diff --git a/mail-server/common.nix b/mail-server/common.nix
index 910b5c2..56373bd 100644
--- a/mail-server/common.nix
+++ b/mail-server/common.nix
@@ -14,10 +14,14 @@
 #  You should have received a copy of the GNU General Public License
 #  along with this program. If not, see <http://www.gnu.org/licenses/>
 
-{ config }:
+{ config, lib }:
 
 let
   cfg = config.mailserver;
+  # passwd :: [ String ]
+  passwd = lib.mapAttrsToList
+    (name: value: "${name}:${value.hashedPassword}:${builtins.toString cfg.vmailUID}:${builtins.toString cfg.vmailUID}::${cfg.mailDirectory}:/run/current-system/sw/bin/nologin:")
+            cfg.loginAccounts;
 in
 {
   # cert :: PATH
@@ -37,4 +41,6 @@ in
               else if cfg.certificateScheme == 3
                    then "/var/lib/acme/${cfg.fqdn}/key.pem"
                    else throw "Error: Certificate Scheme must be in { 1, 2, 3 }";
+  # passwdFile :: PATH
+  passwdFile = builtins.toFile "passwd" (lib.concatStringsSep "\n" passwd);
 }
diff --git a/mail-server/dovecot.nix b/mail-server/dovecot.nix
index 89249b5..39cf35e 100644
--- a/mail-server/dovecot.nix
+++ b/mail-server/dovecot.nix
@@ -16,7 +16,7 @@
 
 { config, pkgs, lib, ... }:
 
-with (import ./common.nix { inherit config; });
+with (import ./common.nix { inherit config lib; });
 
 let
   cfg = config.mailserver;
@@ -31,6 +31,7 @@ in
       enable = true;
       enableImap = enableImap;
       enablePop3 = enablePop3;
+      enablePAM = false;
       mailGroup = vmailGroupName;
       mailUser = vmailUserName;
       mailLocation = dovecot_maildir;
@@ -74,6 +75,11 @@ in
           mail_plugins = $mail_plugins sieve
         }
 
+        passdb {
+          driver = passwd-file
+          args = ${passwdFile}
+        }
+
         service auth {
           unix_listener /var/lib/postfix/queue/private/auth {
             mode = 0660
diff --git a/mail-server/postfix.nix b/mail-server/postfix.nix
index b36accd..5b373f9 100644
--- a/mail-server/postfix.nix
+++ b/mail-server/postfix.nix
@@ -16,7 +16,7 @@
 
 { config, pkgs, lib, ... }:
 
-with (import ./common.nix { inherit config; });
+with (import ./common.nix { inherit config lib; });
 
 let
   inherit (lib.strings) concatStringsSep;
diff --git a/mail-server/users.nix b/mail-server/users.nix
index 9484882..e8365e4 100644
--- a/mail-server/users.nix
+++ b/mail-server/users.nix
@@ -28,16 +28,6 @@ let
     group = vmailGroupName;
   };
 
-  # accountsToUser :: String -> UserRecord
-  accountsToUser = account: {
-    isNormalUser = false;
-    group = vmailGroupName;
-    inherit (account) hashedPassword name;
-  };
-
-  # mail_users :: { [String]: UserRecord }
-  mail_users = lib.foldl (prev: next: prev // { "${next.name}" = next; }) {}
-    (map accountsToUser (lib.attrValues loginAccounts));
 
   virtualMailUsersActivationScript = pkgs.writeScript "activate-virtual-mail-users" ''
     #!${pkgs.stdenv.shell}
@@ -77,7 +67,7 @@ in {
     };
 
     # define all users
-    users.users = mail_users // {
+    users.users = {
       "${vmail_user.name}" = lib.mkForce vmail_user;
     };