535
communication
auth_error
ai_generated
true
535 5.7.8 身份验证凭据无效
535 5.7.8 Authentication credentials invalid
ID: communication/smtp-535-authentication-failed
88%修复率
90%置信度
1证据数
2023-05-10首次发现
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| Postfix 3.8 | active | — | — | — |
| Exim 4.97 | active | — | — | — |
| Sendmail 8.18 | active | — | — | — |
| Microsoft Exchange 2019 | active | — | — | — |
根因分析
SMTP 服务器因用户名、密码错误或身份验证机制不受支持(例如 LOGIN 与 PLAIN)而拒绝客户端的身份验证尝试。
English
SMTP server rejects the client's authentication attempt due to incorrect username, password, or unsupported authentication mechanism (e.g., LOGIN vs PLAIN).
官方文档
https://datatracker.ietf.org/doc/html/rfc4954#section-6解决方案
-
Verify the username and password are correct by testing with a direct SMTP session using `openssl s_client` to connect and manually issue AUTH LOGIN or AUTH PLAIN.
-
Change the authentication mechanism in the client configuration. For PHPMailer, set `$mail->SMTPAuthType = 'PLAIN';` or for Python smtplib, use `smtp.login()` which defaults to PLAIN.
-
Enable 'Less secure app access' or generate an app-specific password if the SMTP server enforces OAuth2 (common with Gmail, Outlook). For Gmail, use an App Password.
无效尝试
常见但无效的做法:
-
Re-enter the same password in the application config
70% 失败
If the password is already correct but the mechanism is wrong, re-entering the same value won't help. The error is often about mechanism mismatch.
-
Disable TLS/SSL on the SMTP connection
85% 失败
Many SMTP servers require TLS for authentication. Disabling TLS prevents any AUTH command from working.
-
Use port 25 instead of 587 for submission
60% 失败
Port 25 typically does not require authentication. Switching to port 25 bypasses the need for credentials but may be blocked by ISPs or violate RFC.