SMTPError: Password command Failed PHPMailer

Question

The Requirement is that when the form is submitted the mail has to be sent the specified email address. For this I am using PHPMailer.

When I ran the code first time from localhost, I received Critical Security Alert received in Gmail, which I resolved by turning on "Allow Less Secure Apps" and also checked and approved the security event.

Now the code works perfectly in localhost powered by xampp but not in shared hosting. When I hit the submit button in the Form page present in shared hosting, I get the following message:

2020-02-25 09:48:40 SERVER -&gt; CLIENT: 220 smtp.gmail.com ESMTP t131sm5033428oih.35 - gsmtp<br>
2020-02-25 09:48:40 CLIENT -&gt; SERVER: EHLO www.domain_name.com<br>
2020-02-25 09:48:40 SERVER -&gt; CLIENT: 250-smtp.gmail.com at your service, [AAA.BB.CCC.DD]250-SIZE 35882577250-8BITMIME250-STARTTLS250-ENHANCEDSTATUSCODES250-PIPELINING250-CHUNKING250 SMTPUTF8<br>
2020-02-25 09:48:40 CLIENT -&gt; SERVER: STARTTLS<br>
2020-02-25 09:48:40 SERVER -&gt; CLIENT: 220 2.0.0 Ready to start TLS<br>
2020-02-25 09:48:44 CLIENT -&gt; SERVER: EHLO www.domain_name.com<br>
2020-02-25 09:48:44 SERVER -&gt; CLIENT: 250-smtp.gmail.com at your service, [AAA.BB.CCC.DD]250-SIZE 35882577250-8BITMIME250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH250-ENHANCEDSTATUSCODES250-PIPELINING250-CHUNKING250 SMTPUTF8<br>
2020-02-25 09:48:44 CLIENT -&gt; SERVER: AUTH LOGIN<br>
2020-02-25 09:48:44 SERVER -&gt; CLIENT: 334 VXNlcm5hbWU6<br>
2020-02-25 09:48:44 CLIENT -&gt; SERVER: [credentials hidden]<br>
2020-02-25 09:48:44 SERVER -&gt; CLIENT: 334 UGFzc3dvcmQ6<br>
2020-02-25 09:48:44 CLIENT -&gt; SERVER: [credentials hidden]<br>
2020-02-25 09:48:45 SERVER -&gt; CLIENT: 534-5.7.14 &lt;https://accounts.google.com/signin/continue?sarp=1&amp;scc=1&amp;plt=AKgnsbv534-5.7.14 ymrjiXdYur3ddtR_6o2GrGNO2DfOQ7VhdphcGz7dq3__0gTNj1-oIXqZ__3KYGCWXt-ZC534-5.7.14 znNW-khosAGrPwCN1mDscVVYa5ms25Ann9jrAUU39WELRqwVrSmhOMGa91Ec4JRu&gt;534-5.7.14 Please log in via your web browser and then try again.534-5.7.14  Learn more at534 5.7.14  https://support.google.com/mail/answer/78754 t131sm5033428oih.35 - gsmtp<br>
2020-02-25 09:48:45 SMTP ERROR: Password command failed: 534-5.7.14 &lt;https://accounts.google.com/signin/continue?sarp=1&amp;scc=1&amp;plt=AKgnsbv534-5.7.14 ymrjiXdYur3ddtR_6o2GrGNO2DfOQ7VhdphcGz7dq3__0gTNj1-oIXqZ__3KYGCWXt-ZC534-5.7.14 znNW-khosAGrPwCN1mDscVVYa5ms25Ann9jrAUU39WELRqwVrSmhOMGa91Ec4JRu&gt;534-5.7.14 Please log in via your web browser and then try again.534-5.7.14  Learn more at534 5.7.14  https://support.google.com/mail/answer/78754 t131sm5033428oih.35 - gsmtp<br>
SMTP Error: Could not authenticate.<br>
2020-02-25 09:48:45 CLIENT -&gt; SERVER: QUIT<br>
2020-02-25 09:48:45 SERVER -&gt; CLIENT: 221 2.0.0 closing connection t131sm5033428oih.35 - gsmtp<br>
SMTP Error: Could not authenticate.<br>

The PHPMailer code for sending mail follows:

try {
            //Server settings
            $mail->SMTPDebug = SMTP::DEBUG_SERVER;                      // Enable verbose debug output
            $mail->isSMTP();                                            // Send using SMTP

            $mail->Host       = 'smtp.gmail.com';                           // Set the SMTP server to send through
            $mail->SMTPAuth   = true;                                   // Enable SMTP authentication
            $mail->isHTML();
            $mail->Username   = 'username@gmail.com';   // SMTP username
            $mail->Password   = 'password';                     // SMTP password

            $mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS;         // Enable TLS encryption; `PHPMailer::ENCRYPTION_SMTPS` also accepted
            $mail->Port       = 587;                                    // TCP port to connect to

            //Recipients
            $mail->setFrom('username@gmail.com');
            $mail->addAddress('username@yahoo.com');    // Add a recipient

            // Content
            $mail->isHTML(true);                                        // Set email format to HTML
            $mail->Subject = 'Mail subject';
            $mail->Body = 'Mail Body';

            $mail->send();
            echo 'done';
        } catch (Exception $e) {
            echo "Mailer";
        }

The following actions have been taken:

1. Username and Password combination is correct and is not expired. Verified manually by logging via web and also sending mails from the localhost.

2. $mail->SMTPAuth=false cannot be set because majority of shared hosting providers seems to have disabled this for security reasons (mainly to avoid spamming and sending of unsolicited emails)

Answer 1

Just for others info! To resolve this issue you have to go to:

https://myaccount.google.com/security?pli=1#connectedapps then click Allow less secure app to YES

what does it mean to be less secure app? could we change our FAQ instructions and/or implementation so that users do not need to do this extra step?

if not possible, we should at least document in FAQ that user also need to change the setting on their google security account

Your solution :

Your server not supporting phpmailer.

Your account taken as a spam read here : Prevent mail to Gmail users from being blocked or sent to spam

Use or fix App password

If you've turned on 2-Step Verification and are trying to sign in to your Google Account through a device, mobile app, or desktop app, you'll need to enter an App Password.

See more and follow steps here : Use or fix App password

If you're using SMTP (ie you're calling isSMTP() ), you can get a detailed transcript of the SMTP conversation using the SMTPDebug property. The settings are as follows:

Enabling debug output and troubleshooting

If you are having problems connecting or sending emails through your SMTP server, the SMTP class can provide more information about the processing/errors taking place.

Use the debug functionality of the class to see what's going on in your connections. To do that, set the debug level in your script.

Allow error levels For example:

$mail->SMTPDebug = SMTP::DEBUG_SERVER;
$mail->SMTPDebug = 4; //from 1 to 4 to get more details.

I had error almost same and this code was solved my problem because of my self signed certificate.

$mail->SMTPOptions = array(
    'ssl' => array(
    'verify_peer' => false,
    'verify_peer_name' => false,
    'allow_self_signed' => true
    )
);

Once again see SMTP Debugging

Debug levels

Debug output format

Looks like you are trying to connect by curl api or something SERVER: EHLO if so! please add your codes to question.

Answer 2

Well, after a long battle I somehow managed to solve this. I activated DisplayUnlockCaptcha from the following URL: https://accounts.google.com/b/0/DisplayUnlockCaptcha

Probably because Gmail might have viewed the logins received from PHP file lying in hosting server as untrusted requests. This is because the hosting servers may reside in different places or countries and the login authentication request received would appear different other than the one from where the Gmail account is logged in frequently. So as a security measure, it would have use some captcha mechanism in the background (which which cannot be viewed)