535 5.7.139 Authentication unsuccessful

Question

We are receiving the following error using the Office 365 SMTP server to send mails:

535 5.7.139 Authentication unsuccessful, the request did not meet the criteria to be authenticated successfully.

Same issue with MFA (+ App password) and without MFA. Authenticated SMTP is activated for the used account. Unfortunately the provided error message is a bit vague.

Request options:

host: 'smtp.office365.com',

port: 587,

auth: {

user: USER,

pass: PASS

}

optional additional tries included specific TLS config (requireTLS: true, tls: { ciphers: 'SSLv3' }) which also resulted in the same error message.

Authentication data is correct as changing them shows a different authentication error (535 5.7.139 Authentication unsuccessful, the user credentials were incorrect).

Using the given domain XXXX.mail.protection.outlook.com (port 25) is not constant as some IPs are blacklisted so this is not an option.

Any information what this error means and what it causes would be appreciated since we can only find recent unanswered information about this error.

Thanks in advance

Answer 1

Hi Maurice

Greetings

Thank you for posting in Microsoft Community.

Generally SMTP authentication does not work well in an environment were MFA is enabled , this could be happening because of that. Kindly refer to the article How to set up a multifunction device or application to send email using Microsoft 365 or Office 365 | Microsoft Docs to view the requirements and limitations of smtp.

Sometimes even after disabling MFA it may still prompt for a code for the user, this could be due to Conditional Access policy that may have been set, that being said kindly try the following:

1. In the Azure portal, on the left navigation bar, click Azure Active Directory
2. On the Azure Active Directory page, in the Security section, click Conditional Access.
3. Go to  Microsoft Azure , sign in with a global admin account
4. On the Conditional Access page, check the policies and modify them,

Once this is done, test to see if the error still appears.

Looking forward to hearing from you.

Regards,

Momo

Answer 2

I am having the same issue with my python application, which was working very well before I enabled the managed security default. Then I started having this >>> (535, b'5.7.139 Authentication unsuccessful, the request did not meet the criteria to be authenticated successfully. Contact your administrator. [AS8P251CA0009.EURP251.PROD.OUTLOOK.COM]') <<< error on my application.

I have disabled the Managed security default and removed MFA for the sender account, but the issue persists.

What can I do?

Answer 3

Hi Maurice

Thanks for the update!''

Glad to hear your issue was resolved.

Thanks,

Momo

Answer 4

Hi Maurice

Thanks for the update.

Kindly confirm if you have any authentication policy set for smtp permissions? If not you can create a new one and assign it to the affected user to see if this helps resolve the issue.  For further details you may refer to https://docs.microsoft.com/en-us/powershell/module/exchange/set-authenticationpolicy?view=exchange-ps

But before doing so your Powershell must be connected to Exchange and this can be carried out by an admin to connect kindly follow the instructions in Connect to Exchange Online PowerShell | Microsoft Docs

Looking forward to hearing from you.

Regards,

Momo.

Answer 5

Hello Momo,

Thank you for your quick reply!

We started off without using MFA at first and activated it later on to use app passwords as the Non-MFA request had failed and we thought that the weak authentication without MFA could have been the reason.

I will deactivate MFA again as you say that it might introduce more problems than it solves in this case.

We will check the policies later on and keep you up to date. Thanks for your help!

Kind regards,

Maurice