IMAP & SMTP password encryption type

OS type and version Ubuntu 20.04.5
Webmin version Webmin 2.011
Virtualmin version Virtualmin 7.5
Related packages Dovecot/Postfix/Roundcube


I noticed that the password encryption type of my mailboxes in Virtualmin is set to plaintext.
I am using with an SSL certificate for the connection but still that excryption type is set to plaintext, isn’t that non encrypted, isn’t that dangerous? I also use roundcube (with SSL) via Virtualmin, what encryption type is hat there when logging in?
If so, how can I best modify this so that the password types are nocrypted.


Everything is at the default settings, both at dovecot, postfix and roundcube.

Dovecot User and Login Options:

It has to be plaintext because there is no overlap between Linux system user passwords and email protocol support. But, assuming you use TLS (via STARTTLS or SMTPS) for client connections, the password does not travel in plain text, it is only plain at each end.

The only way to avoid that would be to not use Linux/UNIX system users and instead use a dedicated mail user database (which I generally recommend against).

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.