Not sending email through external smtp server

Just installed a clean version 3.5.5 and configured as I had another site. Everything seems to work except mail is not making it out. My email servers uses text username and password (no encryption). Checking the long, I see this:
SMTP Server: AUTH failed, username, password 1fd42f91e1a33aecbf19866306f953a2

What setting do I have incorrect that’s causing it to attempt to send encrypted password? The older site has: define (“ENCRYPTION_ALGO”, ‘sha256’
while the new one has: define (‘HASH_ALGO’, ‘sha256’)


@Digiplay Those settings are for phplist passwords, not the SMTP connection. You need to look at the settings for SMTP that are explained in config_extended.php to see which might be causing the problem.

I had copied the extended and replaced config.php. Should I not have done that?

In the copied extended version, I have the following statements in “Message sending options”:
define(‘PHPMAILERHOST’, ‘’);
$phpmailer_smtpuser = ‘’;
$phpmailer_smtppassword = ‘password’;
define(‘PHPMAILERPORT’,non-standard port we use);

These two are not in the other site’s config.php so left them false
define(‘POP_BEFORE_SMTP’, false);
define(‘POPBEFORESMTP_DEBUG’, false);

@Digiplay You can enable smtp debug as explained in the config file then send a test message. There will be some output at the top of the page showing the dialog between phplist and the mail server, which might help to understand what is happening.

I will try that, but the snip I showed was what was received at my smtp server, which indicates the password is being sent encrypted, rather than plain text. That appears to be the problem. I just don’t know how to turn off the encryption. I tried adding the (PHPMAILER_SECURE, false) but that hasn’t changed the result. Still showing an encrypted password. What follows password is the password that was transmitted to the SMTP server.

SMTP Server: AUTH failed, username, password 1fd42f91e1a33aecbf19866306f953a2

Unable to get debug working after changing setting. Still indicates that it’s not sending correct (I suspect encrypted) password according to SMTP server’s log. Is there some setting that controls password encryption? I do have (PHPMAILER_SECURE, false) in the config.php file.

It is straightforward. Add this to config.php then edit the campaign and send a test email to yourself. There will be debug output at the top of the page


Did what you suggested. Nothing informative was provided other than the email failed. the log in phpList provided the following: Error sending email to SMTP connect() failed.

The log file from my SMTP server provided the following: [I-075] Aug 14 16:26:42 []SMTP Server: AUTH failed, username, password 791b285d8462e1241601271b172098d0

The password should be the real password, but it appears to be hex. My server only uses plaintext authentication. I have to get phpList to use that. I cannot find where that setting would be.

@Digiplay With debug level 3 I get the SMTP dialog output starting with

2020-08-15 03:01:50 Connection: opening to localhost:2525, timeout=5, options=array()
2020-08-15 03:01:50 Connection: opened
2020-08-15 03:01:50 SERVER -> CLIENT: 220 duncan-OptiPlex-990 ESMTP SubEthaSMTP null
2020-08-15 03:01:50 CLIENT -> SERVER: EHLO strontian
2020-08-15 03:01:50 SERVER -> CLIENT: 250-duncan-OptiPlex-990250-8BITMIME250-AUTH LOGIN250 Ok 

If you are not getting something similar then you’re not making the correct config change. In your case the dialog might explain why the password is not being sent in plain text.

I have added "define (‘PHPMAILER_SMTP_DEBUG’. 3); " to the CONFIG.PHP file. I do not see anything new when the queue is processed. Nothing like what you’ve shown above. I still see the same thing in the SMTP server’s log.

[I-075] Aug 16 13:19:40 []SMTP Server: AUTH failed, username, password ded4840cc69efba19a3553efba021e92
[I-075] Aug 16 13:19:41 []SMTP Server: AUTH failed, username, password 6f8c637733084e7129c49d7e06ed50d6
[I-075] Aug 16 13:19:41 []SMTP Server: AUTH failed, username, password d27f777e8678ce9e025828333a726189
[I-075] Aug 16 13:19:42 []SMTP Server: AUTH failed, username, password 13cc273989fb7850feb1dd192fea1593
[I-075] Aug 16 13:19:42 []SMTP Server: AUTH failed, username, password 61e33ce8ad2612389045d827315246be

Interesting thing, it tries 4 times with what appears to be different passwords each time and they still appear encrypted.

I thought this might be the encryption a couple tries ago, added: ‘define(“PHPMAILER_SECURE”, false)’ This did not make any change in what appears in the SMTP server’s log.

The output is when you send a test message while composing the campaign.

OK. Didn’t think to try that. Here’s the result:

Connection: opening to, timeout=5, options=array ()
Connection: opened
SERVER -> CLIENT: 220 ESMTP (IOA-IPAD 9.11at1) ready at Sun, 16 Aug 2020 16:01:00 -0500
SERVER -> CLIENT: Hello [], pleased to meet you250-EXPN250-SIZE250-HELP250-ETRN250 AUTH CRAM-MD5 PLAIN LOGIN
SERVER -> CLIENT: 334 PDIwMjAwODE2MTYwMS5mNjdiNzNAZGlnaWxpbngubmV0Pg==
SERVER -> CLIENT: 535 Authentication failed.
SMTP ERROR: Username command failed: 535 Authentication failed.
SMTP Error: Could not authenticate.
SERVER -> CLIENT: 221 closing connection
Connection: closed
SMTP connect() failed.

From my SMTP server:
[I-075] Aug 16 16:01:00 []SMTP Server: AUTH failed, username, password 0fdb25a0094dd17b8286ebe235b92591

@Digiplay the mail server is offering CRAM-MD5 authentication and that is being chosen by phpmailer, the package used by phplist, for authentication.

Can you configure the mail server to offer only PLAIN?
phplist doesn’t provide a configuration for the authentication method, so otherwise you will need to modify either phplist code or phpmailer code.

Possibly the simplest is the phpmailer file admin/PHPMailer6/src/SMTP.php around line 485

            foreach (['CRAM-MD5', 'LOGIN', 'PLAIN', 'XOAUTH2'] as $method) {

Try removing CRAM-MD5 from that list.

or lin 451 of file admin/PHPMailer/class.smtp.php if you are not using PHPMailer 6.

            foreach (array('CRAM-MD5', 'LOGIN', 'PLAIN', 'NTLM', 'XOAUTH2') as $method) {