Because Postfix is acting as an SMTP client authenticating to another server, it cannot hash passwords – the storage must be reversible, because most mail servers will expect you to provide the original, plaintext password (for the SASL PLAIN mechanism).
And because the process is reversible, it doesn't matter how Postfix encrypts/decrypts the stored passwords, anyone with root privileges can just repeat it manually. Root could also attach a debugger and extract the raw password out of Postfix's memory. In fact, root could simply make Postfix connect to a fake SMTP server and have it log the received password.
Other authentication mechanisms (e.g. TLS client certificates, or SASL SCRAM) are affected by most of the same problems: Postfix needs to access the credentials, so root can trick Postfix into revealing them. (Although if you really must, it might be possible to use client certificates stored on a TPM or USB token/smartcard that doesn't allow private key export, only signing.)
So although you can put the file on encrypted storage (e.g. a LUKS or EncFS volume), it will only help against offline attacks (someone stealing the HDD), but nothing will help against root on the same system.
If this is a server, you should look into hardening it (using e.g. AppArmor/SELinux) so that it would be more difficult for someone to gain unlimited root access in the first place.
1Are you trying to guard against someone who can read files as root? Against someone who has full root privileges? Against someone who steals your computer or the HDD? – user1686 – 2019-01-18T09:09:15.393
yes to guard against someone who has full root privileges. – Soumya S – 2019-01-18T09:58:22.237