Dovecot Virtual Users Not Authenticating


We have a standard Postfix/Dovecot installation working perfectly with real users but cannot work out how to add virtual users, all virtual user login attempts fail with authentication errors.

Following are snippets from the configuration files:

virtual_mailbox_domains =
virtual_mailbox_base = /var/spool/vhosts
virtual_mailbox_recipients = hash:/etc/postfix/virtual_mailbox_recipients

/etc/dovecot/dovecot.conf: !include conf.d/*.conf

/etc/dovecot/conf.d/10-auth.conf auth_mechanisms = cram-md5 digest-md5 plain passdb { driver = passwd-file # Path for passwd-file. Also set the default password scheme. args = scheme=cram-md5 /etc/cram-md5.pwd }


This is a snippet from the log when a login attempt is made:

auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth auth: Debug: Module loaded: /usr/lib64/dovecot/auth/ auth: Debug: Module loaded: /usr/lib64/dovecot/auth/ auth: Debug: Module loaded: /usr/lib64/dovecot/auth/ auth: Debug: passwd-file /etc/cram-md5.pwd: Read 1 users auth: Debug: auth client connected (pid=21990) auth: Debug: client in: AUTH#0111#011CRAM-MD5#011service=imap#011lip= auth: Debug: client out: CONT#0111#011PDI1Njc0NjQ1NzQ3MTY0NTkuMTM0MTIxNzkwN0BncDM+ auth: Debug: client in: CONT auth: Debug: passwd-file(, lookup: file=/etc/cram-md5.pwd auth: Debug: client out: auth: Debug: master in: REQUEST#0111630404609#01121990#0111#011b66b5f46b520a08e1d19d3d249be7073 auth: Debug: passwd(, lookup auth: passwd(, unknown user auth: Error: userdb(, user not found from userdb passwd auth: Debug: master out: NOTFOUND#0111630404609 imap: Error: Authenticated user not found from userdb, auth lookup id=1630404609 (client-pid=21990 client-id=1) imap-login: Internal login failure (pid=21990 id=1) (auth failed, 1 attempts): user=, method=CRAM-MD5, rip=, lip=, mpid=21993 auth: Debug: auth client connected (pid=22010) auth: Debug: client in: AUTH#0111#011CRAM-MD5#011service=imap#011lip= auth: Debug: client out: CONT#0111#011PDcxMDkwNDY1NTQzODUzMDkuMTM0MTIxNzkyOEBncDM+ auth: Debug: client in: CONT auth: Debug: passwd-file(, lookup: file=/etc/cram-md5.pwd auth: Debug: client out: auth: Debug: master in: REQUEST#011343539713#01122010#0111#011e47b1345784e2845d59e794afa9a6bbe auth: Debug: passwd(, lookup auth: passwd(, unknown user auth: Error: userdb(, user not found from userdb passwd auth: Debug: master out: NOTFOUND#011343539713 imap: Error: Authenticated user not found from userdb, auth lookup id=343539713 (client-pid=22010 client-id=1) imap-login: Internal login failure (pid=22010 id=1) (auth failed, 1 attempts): user=, method=CRAM-MD5, rip=, lip=, mpid=22011

It would appear that the user lookup is not working, even tho' the log suggests that Dovecot is using the /etc/cram-md5.pwd file and the user is configured in that same file.

There are of course dozens of examples of using virtual users with Dovecot, but all the ones we have found either refer to Dovecot 1.x (we are using 2.x), using only virtual users (we must use real AND virtual users) or want to use a MySQL db, we need to use a text file.

The examples at are fine but what they do not provide is examples of how to combine both real and virtual users without using MYSQL.

Some hints about where we are going wrong would be very much appreciated.

The major missing part in the config was the absence of a 'userdb' section in the /etc/dovecot/conf.d/10-auth.conf file. It now looks like this:

passdb { driver = passwd-file # Path for passwd-file. Also set the default password scheme. args = scheme=cram-md5 /etc/cram-md5.pwd } userdb { driver=static args = uid=vmail gid=vmail home=/var/spool/vhosts/%d/%n /etc/dovecot/userdb }

A new user & group, 'vmail', was also created and given ownership of the 'home' directories for the virtual users.

These changes have done most of the job, and we can now send mail to the virtual users, sadly there is something missing related to real users because the system is now looking in the wrong place for their emails, so they have all disappeared. We will create a new question for that subject tho', as it is a related issue, real & virtual users, but no longer about authentication.

Best Answer

What I noticed on first sight is that you have missed the colon between the username and the password in your /etc/cram-md5.pwd file. Here you may find more information about the format of the file and how to generate your password.

EDIT : Additionally, your user password seems to be encrypted using the MD5 scheme, while it is stated in the Dovecot wiki that "if you're going to use CRAM-MD5 authentication, the password needs to be stored in either PLAIN or CRAM-MD5 scheme. If you want to allow both CRAM-MD5 and DIGEST-MD5, the password must be stored in plaintext." However, I'm not that sure if this is the root cause for the "user not found" problem.