {
  mail_max_userip_connections = 20
}