535 communication auth_error ai_generated true

535 5.7.8 Authentication credentials invalid

ID: communication/smtp-535-authentication-failed

Also available as: JSON · Markdown · 中文
88%Fix Rate
90%Confidence
1Evidence
2023-05-10First Seen

Version Compatibility

VersionStatusIntroducedDeprecatedNotes
Postfix 3.8 active
Exim 4.97 active
Sendmail 8.18 active
Microsoft Exchange 2019 active

Root Cause

SMTP server rejects the client's authentication attempt due to incorrect username, password, or unsupported authentication mechanism (e.g., LOGIN vs PLAIN).

generic

中文

SMTP 服务器因用户名、密码错误或身份验证机制不受支持(例如 LOGIN 与 PLAIN)而拒绝客户端的身份验证尝试。

Official Documentation

https://datatracker.ietf.org/doc/html/rfc4954#section-6

Workarounds

  1. 90% success Verify the username and password are correct by testing with a direct SMTP session using `openssl s_client` to connect and manually issue AUTH LOGIN or AUTH PLAIN. 
    Verify the username and password are correct by testing with a direct SMTP session using `openssl s_client` to connect and manually issue AUTH LOGIN or AUTH PLAIN.
  2. 85% success Change the authentication mechanism in the client configuration. For PHPMailer, set `$mail->SMTPAuthType = 'PLAIN';` or for Python smtplib, use `smtp.login()` which defaults to PLAIN. 
    Change the authentication mechanism in the client configuration. For PHPMailer, set `$mail->SMTPAuthType = 'PLAIN';` or for Python smtplib, use `smtp.login()` which defaults to PLAIN.
  3. 80% success Enable 'Less secure app access' or generate an app-specific password if the SMTP server enforces OAuth2 (common with Gmail, Outlook). For Gmail, use an App Password. 
    Enable 'Less secure app access' or generate an app-specific password if the SMTP server enforces OAuth2 (common with Gmail, Outlook). For Gmail, use an App Password.

中文步骤

  1. Verify the username and password are correct by testing with a direct SMTP session using `openssl s_client` to connect and manually issue AUTH LOGIN or AUTH PLAIN.
  2. Change the authentication mechanism in the client configuration. For PHPMailer, set `$mail->SMTPAuthType = 'PLAIN';` or for Python smtplib, use `smtp.login()` which defaults to PLAIN.
  3. Enable 'Less secure app access' or generate an app-specific password if the SMTP server enforces OAuth2 (common with Gmail, Outlook). For Gmail, use an App Password.

Dead Ends

Common approaches that don't work:

  1. Re-enter the same password in the application config 70% fail

    If the password is already correct but the mechanism is wrong, re-entering the same value won't help. The error is often about mechanism mismatch.

  2. Disable TLS/SSL on the SMTP connection 85% fail

    Many SMTP servers require TLS for authentication. Disabling TLS prevents any AUTH command from working.

  3. Use port 25 instead of 587 for submission 60% fail

    Port 25 typically does not require authentication. Switching to port 25 bypasses the need for credentials but may be blocked by ISPs or violate RFC.