# 535 5.7.8 身份验证凭据无效

- **ID:** `communication/smtp-535-authentication-failed`
- **领域:** communication
- **类别:** auth_error
- **错误码:** `535`
- **验证级别:** ai_generated
- **修复率:** 88%

## 根因

SMTP 服务器因用户名、密码错误或身份验证机制不受支持（例如 LOGIN 与 PLAIN）而拒绝客户端的身份验证尝试。

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| Postfix 3.8 | active | — | — |
| Exim 4.97 | active | — | — |
| Sendmail 8.18 | active | — | — |
| Microsoft Exchange 2019 | active | — | — |

## 解决方案

1. ```
   Verify the username and password are correct by testing with a direct SMTP session using `openssl s_client` to connect and manually issue AUTH LOGIN or AUTH PLAIN.
   ```
2. ```
   Change the authentication mechanism in the client configuration. For PHPMailer, set `$mail->SMTPAuthType = 'PLAIN';` or for Python smtplib, use `smtp.login()` which defaults to PLAIN.
   ```
3. ```
   Enable 'Less secure app access' or generate an app-specific password if the SMTP server enforces OAuth2 (common with Gmail, Outlook). For Gmail, use an App Password.
   ```

## 无效尝试

- **Re-enter the same password in the application config** — If the password is already correct but the mechanism is wrong, re-entering the same value won't help. The error is often about mechanism mismatch. (70% 失败率)
- **Disable TLS/SSL on the SMTP connection** — Many SMTP servers require TLS for authentication. Disabling TLS prevents any AUTH command from working. (85% 失败率)
- **Use port 25 instead of 587 for submission** — Port 25 typically does not require authentication. Switching to port 25 bypasses the need for credentials but may be blocked by ISPs or violate RFC. (60% 失败率)