Search code examples
phpsmtpphpmailer

SMTPError: Password command Failed PHPMailer

The Requirement is that when the form is submitted the mail has to be sent the specified email address. For this I am using PHPMailer.

When I ran the code first time from localhost, I received Critical Security Alert received in Gmail, which I resolved by turning on "Allow Less Secure Apps" and also checked and approved the security event.

Now the code works perfectly in localhost powered by xampp but not in shared hosting. When I hit the submit button in the Form page present in shared hosting, I get the following message:

2020-02-25 09:48:40 SERVER -&gt; CLIENT: 220 smtp.gmail.com ESMTP t131sm5033428oih.35 - gsmtp<br>
2020-02-25 09:48:40 CLIENT -&gt; SERVER: EHLO www.domain_name.com<br>
2020-02-25 09:48:40 SERVER -&gt; CLIENT: 250-smtp.gmail.com at your service, [AAA.BB.CCC.DD]250-SIZE 35882577250-8BITMIME250-STARTTLS250-ENHANCEDSTATUSCODES250-PIPELINING250-CHUNKING250 SMTPUTF8<br>
2020-02-25 09:48:40 CLIENT -&gt; SERVER: STARTTLS<br>
2020-02-25 09:48:40 SERVER -&gt; CLIENT: 220 2.0.0 Ready to start TLS<br>
2020-02-25 09:48:44 CLIENT -&gt; SERVER: EHLO www.domain_name.com<br>
2020-02-25 09:48:44 SERVER -&gt; CLIENT: 250-smtp.gmail.com at your service, [AAA.BB.CCC.DD]250-SIZE 35882577250-8BITMIME250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH250-ENHANCEDSTATUSCODES250-PIPELINING250-CHUNKING250 SMTPUTF8<br>
2020-02-25 09:48:44 CLIENT -&gt; SERVER: AUTH LOGIN<br>
2020-02-25 09:48:44 SERVER -&gt; CLIENT: 334 VXNlcm5hbWU6<br>
2020-02-25 09:48:44 CLIENT -&gt; SERVER: [credentials hidden]<br>
2020-02-25 09:48:44 SERVER -&gt; CLIENT: 334 UGFzc3dvcmQ6<br>
2020-02-25 09:48:44 CLIENT -&gt; SERVER: [credentials hidden]<br>
2020-02-25 09:48:45 SERVER -&gt; CLIENT: 534-5.7.14 &lt;https://accounts.google.com/signin/continue?sarp=1&amp;scc=1&amp;plt=AKgnsbv534-5.7.14 ymrjiXdYur3ddtR_6o2GrGNO2DfOQ7VhdphcGz7dq3__0gTNj1-oIXqZ__3KYGCWXt-ZC534-5.7.14 znNW-khosAGrPwCN1mDscVVYa5ms25Ann9jrAUU39WELRqwVrSmhOMGa91Ec4JRu&gt;534-5.7.14 Please log in via your web browser and then try again.534-5.7.14  Learn more at534 5.7.14  https://support.google.com/mail/answer/78754 t131sm5033428oih.35 - gsmtp<br>
2020-02-25 09:48:45 SMTP ERROR: Password command failed: 534-5.7.14 &lt;https://accounts.google.com/signin/continue?sarp=1&amp;scc=1&amp;plt=AKgnsbv534-5.7.14 ymrjiXdYur3ddtR_6o2GrGNO2DfOQ7VhdphcGz7dq3__0gTNj1-oIXqZ__3KYGCWXt-ZC534-5.7.14 znNW-khosAGrPwCN1mDscVVYa5ms25Ann9jrAUU39WELRqwVrSmhOMGa91Ec4JRu&gt;534-5.7.14 Please log in via your web browser and then try again.534-5.7.14  Learn more at534 5.7.14  https://support.google.com/mail/answer/78754 t131sm5033428oih.35 - gsmtp<br>
SMTP Error: Could not authenticate.<br>
2020-02-25 09:48:45 CLIENT -&gt; SERVER: QUIT<br>
2020-02-25 09:48:45 SERVER -&gt; CLIENT: 221 2.0.0 closing connection t131sm5033428oih.35 - gsmtp<br>
SMTP Error: Could not authenticate.<br>

The PHPMailer code for sending mail follows:

try {
            //Server settings
            $mail->SMTPDebug = SMTP::DEBUG_SERVER;                      // Enable verbose debug output
            $mail->isSMTP();                                            // Send using SMTP

            $mail->Host       = 'smtp.gmail.com';                           // Set the SMTP server to send through
            $mail->SMTPAuth   = true;                                   // Enable SMTP authentication
            $mail->isHTML();
            $mail->Username   = 'username@gmail.com';   // SMTP username
            $mail->Password   = 'password';                     // SMTP password

            $mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS;         // Enable TLS encryption; `PHPMailer::ENCRYPTION_SMTPS` also accepted
            $mail->Port       = 587;                                    // TCP port to connect to

            //Recipients
            $mail->setFrom('username@gmail.com');
            $mail->addAddress('username@yahoo.com');    // Add a recipient

            // Content
            $mail->isHTML(true);                                        // Set email format to HTML
            $mail->Subject = 'Mail subject';
            $mail->Body = 'Mail Body';

            $mail->send();
            echo 'done';
        } catch (Exception $e) {
            echo "Mailer";
        }


The following actions have been taken:

  1. Username and Password combination is correct and is not expired. Verified manually by logging via web and also sending mails from the localhost.

  2. $mail->SMTPAuth=false cannot be set because majority of shared hosting providers seems to have disabled this for security reasons (mainly to avoid spamming and sending of unsolicited emails)

Solution

  • Well, after a long battle I somehow managed to solve this. I activated DisplayUnlockCaptcha from the following URL: https://accounts.google.com/b/0/DisplayUnlockCaptcha

    Probably because Gmail might have viewed the logins received from PHP file lying in hosting server as untrusted requests. This is because the hosting servers may reside in different places or countries and the login authentication request received would appear different other than the one from where the Gmail account is logged in frequently. So as a security measure, it would have use some captcha mechanism in the background (which which cannot be viewed)