Cake 3.8 - SMTP Error: 503 5.5.1 Error: authentication not enabled


I have upgraded my application from 2.3 to 3.8. On this app user is supposed to be able to set up their own SMTP server (Gmail, Yahoo, custom). I’m trying to send email through an SMTP server which allows users to login without a password.

$email = new Email();
$email->configTransport('smtp', array(
'host' => $smtp_model->hostname,
'port'=> $smtp_model->portnumber,
'className' => 'Smtp',
'username'=> $this->request->data['username_email'],
//'password'=> $smtp_model->password_email,
'password'=> null,
'ssl' => true,
'tls' => null,
'client' => null,
'context' => [
			'ssl' => [
				'verify_peer' => false,
				'verify_peer_name' => false,
				'allow_self_signed' => true
			'tls' => true

When I set a password for the password property, I get a Cake error “SMTP Error: 503 5.5.1 Error: authentication not enabled”. However, when I set the password null, email DOES get sent. I’m guessing the error means the SMTP server doesn’t require a password but there’s one. I don’t understand why that returns an error. On the app with Cake 2.3 server email can be sent through the same SMTP server with the same condition (authentication with no password).

Also, when I set the host as the Gmail domain, it gets sent with the Gmail address and the password. It only fails when the password is set for the SMTP server with no password authentication.

Does anyone know how to workaround this issue?

You said that when you don’t set a password, email is sent fine. What’s the problem with just not setting a password? (Apart from how using an SMTP server that doesn’t require passwords probably means that a lot of your mail will be flagged as spam because the server is obviously a wide open relay…)

Thank you for the reply. Here’s the little background of the app. User is supposed to be able to set up their own SMTP server (Gmail, Yahoo, and custom). So not setting a password isn’t option in this case. It should handle SMTP servers w/ or w/o passwords.

So, your code isn’t what’s shown here, but uses variables read from the database? And what you have works if you provide an actual password, or if the password field is left out entirely, but not if the password field is blank? What if the password field is false or null in you call?

You’re right. It sets a variable as a password so I have fixed my code in the question. It sends emails through an SMTP server with user input or variables from the database. Here’s the current situation down below.

Works: password field set as null or password field is commented out
Doesn’t Work: password field is set with an actual password or an empty string

Although it work in those conditions, I still get warning "Warning (2): stream_context_create(): options should have the form [“wrappername”][“optionname”] = $value [APP/vendor/cakephp/cakephp/src/Network/Socket.php, line 154]
" after email gets sent, it could not be related to this SMTP issue.

So, use 'password'=> $smtp_model->password_email ?: null. This will use the provided password if it’s not empty, or null if it is.

That could be a solution if user don’t put in a password when they’re aware that their SMPT server doesn’t require a password. Otherwise, they put in their password (like their email password) and the email fails to send. In Cake 2.3, emails get sent under such situation, so if current user who have set up their SMTP with a password even though they don’t need it will get the error when they send emails because the app uses the password stored in the database after the Cake upgrade.

I guess you could look at the differences between the SMTP transport in 2.3 vs 3.8. It should be a very small block of code that sends the HELO and looks at the server response. Without looking, I’d guess that maybe 2.3 wasn’t even bothering to check that response and ran into errors (if any) at a later time, while 3.8 checks more rigorously in order to better report the problem? So if the server is responding with an error about authentication, 2.3 would just blindly carry on and it would work fine in these situations, where 3.8 says “Hey, this isn’t right…”.

Yeah, that’s probably the case. I might check the SMTP transport but the worst-case scenario I would have to show an error message to tell user know they need to set up the SMTP without a password. sigh Thank you for the help tho!

Well, if you can find what’s going wrong, there’s nothing stopping you from extending the stock transport into a custom one that omits that bit.

1 Like

So, I’m trying to catch the error when user put in a password. However, the page goes straight to the Cake error page " SMTP Error: 503 5.5.1 Error: authentication not enabled" so I can’t catch the error like below.

$result = $email->send();

Do you know how to get the error before it shows the error page?

It’s presumably throwing an exception that you’ll need to catch.

1 Like