Im trying to convert my dovecot-lda setup to use LMTP for better
security.  My setup is postfix + dovecot + mysql with virtual users.
Im setting up dovecot 2.2.1 w/postfix 2.10.0

Im still learning dovecot so Im not totally sure where Im going wrong.
Can someone point out why Im getting permission problems?
Im also concerned with server security, so if you notice anything that should
be better, please point that out.  I am the only user on this Linux box.

Thank you!

ls -l /opt/imapdata/j/jeff/INBOX
total 8
drwxr-xr-x 2 vmail vmail 4096 Apr 27 14:21 ./
drwxr-xr-x 3 vmail vmail 4096 Apr 27 14:21 ../

Dovecot is running with the following users:
root     20847  0.0  0.0  15572  1108 ?        Ss   10:23   0:00 
dovenull 20848  0.0  0.0  46752  2724 ?        S    10:23   0:00 
dovenull 20849  0.0  0.0  46752  2720 ?        S    10:23   0:00 
vmail    20850  0.0  0.0  13408  1068 ?        S    10:23   0:00 dovecot/anvil
root     20851  0.0  0.0  13540  1192 ?        S    10:23   0:00 dovecot/log
root     20853  0.0  0.0  16504  2128 ?        S    10:23   0:00 dovecot/config
vmail    20854  0.0  0.0 136448  2972 ?        S    10:23   0:00 dovecot/auth

Im getting the following when an email comes in:

Apr 29 10:11:57 fed8 postfix/virtual[20666]: D88F3DF3BD: 
to=<>, relay=virtual, delay=370, delays=370/0.03/0/0.07, 
dsn=4.2.0, status=deferred (delivery failed to mailbox 
///opt/imapdata/j/jeff/INBOX/inbox: unable to create lock file 
///opt/imapdata/j/jeff/INBOX/inbox.lock: Permission denied)

my postfix/ entry:

dovecot   unix  -       n       n       -       -       pipe
    flags=DRhu user=vmail:vmail argv=/opt/dovecot/libexec/dovecot/lmtp -f 
${sender} -d ${recipient}

doveconf -n:

# 2.2.1: /opt/dovecot221/etc/dovecot/dovecot.conf
# OS: Linux 3.8.5-201.fc18.x86_64 x86_64 Fedora release 18 (Spherical Cow) 
auth_debug = yes
auth_debug_passwords = yes
auth_verbose = yes
auth_verbose_passwords = plain
default_internal_user = vmail
first_valid_gid = 2000
first_valid_uid = 2000
listen = *
lock_method = flock
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
mail_debug = yes
mail_gid = vmail
mail_privileged_group = vmail
mail_uid = vmail
mbox_lock_timeout = 1 mins
mbox_write_locks = fcntl
passdb {
  args = /opt/dovecot/etc/dovecot/conf.d/dovecot-sql.conf.ext
  driver = sql
plugin {
  mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
  mail_log_fields = uid box msgid size
postmaster_address =
protocols = imap lmtp
sendmail_path = /usr/lib/sendmail
service auth {
  inet_listener {
    port = 12345
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  unix_listener auth-userdb {
    mode = 0660
    user = vmail
  user = $default_internal_user
service imap-login {
  inet_listener imaps {
    port = 993
    ssl = yes
  process_min_avail = 2
  service_count = 1
  vsz_limit = 64 M
service lmtp {
  executable = lmtp -L
  inet_listener lmtp {
    address =
    port = 24
  unix_listener lmtp {
    mode = 0666
  user = vmail
ssl = required
ssl_cert = </opt/dovecot/etc/dovecot/conf.d/ssl/certs/dovecot.pem
ssl_cipher_list = 
ssl_key = </opt/dovecot/etc/dovecot/conf.d/ssl/private/dovecot.pem
userdb {
  args = uid=vmail gid=vmail home=/opt/imapdata/%1n/%n
  driver = static
userdb {
  args = /opt/dovecot/etc/dovecot/conf.d/dovecot-sql.conf.ext
  driver = sql
userdb {
  args = /opt/dovecot/etc/dovecot/conf.d/dovecot-sql.conf.ext
  driver = sql
verbose_ssl = yes
protocol lmtp {
  info_log_path = /var/log/dovelmtp.log
  mail_plugins = " sieve"
protocol lda {
  info_log_path = /var/log/doveinfo.log
  log_path = /var/log/dovelda.log
protocol imap {
  imap_idle_notify_interval = 1 mins
  imap_max_line_length = 64 k
  mail_max_userip_connections = 5


