{ "id": "communication/smtp-535-authentication-credentials-invalid", "signature": "535 5.7.8 Authentication credentials invalid: SMTP server rejected username/password", "signature_zh": "535 5.7.8 身份验证凭据无效:SMTP 服务器拒绝用户名/密码", "regex": "535\\s+5\\.7\\.8\\s+Authentication credentials invalid", "domain": "communication", "category": "auth_error", "subcategory": null, "root_cause": "SMTP authentication failed because the provided username or password does not match the server's authentication backend, often due to app-specific password requirements or OAuth token expiration.", "root_cause_type": "generic", "root_cause_zh": "SMTP 身份验证失败,因为提供的用户名或密码与服务器的身份验证后端不匹配,通常是由于应用专用密码要求或 OAuth 令牌过期。", "versions": [ { "version": "Postfix 3.7", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" }, { "version": "Exim 4.96", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" }, { "version": "Microsoft Exchange 2019", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" }, { "version": "SendGrid SMTP relay", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" } ], "os_specific": {}, "dead_ends": [ { "action": "Re-enter the same credentials in the SMTP client configuration", "why_fails": "If credentials are invalid or expired, re-entering them does not resolve the underlying issue (e.g., app password required).", "fail_rate": 0.7, "condition": "", "sources": [] }, { "action": "Disable SMTP authentication entirely in client settings", "why_fails": "Most SMTP servers require authentication for relay; disabling it may cause 'Relay access denied' errors.", "fail_rate": 0.85, "condition": "", "sources": [] }, { "action": "Use the same password as the webmail login without generating an app-specific password", "why_fails": "Services like Gmail, Outlook, and Yahoo require app-specific passwords for SMTP; using the primary account password often fails.", "fail_rate": 0.75, "condition": "", "sources": [] } ], "workarounds": [ { "action": "Generate an app-specific password for SMTP in the email provider's security settings, e.g., Google: https://myaccount.google.com/apppasswords, then update SMTP client config with that password.", "success_rate": 0.95, "how": "Generate an app-specific password for SMTP in the email provider's security settings, e.g., Google: https://myaccount.google.com/apppasswords, then update SMTP client config with that password.", "condition": "", "sources": [] }, { "action": "Switch to OAuth 2.0 authentication for SMTP if supported, e.g., using `XOAUTH2` mechanism with a refreshed access token.", "success_rate": 0.85, "how": "Switch to OAuth 2.0 authentication for SMTP if supported, e.g., using `XOAUTH2` mechanism with a refreshed access token.", "condition": "", "sources": [] }, { "action": "Verify credentials by testing with `openssl s_client -connect smtp.example.com:587 -starttls smtp` and manually issuing `AUTH LOGIN` with base64-encoded username/password.", "success_rate": 0.9, "how": "Verify credentials by testing with `openssl s_client -connect smtp.example.com:587 -starttls smtp` and manually issuing `AUTH LOGIN` with base64-encoded username/password.", "condition": "", "sources": [] } ], "workarounds_zh": [ "在邮件提供商的安全设置中生成应用专用密码,例如 Google:https://myaccount.google.com/apppasswords,然后用该密码更新 SMTP 客户端配置。", "如果支持,切换到 OAuth 2.0 身份验证用于 SMTP,例如使用 `XOAUTH2` 机制并配合刷新的访问令牌。", "通过 `openssl s_client -connect smtp.example.com:587 -starttls smtp` 测试凭据,手动使用 base64 编码的用户名/密码执行 `AUTH LOGIN`。" ], "transition_graph": { "leads_to": [], "preceded_by": [], "frequently_confused_with": [] }, "official_doc_url": "https://datatracker.ietf.org/doc/html/rfc4954", "official_doc_section": null, "error_code": "535", "verification_tier": "ai_generated", "confidence": 0.88, "fix_success_rate": 0.9, "resolvable": "true", "first_seen": "2023-06-20", "last_confirmed": "2024-06-01", "last_updated": "2024-06-01", "evidence_count": 1, "tags": [], "locale": "en", "aliases": [] }