Failed to send email. Reason: Invalid login: 535 Authentication failed

Developer help Self-hosting
1

Hi everyone :wave:,

I’m getting the same "Failed to send email. Reason: Invalid login: 535 Authentication failed. " error when clicking the “Forgot?”-link on the admin login screen of my self-hosted website which I needed to do since my login credentials didn’t work anymore.

Also: New subscribers are met with an “Failed to send magic link.”-error in the portal.

My transactional email config with sensitive info xxx-ed out (which has been working fine in the past two years or so) below:

“mail”: {
“transport”: “SMTP”,
“options”: {
“service”: “Mailgun”,
“host”: “smtp.eu.mailgun.org”,
“port”: 465,
“secure”: true,
“auth”: {
“user”: “ghost@xxx.be”,
“pass”: “xxx”
}
}
},

Steps already undertaken:

  • gazillion-checked the transactional mail config (inc. user credentials)
  • refreshed mailgun smtp password and updated in config
  • cleared cache and restarted ghost instance
  • migrated to a new Digital Ocean droplet using the marketplace image and importing all content
  • repeated the steps above on the new droplet/instance

I’m now officially clueless. Help. :frowning::wink:

2

Try setting “secure” to “false”.

The “false” is confusing – it’s still secure. Have a look here, for example:

3

Thank you Jannis! Never bothered to try changing that parameter since it had been working this way for a few years now. Just tried it and there is good and bad news:

The error message (when clicking “Forgot?”) changed to “Failed to send email. Reason: Greeting never received.”

For new subscribers still the “Failed to send magic link email”.

4

What do your server logs say? That’s usually more helpful to debug specific issues like this :slight_smile:

5 
[2024-04-04 14:39:36] ERROR "POST /members/api/send-magic-link/" 500 30142ms

NAME: EmailError
CODE: ETIMEDOUT
MESSAGE: Failed to send email. Reason: Greeting never received.

level: normal

"Please see https://ghost.org/docs/config/#mail for instructions on configuring email."
Error: Greeting never received
    at createMailError (/var/www/ghost/versions/5.81.1/core/server/services/mail/GhostMailer.js:105:12)
    at SMTPConnection._formatError (/var/www/ghost/versions/5.81.1/node_modules/nodemailer/lib/smtp-connection/index.js:798:19)
    at SMTPConnection._onError (/var/www/ghost/versions/5.81.1/node_modules/nodemailer/lib/smtp-connection/index.js:784:20)
    at Timeout.<anonymous> (/var/www/ghost/versions/5.81.1/node_modules/nodemailer/lib/smtp-connection/index.js:718:22)
    at listOnTimeout (node:internal/timers:569:17)
    at process.processTimers (node:internal/timers:512:7)
6

Okay, my bad. The “secure: false” is for port 587, not 465.

Might be worth trying that port to see if it resolves the issue(s)?

7

The above error is for the new subscriber-error in the portal. The one below for the password reset.

[2024-04-04 14:41:49] ERROR "POST /ghost/api/admin/authentication/password_reset/" 500 30321ms

NAME: EmailError
CODE: ETIMEDOUT
MESSAGE: Failed to send email. Reason: Greeting never received.

level: normal

"Please see https://ghost.org/docs/config/#mail for instructions on configuring email."
Error: Greeting never received
    at createMailError (/var/www/ghost/versions/5.81.1/core/server/services/mail/GhostMailer.js:105:12)
    at SMTPConnection._formatError (/var/www/ghost/versions/5.81.1/node_modules/nodemailer/lib/smtp-connection/index.js:798:19)
    at SMTPConnection._onError (/var/www/ghost/versions/5.81.1/node_modules/nodemailer/lib/smtp-connection/index.js:784:20)
    at Timeout.<anonymous> (/var/www/ghost/versions/5.81.1/node_modules/nodemailer/lib/smtp-connection/index.js:718:22)
    at listOnTimeout (node:internal/timers:569:17)
    at process.processTimers (node:internal/timers:512:7)
8

Now we’re back to:

[2024-04-04 14:46:35] ERROR "POST /ghost/api/admin/authentication/password_reset/" 500 204ms

NAME: EmailError
CODE: EAUTH
MESSAGE: Failed to send email. Reason: Invalid login: 535 Authentication failed.

level: normal

"Please see https://ghost.org/docs/config/#mail for instructions on configuring email."
Error: Invalid login: 535 Authentication failed
    at createMailError (/var/www/ghost/versions/5.81.1/core/server/services/mail/GhostMailer.js:105:12)
    at SMTPConnection._formatError (/var/www/ghost/versions/5.81.1/node_modules/nodemailer/lib/smtp-connection/index.js:798:19)
    at SMTPConnection._actionAUTHComplete (/var/www/ghost/versions/5.81.1/node_modules/nodemailer/lib/smtp-connection/index.js:1577:34)
    at SMTPConnection.<anonymous> (/var/www/ghost/versions/5.81.1/node_modules/nodemailer/lib/smtp-connection/index.js:554:26)
    at SMTPConnection._processResponse (/var/www/ghost/versions/5.81.1/node_modules/nodemailer/lib/smtp-connection/index.js:982:20)
    at SMTPConnection._onData (/var/www/ghost/versions/5.81.1/node_modules/nodemailer/lib/smtp-connection/index.js:763:14)
    at SMTPConnection._onSocketData (/var/www/ghost/versions/5.81.1/node_modules/nodemailer/lib/smtp-connection/index.js:195:44)
    at TLSSocket.emit (node:events:514:28)
    at TLSSocket.emit (node:domain:489:12)
    at addChunk (node:internal/streams/readable:324:12)
    at readableAddChunk (node:internal/streams/readable:297:9)
    at Readable.push (node:internal/streams/readable:234:10)
    at TLSWrap.onStreamRead (node:internal/stream_base_commons:190:23)
9

I’d have a look at this thread, particularly the recommendations to check with SWAKS and startTLS.

1 Like
10

Thank you @Cathy_Sarisky !

The only thing in the swaks-output that seems off is:

<** 501 Username used for auth is not valid email address

The e-mail I’ve used all these years never was valid (no inbox coupled). Have requirements changed? (complete swaks-output below)

=== Trying smtp.mailgun.org:25...
=== Connected to smtp.mailgun.org.
<-  220 Mailgun Influx ready
 -> EHLO ghost-pixii-003
<-  250-eec0716b8124
<-  250-AUTH PLAIN LOGIN
<-  250-SIZE 52428800
<-  250-8BITMIME
<-  250-SMTPUTF8
<-  250-PIPELINING
<-  250 STARTTLS
 -> AUTH LOGIN
<-  334 VXNlcm5hbWU6
 -> WU9VUi1TTVRQLVVTRVI=
<-  334 UGFzc3dvcmQ6
 -> WU9VUi1TTVRQLVBBU1NXT1JE
<** 501 Username used for auth is not valid email address
 -> AUTH PLAIN AFlPVVItU01UUC1VU0VSAFlPVVItU01UUC1QQVNTV09SRA==
<** 535 Authentication failed
*** No authentication type succeeded
 -> QUIT
*** Remote host closed connection unexpectedly.
11

Check that the sending domain has a valid SPF record. My guess is that you have a MX for the bare domain and also a subdomain for use with Mailgun.

12

Thank you @mjw !

The SPF-record and DKIM-record for the subdomain I’m using seem to be valid (used a online tool to check validity) and I added a DMARC-record just to be sure. No difference.

I also added a new smtp-user in Mailgun en changed the credentials in de config, just in case. No difference.

I have been changing the port, secure and requireTLS parameters but no combination seems to change anything.

Current config:

  "mail": {
    "from": "communicatie@pixii.be",
    "transport": "SMTP",
    "options": {
      "service": "Mailgun",
      "host": "smtp.eu.mailgun.org",
      "port": 465,
      "secure": true,
      "auth": {
        "user": "ghost@mg.pixii.be",
        "pass": "[real password removed]"
      }
    }
  },

Do you have any other ideas? I’d love to hear them. :wink:

13

I suggest you use SWAKS to diagnose the issue. Search the forum for details.

1 Like
14

Thank you @mjw for keeping pointing me in the right direction. After a good night’s sleep my brain was able to troubleshoot again! Using swaks (and filling in the right parameters in the placeholders :roll_eyes:) I searched for articles containing the error code returned on mailgun.com and end up on this page about the IP Allowlist. (https://help.mailgun.com/hc/en-us/articles/360012244474-IP-Allowlist)

The problem was that I migrated ghost to a new Digital Ocean droplet, so the IP changed and I didn’t update the IP allowlist…

3 Likes