Success!
@ellie timoney was correct: loginrealms and defaultdomain are red herrings, despite being shown to be set in most guides available on the interwebz.
I have removed these from imapd.conf, and everything works like a charm. So just to be clear, for anyone trying to resolve this situation in future:
unixhierarchysep: yes
virtdomains: userid
#loginrealms:
#defaultdomain:
Thank you to Ellie Timoney for diagnosing and fixing the problem, and to everyone else who suggested things and helped me to rule them out.
Now, onward to the next crisis!
