"Password Not Accepted from Server: 535 Incorrect Authentication Data" When Sending with Gmail and PHPmailer

Password not accepted from server: 535 Incorrect authentication data when sending with GMail and phpMailer

The solution was to enable outgoing SMTP from the server settings.

On servers running cPanel's WHM, this is located under WHM's "Tweak Settings" section.

The option is to enable/disable - choose disable.

Caveat: Making this change will redirect outgoing SMTP connections allow accounts to make direct connections which may increase your odds of getting your server blacklisted.

PHPMailer: appears not to be sending password

RFC4954 provides two examples fo the AUTH PLAIN SMTP authentication mechanism. The first is like you're seeing:

S: 250 AUTH GSSAPI DIGEST-MD5 PLAIN
C: AUTH PLAIN dGVzdAB0ZXN0ADEyMzQ=
S: 235 2.7.0 Authentication successful

The second is an alternative form of the same mechanism:

S: 250 AUTH GSSAPI DIGEST-MD5 PLAIN
C: AUTH PLAIN
S: 334
C: dGVzdAB0ZXN0ADEyMzQ=
S: 235 2.7.0 Authentication successful

You can see that the two methods submit the same authentication string, but the second has an additional 334 response from the server before the auth string is sent. While this is slightly less efficient, it has the advantage that the approach is the same as is used for the similar LOGIN auth mechanism, which also uses a 334 intermediate response.

PHPMailer implements the second mechanism for PLAIN. Your server apparently doesn't like that, which I would describe as a bug; it should allow both patterns.

A simple solution is to switch to using the LOGIN mechanism which your server also supports, and there is only one version of:

$mail->AuthType = 'LOGIN';

You could also use CRAM-MD5 which is supported by both your server and PHPMailer and is marginally more secure, though over TLS it doesn't make much difference.

Gmail smtp incorrect authentication

Look at the output from that second session. The first thing the server says is that it is omniark.omniark.com, not smtp.gmail.com. This means that your connection is being intercepted and redirected to your ISP's mail server, where, of course, your gmail credentials will not work.

Before you get that far, you should have had a certificate validation failure because the host name does not match the certificate name. If this was allowed to happen, you need to fix your config to always verify certificates as otherwise you are effectively the victim of an MITM attack and have given away your credentials.

In short, your ISP is blocking your outbound connection. While I can see you're using SwiftMailer, this is covered in PHPMailer's troubleshooting guide.

I edited out your ID and password from the SMTP transcripts; you should change your password now.

phpmailer username & password not accepted

I was able to solve my problem by going here:

https://myaccount.google.com/u/0/lesssecureapps

And set the Allow Secure Apps to On.

Once I made this update, I was able to send the email.

PHPMailer authentication issue

Apparently the issue is because the host I have it on actually doesn't allow the connections to external SMTP servers. The crazy thing is that I don't get an error from the log as shown above, it acts like the login information is incorrect. I verified this is the case by uploading this information on another server completely and it works fine.

SMTPError: Password command Failed PHPMailer

Well, after a long battle I somehow managed to solve this. I activated DisplayUnlockCaptcha from the following URL:
https://accounts.google.com/b/0/DisplayUnlockCaptcha

Probably because Gmail might have viewed the logins received from PHP file lying in hosting server as untrusted requests. This is because the hosting servers may reside in different places or countries and the login authentication request received would appear different other than the one from where the Gmail account is logged in frequently. So as a security measure, it would have use some captcha mechanism in the background (which which cannot be viewed)

---

Related Topics