535 5.7.8 身份验证凭据无效:SMTP 服务器拒绝用户名/密码
535 5.7.8 Authentication credentials invalid: SMTP server rejected username/password
ID: communication/smtp-535-authentication-credentials-invalid
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| Postfix 3.7 | active | — | — | — |
| Exim 4.96 | active | — | — | — |
| Microsoft Exchange 2019 | active | — | — | — |
| SendGrid SMTP relay | active | — | — | — |
根因分析
SMTP 身份验证失败,因为提供的用户名或密码与服务器的身份验证后端不匹配,通常是由于应用专用密码要求或 OAuth 令牌过期。
English
SMTP authentication failed because the provided username or password does not match the server's authentication backend, often due to app-specific password requirements or OAuth token expiration.
官方文档
https://datatracker.ietf.org/doc/html/rfc4954解决方案
-
在邮件提供商的安全设置中生成应用专用密码,例如 Google:https://myaccount.google.com/apppasswords,然后用该密码更新 SMTP 客户端配置。
-
如果支持,切换到 OAuth 2.0 身份验证用于 SMTP,例如使用 `XOAUTH2` 机制并配合刷新的访问令牌。
-
通过 `openssl s_client -connect smtp.example.com:587 -starttls smtp` 测试凭据,手动使用 base64 编码的用户名/密码执行 `AUTH LOGIN`。
无效尝试
常见但无效的做法:
-
Re-enter the same credentials in the SMTP client configuration
70% 失败
If credentials are invalid or expired, re-entering them does not resolve the underlying issue (e.g., app password required).
-
Disable SMTP authentication entirely in client settings
85% 失败
Most SMTP servers require authentication for relay; disabling it may cause 'Relay access denied' errors.
-
Use the same password as the webmail login without generating an app-specific password
75% 失败
Services like Gmail, Outlook, and Yahoo require app-specific passwords for SMTP; using the primary account password often fails.