RE: Dovecot's default password storage scheme is not GDPR compliant

Dovecot aligns the password encryption scheme used by the imap client with the password storage scheme used by the server.

Since the default is set to plain text, the client sends the password in plain text (tls tunneled), and the server local storage of passwords is a plain text file.

I don't know what you are on about, but many smtp/imap are still using plain. I have in the backend passwords hashed in ldap. I can't believe anyone stores passwords in plain text nowadays.