I’ve this working on many devices for years now and all of a sudden I get the error:
Error sending e-mail <355hEX UP to 192.168.0.11>: AUTH failed
Config is:
/tool e-mail
set from=xxxx@yyy.com port=465 server=smtp.gmail.com tls=yes user=xxxx@yyyyy.com
I’ve searched previous posts and see there are various solutions recommended including: 2FA solution, “apps password”, port 587, and a starttls. None work.
I’ve changed nothing on my google account (I know that doesn’t mean google itself hasn’t changed anything).
Did you upgrade the router at some point? What version is this happening on?
If this was all working and you have not changed version, you may want to check the “app password” specifically in your Google account and confirm it still enabled/not expired/etc.
smtp.gmail.com is what’s documented. Given the AUTH failure, that would indicate you do have the right DNS SMTP server addresss.
Don’t post it here, but you might want to confirm all the settings using “/tool/export show-sensative”, specifically that a app password, not a google account password, is used. I’m not sure Google even allows anything other than using “app password”, see https://support.google.com/mail/answer/185833?sjid=6607353296864475223-NC on how to set it up.
Just to add to what’s already been said: Google has become much stricter to prevent spam and abuse. An AUTH failure might not only mean wrong credentials. It can also happen if the sender is not authorised to send on behalf of the domain used in the “MAIL FROM:” during SMTP. Make sure the sending IP is included in the domain’s SPF record. Also check that DKIM is set up correctly and that DMARC is not rejecting your messages due to misalignment.
And yeah, for Gmail, using an app password is typically required nowadays, especially if the device or app isn’t able to trigger a single sign-on (SSO) authentication flow.
It is much better for security, because the APP PW cannot be used to log into to your gmail/google account (if it leaks somehow out of your router config). If leaked or not used anymore, it can be changed or revoked without changing your google/gmail login.
Just a quick follow-up to clarify: A Google app password usually works fine out of the box for regular Gmail addresses (like xxxxx@gmail.com). But if you’re sending from a custom domain (like xxxx@yyyyy.com), it won’t work unless a proper SPF record is set up for that domain.
If you’re sending on behalf of “@.com” from a new IP address that isn’t part of Google Workspace’s infrastructure, you’ll need to manually add that IP address to your domain’s SPF record. Otherwise, Google (and other receivers) may reject or flag the message as unauthorised.
For example, if you’re also sending e-mail from IP address 198.51.100.25, you should update the SPF record to look something like this:
Alternatively, instead of specifying an IP address directly, you can use a domain name that resolves to the correct IP (via an A or CNAME record), such as “mailsender.myowndomain.com”. In that case, your SPF record might look like this:
Make sure not to duplicate it, just update the existing one accordingly. Also, depending on the TTL (Time To Live in seconds) of the DNS TXT record, it may take some time before changes propagate across DNS resolvers. .
That’s a great explanation of how this works – thank you.
I have been using my regular google email account username and password for all ROS e-mail configurations and it works perfectly. The problems just very recently started and only at 1 or 2 sites.
Are you saying that we have the option of (1) updating or adding another SPF record for where emails will be sent from, or (2) using an app password?
Hard to say exactly what’s going wrong, but an easy way to troubleshoot is to run “/system telnet” from a router that’s having issues. This guide shows how to Testing SMTP using Telnet.
It’ll let you see where the SMTP process is failing and should give you a proper error message in plain text than just “AUTH failed”.
I’ve have the same problem and after hours of looking around I found the solution:
In your email account settings (Gmail) go to:
Security> enable 2 steps verification> enter to 2 steps verification
At the bottom you will have “create application password” option, you enter and create a password, use that in the MK as the password account and that’s it
I’ve have the same problem and after hours of looking around I found the solution:
Funny how people just do not read instructions: https://support.google.com/mail/answer/185833?hl=en
Google’s support page clearly indicates how it works and what to do. It also clearly states 2f authentication is required.