Almost every PHP application relies on mail functions to send contact requests, newsletters, and more.

The most secure way to send these mails is to use SMTP authentication – that is, the PHP app uses a username and password to transfer mails to an SMTP server.

But this authentication can sometimes fail with the error:

Failed to authenticate on SMTP server with username "user@example.com" using XX possible authenticators

Here at Bobcares, our Support Engineers maintain thousands of PHP web servers of web hosts, digital marketers, web developers and more. We monitor & maintain these servers, and troubleshoot tech errors.

In the course of our work, we see many reasons for the error “Failed to authenticate on SMTP server with username“. Today, we’ll take a look at the top reasons.

What is this authentication error?

Simply put, this error says, “I tried to connect to the SMTP server to authenticate, but couldn’t.”

So, it could mean:

• The PHP app wasn’t able to connect to the SMTP server, or
• The app was able to connect but the login failed.

Now, why would this happen? Let’s take a look at the top 7 causes.

1. Sender’s IP blocked

Mail mail servers are armed with brute force attack detectors. It’ll block IPs that seems to be sending automated spam.

We’ve seen cases where, after a mail campaign or testing, the sending MX’s firewall (eg. Fail2Ban) classifies the web app IP as a spam source, and blocks it.

Solution : To fix and prevent this issue, we whitelist the web app’s IP in the firewall, so that it will never be blocked again.

2. Wrong config file or PHP settings

Many PHP frameworks such as Laravel use “.env” files to store SMTP connection settings.

Sometimes, after an app update or migration, we’ve seen multiple versions of the config file, often with conflicting connection settings.

When the app uses the wrong config file, mail connection fails.

Similarly, many apps rely on default PHP settings if SMTP settings are not defined within the app. We’ve seen cases where the SMTP server name or port is specified wrong.

Solution : In such cases we systematically go through the app settings and PHP config to eliminate duplicate entries, and fix the PHP config path.

3. Firewall blocks outgoing mail

As a measure to block spam scripts, some web servers do not allow outgoing SMTP connections from web applications.

We’ve seen cases where websites that use an external server (eg. Google) to send mails are blocked because of this reason.

Solution : There are two ways to fix this:

• Use the local mail server : We help webmasters to reconfigure their app to send mails through the mail server running within the web server. This fixes the need to establish a remote SMTP connection, and prevents a future block.
• Whitelist the user : If the webmaster requires an external SMTP server (eg. corporate gateway) to be used, we whitelist the web user to remove limits on mails.

4. Connection allowed only via SSL/TLS protocol

SSL and TLS are encryption protocols used widely in SMTP.

In the past years, all versions of SSL and earlier versions of TLS are found to be vulnerable to certain attacks.

To prevent such attacks, many SMTP servers support only later versions of TLS.

But we’ve seen some web applications not supporting these new protocols, and causes the SMTP connection to fail during initial handshake.

Solution : To fix this, either the mail server needs to allow vulnerable protocols or the app needs to be updated. We always recommend the second option, as that keeps the app secure. We help web owners re-configure their apps to enable TLS 1.1 or preferably 1.2.

5. Expired password

Yes, this still happens once in a while.

Some servers are set to auto-expire the passwords, and app maintainers forget to update them in time. It causes the SMTP connection to fail.

Solution : This usually happens when the notification mail (about impending password expiry) goes to a mail ID that’s not checked by the account owner. To prevent this we set the notification mail to the right ID, and in some cases, remove password expiry from the mailbox.

6. Wrong SMTP port (25 / 587 / 456)

Some mail servers will be configured to accept mails ONLY via SSL.

SSL port for SMTP is 456, while web apps by default try to connect to port 25 – which causes the connection to fail.

Solution : To troubleshoot this issue, we look at the debug log of the app. When we see the wrong port is used, we fix the App or PHP settings to use the right port.

7. Google blocks insecure access

Some web masters use their Google accounts to send mails.

But Google enforces a set of security restrictions on connecting apps. This can include unencrypted connections, RFC compliant SMTP greeting, and so on.

If the app fails these security standards, Google prevents relay of the mail.

Solution : Ideally we resolve this by re-configuring the app to conform to Google’s standards. If it is not possible, we help the web master to “Allow less secure apps” in their Google account settings.

Bonus – Fixing the error “Unable to authenticate to SMTP server“

A related, but slightly different error is “Unable to authenticate to SMTP server”.

This error usually shows up in mail clients (eg. Thunderbird) when it is unable to establish an authentication handshake.

Two common causes are:

• Secure authentication is not supported – When the email client tries to send username & password through a secure connection, but the server doesn’t support it.
• SMTP auth is not supported – When SMTP authentication is disabled in the server, and the email client is configured to use it.

Almost all modern mail servers (Exim, Postfix, etc.) have the capability to support these features. So, in such cases, we fix the SMTP server settings to enable these features.

Conclusion

“Failed to authenticate on SMTP server with username” is a common error in PHP web applications. It occurs when the web app is unable to establish an SMTP connection to the mail server. Today we’ve seen the top 7 reasons for this error, and how Support Engineers here at Bobcares fix them.