{
  "id": "communication/smtp-535-authentication-failed",
  "signature": "535 5.7.8 Authentication credentials invalid",
  "signature_zh": "535 5.7.8 身份验证凭据无效",
  "regex": "535 5\\.7\\.8|Authentication credentials invalid|Authentication failed",
  "domain": "communication",
  "category": "auth_error",
  "subcategory": null,
  "root_cause": "SMTP server rejects the client's authentication attempt due to incorrect username, password, or unsupported authentication mechanism (e.g., LOGIN vs PLAIN).",
  "root_cause_type": "generic",
  "root_cause_zh": "SMTP 服务器因用户名、密码错误或身份验证机制不受支持（例如 LOGIN 与 PLAIN）而拒绝客户端的身份验证尝试。",
  "versions": [
    {
      "version": "Postfix 3.8",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "Exim 4.97",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "Sendmail 8.18",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "Microsoft Exchange 2019",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    }
  ],
  "os_specific": {},
  "dead_ends": [
    {
      "action": "Re-enter the same password in the application config",
      "why_fails": "If the password is already correct but the mechanism is wrong, re-entering the same value won't help. The error is often about mechanism mismatch.",
      "fail_rate": 0.7,
      "condition": "",
      "sources": []
    },
    {
      "action": "Disable TLS/SSL on the SMTP connection",
      "why_fails": "Many SMTP servers require TLS for authentication. Disabling TLS prevents any AUTH command from working.",
      "fail_rate": 0.85,
      "condition": "",
      "sources": []
    },
    {
      "action": "Use port 25 instead of 587 for submission",
      "why_fails": "Port 25 typically does not require authentication. Switching to port 25 bypasses the need for credentials but may be blocked by ISPs or violate RFC.",
      "fail_rate": 0.6,
      "condition": "",
      "sources": []
    }
  ],
  "workarounds": [
    {
      "action": "Verify the username and password are correct by testing with a direct SMTP session using `openssl s_client` to connect and manually issue AUTH LOGIN or AUTH PLAIN.",
      "success_rate": 0.9,
      "how": "Verify the username and password are correct by testing with a direct SMTP session using `openssl s_client` to connect and manually issue AUTH LOGIN or AUTH PLAIN.",
      "condition": "",
      "sources": []
    },
    {
      "action": "Change the authentication mechanism in the client configuration. For PHPMailer, set `$mail->SMTPAuthType = 'PLAIN';` or for Python smtplib, use `smtp.login()` which defaults to PLAIN.",
      "success_rate": 0.85,
      "how": "Change the authentication mechanism in the client configuration. For PHPMailer, set `$mail->SMTPAuthType = 'PLAIN';` or for Python smtplib, use `smtp.login()` which defaults to PLAIN.",
      "condition": "",
      "sources": []
    },
    {
      "action": "Enable 'Less secure app access' or generate an app-specific password if the SMTP server enforces OAuth2 (common with Gmail, Outlook). For Gmail, use an App Password.",
      "success_rate": 0.8,
      "how": "Enable 'Less secure app access' or generate an app-specific password if the SMTP server enforces OAuth2 (common with Gmail, Outlook). For Gmail, use an App Password.",
      "condition": "",
      "sources": []
    }
  ],
  "workarounds_zh": [
    "Verify the username and password are correct by testing with a direct SMTP session using `openssl s_client` to connect and manually issue AUTH LOGIN or AUTH PLAIN.",
    "Change the authentication mechanism in the client configuration. For PHPMailer, set `$mail->SMTPAuthType = 'PLAIN';` or for Python smtplib, use `smtp.login()` which defaults to PLAIN.",
    "Enable 'Less secure app access' or generate an app-specific password if the SMTP server enforces OAuth2 (common with Gmail, Outlook). For Gmail, use an App Password."
  ],
  "transition_graph": {
    "leads_to": [],
    "preceded_by": [],
    "frequently_confused_with": []
  },
  "official_doc_url": "https://datatracker.ietf.org/doc/html/rfc4954#section-6",
  "official_doc_section": null,
  "error_code": "535",
  "verification_tier": "ai_generated",
  "confidence": 0.9,
  "fix_success_rate": 0.88,
  "resolvable": "true",
  "first_seen": "2023-05-10",
  "last_confirmed": "2024-06-01",
  "last_updated": "2024-06-01",
  "evidence_count": 1,
  "tags": [],
  "locale": "en",
  "aliases": []
}