Not sending email through external smtp server

Just installed a clean version 3.5.5 and configured as I had another site. Everything seems to work except mail is not making it out. My email servers uses text username and password (no encryption). Checking the long, I see this:
SMTP Server: AUTH failed, username, password 1fd42f91e1a33aecbf19866306f953a2

What setting do I have incorrect that’s causing it to attempt to send encrypted password? The older site has: define (“ENCRYPTION_ALGO”, ‘sha256’
while the new one has: define (‘HASH_ALGO’, ‘sha256’)


@Digiplay Those settings are for phplist passwords, not the SMTP connection. You need to look at the settings for SMTP that are explained in config_extended.php to see which might be causing the problem.

I had copied the extended and replaced config.php. Should I not have done that?

In the copied extended version, I have the following statements in “Message sending options”:
define(‘PHPMAILERHOST’, ‘’);
$phpmailer_smtpuser = ‘’;
$phpmailer_smtppassword = ‘password’;
define(‘PHPMAILERPORT’,non-standard port we use);

These two are not in the other site’s config.php so left them false
define(‘POP_BEFORE_SMTP’, false);
define(‘POPBEFORESMTP_DEBUG’, false);

@Digiplay You can enable smtp debug as explained in the config file then send a test message. There will be some output at the top of the page showing the dialog between phplist and the mail server, which might help to understand what is happening.

I will try that, but the snip I showed was what was received at my smtp server, which indicates the password is being sent encrypted, rather than plain text. That appears to be the problem. I just don’t know how to turn off the encryption. I tried adding the (PHPMAILER_SECURE, false) but that hasn’t changed the result. Still showing an encrypted password. What follows password is the password that was transmitted to the SMTP server.

SMTP Server: AUTH failed, username, password 1fd42f91e1a33aecbf19866306f953a2

Unable to get debug working after changing setting. Still indicates that it’s not sending correct (I suspect encrypted) password according to SMTP server’s log. Is there some setting that controls password encryption? I do have (PHPMAILER_SECURE, false) in the config.php file.

It is straightforward. Add this to config.php then edit the campaign and send a test email to yourself. There will be debug output at the top of the page


Did what you suggested. Nothing informative was provided other than the email failed. the log in phpList provided the following: Error sending email to SMTP connect() failed.

The log file from my SMTP server provided the following: [I-075] Aug 14 16:26:42 []SMTP Server: AUTH failed, username, password 791b285d8462e1241601271b172098d0

The password should be the real password, but it appears to be hex. My server only uses plaintext authentication. I have to get phpList to use that. I cannot find where that setting would be.

@Digiplay With debug level 3 I get the SMTP dialog output starting with

2020-08-15 03:01:50 Connection: opening to localhost:2525, timeout=5, options=array()
2020-08-15 03:01:50 Connection: opened
2020-08-15 03:01:50 SERVER -> CLIENT: 220 duncan-OptiPlex-990 ESMTP SubEthaSMTP null
2020-08-15 03:01:50 CLIENT -> SERVER: EHLO strontian
2020-08-15 03:01:50 SERVER -> CLIENT: 250-duncan-OptiPlex-990250-8BITMIME250-AUTH LOGIN250 Ok 

If you are not getting something similar then you’re not making the correct config change. In your case the dialog might explain why the password is not being sent in plain text.

I have added "define (‘PHPMAILER_SMTP_DEBUG’. 3); " to the CONFIG.PHP file. I do not see anything new when the queue is processed. Nothing like what you’ve shown above. I still see the same thing in the SMTP server’s log.

[I-075] Aug 16 13:19:40 []SMTP Server: AUTH failed, username, password ded4840cc69efba19a3553efba021e92
[I-075] Aug 16 13:19:41 []SMTP Server: AUTH failed, username, password 6f8c637733084e7129c49d7e06ed50d6
[I-075] Aug 16 13:19:41 []SMTP Server: AUTH failed, username, password d27f777e8678ce9e025828333a726189
[I-075] Aug 16 13:19:42 []SMTP Server: AUTH failed, username, password 13cc273989fb7850feb1dd192fea1593
[I-075] Aug 16 13:19:42 []SMTP Server: AUTH failed, username, password 61e33ce8ad2612389045d827315246be

Interesting thing, it tries 4 times with what appears to be different passwords each time and they still appear encrypted.

I thought this might be the encryption a couple tries ago, added: ‘define(“PHPMAILER_SECURE”, false)’ This did not make any change in what appears in the SMTP server’s log.

The output is when you send a test message while composing the campaign.

OK. Didn’t think to try that. Here’s the result:

Connection: opening to, timeout=5, options=array ()
Connection: opened
SERVER -> CLIENT: 220 ESMTP (IOA-IPAD 9.11at1) ready at Sun, 16 Aug 2020 16:01:00 -0500
SERVER -> CLIENT: Hello [], pleased to meet you250-EXPN250-SIZE250-HELP250-ETRN250 AUTH CRAM-MD5 PLAIN LOGIN
SERVER -> CLIENT: 334 PDIwMjAwODE2MTYwMS5mNjdiNzNAZGlnaWxpbngubmV0Pg==
SERVER -> CLIENT: 535 Authentication failed.
SMTP ERROR: Username command failed: 535 Authentication failed.
SMTP Error: Could not authenticate.
SERVER -> CLIENT: 221 closing connection
Connection: closed
SMTP connect() failed.

From my SMTP server:
[I-075] Aug 16 16:01:00 []SMTP Server: AUTH failed, username, password 0fdb25a0094dd17b8286ebe235b92591

@Digiplay the mail server is offering CRAM-MD5 authentication and that is being chosen by phpmailer, the package used by phplist, for authentication.

Can you configure the mail server to offer only PLAIN?
phplist doesn’t provide a configuration for the authentication method, so otherwise you will need to modify either phplist code or phpmailer code.

Possibly the simplest is the phpmailer file admin/PHPMailer6/src/SMTP.php around line 485

            foreach (['CRAM-MD5', 'LOGIN', 'PLAIN', 'XOAUTH2'] as $method) {

Try removing CRAM-MD5 from that list.

or lin 451 of file admin/PHPMailer/class.smtp.php if you are not using PHPMailer 6.

            foreach (array('CRAM-MD5', 'LOGIN', 'PLAIN', 'NTLM', 'XOAUTH2') as $method) {

@duncanc i have the same authentication error and i cannot do plain password as you said.

*The other 2 options you mention to remove CRAM-MD5 from line 485. I dont know but now in new version its only remark lines. *

Can you please write in details what else can be possible Foreach line is on 527 and not 485.

527        foreach (['CRAM-MD5', 'LOGIN', 'PLAIN', 'XOAUTH2'] as $method) {
528                  if (in_array($method, $this->server_caps['AUTH'], true)) {
529                    $authtype = $method;
 530                       break;

483      * @param string $username The user name
484      * @param string $password The password
485      * @param string $authtype The auth type (CRAM-MD5, PLAIN, LOGIN, XOAUTH2)
486      * @param OAuthTokenProvider $OAuth An optional OAuthTokenProvider instance for XOAUTH2 authentication

i tried removing cram-md5 from the list but nothing change.

I will appreciate what to do with Authentication failed, my detailed message almost similar

2023-05-19 10:43:02 Connection: opening to ssl:   //email**** .icu:465, timeout=5, options=array()
2023-05-19 10:43:02 Connection: opened
2023-05-19 10:43:02 SERVER -> CLIENT: 220 static.*********   clients your-server de SMTP server
2023-05-19 10:43:02 CLIENT -> SERVER: EHLO email****.   icu
2023-05-19 10:43:02 SERVER -> CLIENT: 250-static.******95 clients your-server de Hello email****. 
2023-05-19 10:43:02 CLIENT -> SERVER: AUTH CRAM-MD5
2023-05-19 10:43:02 SERVER -> CLIENT: 435 Unable to authenticate at present
2023-05-19 10:43:02 SMTP ERROR: AUTH CRAM-MD5 command failed: 435 Unable to authenticate at present
SMTP Error: Could not authenticate.
2023-05-19 10:43:02 CLIENT -> SERVER: QUIT
2023-05-19 10:43:02 SERVER -> CLIENT: 221 static.********95.  clients.   your-server. de closing connection
2023-05-19 10:43:02 Connection: closed
SMTP connect() failed. github   -------/wiki/Troubleshooting

It has been awhile since I have looked into this. I believe you have to specify the method of authentication you want to use, not let it default to what it wants to try.

Thank you, @Digiplay but where can you elaborate more. I could not find where to select the authentication method. Not even in their latest version.

I’m not on the current version at the moment. I wasn’t able to find that particular stuff in the config file, so it may have changed since I had written my response. I ended up using the config_extended version to be able to tweak a few items. You will need to look through that and see if there are options to solved the problem. Also, read the documentation carefully to see what each setting will do for you.

@mmsaaa The line to change is now 527 as you indicated. You can try enabling smtp debug see my earlier reply Not sending email through external smtp server - #6 by Digiplay

Otherwise you will need to raise the problem with your hosting company.

Thank you so much for writing back. Its an old topic but errors are same.

You said try removing, you mean i have to take out CRAM-MD5 from line 527 because that is what I did but its still giving the same error. I posted debugged lines earlier in my post above its almost similar to the one 3 years ago. At the moment i am reinstalling my VPS but your guidance can help me.

Please neto: I am using the same server where my domain is installed. But i dont want to use php mailer and instead want to sent through SMTP, so I have to give SMTP setting of the domain or no.

@Digiplay Set the debug level to 4 which might give more information about which authentication method is being selected