# 535 5.7.8 Authentication credentials invalid: SMTP server rejected username/password - **ID:** `communication/smtp-535-authentication-credentials-invalid` - **Domain:** communication - **Category:** auth_error - **Error Code:** `535` - **Verification:** ai_generated - **Fix Rate:** 90% ## Root Cause SMTP authentication failed because the provided username or password does not match the server's authentication backend, often due to app-specific password requirements or OAuth token expiration. ## Version Compatibility | Version | Status | Introduced | Deprecated | |---------|--------|------------|------------| | Postfix 3.7 | active | — | — | | Exim 4.96 | active | — | — | | Microsoft Exchange 2019 | active | — | — | | SendGrid SMTP relay | active | — | — | ## Workarounds 1. **Generate an app-specific password for SMTP in the email provider's security settings, e.g., Google: https://myaccount.google.com/apppasswords, then update SMTP client config with that password.** (95% success) ``` Generate an app-specific password for SMTP in the email provider's security settings, e.g., Google: https://myaccount.google.com/apppasswords, then update SMTP client config with that password. ``` 2. **Switch to OAuth 2.0 authentication for SMTP if supported, e.g., using `XOAUTH2` mechanism with a refreshed access token.** (85% success) ``` Switch to OAuth 2.0 authentication for SMTP if supported, e.g., using `XOAUTH2` mechanism with a refreshed access token. ``` 3. **Verify credentials by testing with `openssl s_client -connect smtp.example.com:587 -starttls smtp` and manually issuing `AUTH LOGIN` with base64-encoded username/password.** (90% success) ``` Verify credentials by testing with `openssl s_client -connect smtp.example.com:587 -starttls smtp` and manually issuing `AUTH LOGIN` with base64-encoded username/password. ``` ## Dead Ends - **Re-enter the same credentials in the SMTP client configuration** — If credentials are invalid or expired, re-entering them does not resolve the underlying issue (e.g., app password required). (70% fail) - **Disable SMTP authentication entirely in client settings** — Most SMTP servers require authentication for relay; disabling it may cause 'Relay access denied' errors. (85% fail) - **Use the same password as the webmail login without generating an app-specific password** — Services like Gmail, Outlook, and Yahoo require app-specific passwords for SMTP; using the primary account password often fails. (75% fail)