Incorrect authentication data error 220

Hi Jeff. Sorry you’re having trouble!

First, please change your password right away. The output above actually contains your username and password, believe it or not. I added a warning in the latest release of Postman that SMTP transcripts should not be posted online.

Okay, second, the obvious answer is your username and password are not correct. From the output above we can see that the SMTP server you’ve connected to, celsior.websitewelcome.com, supports ‘plain’ and ‘login’ authentication, and you have configured Postman to use ‘plain’, so nothing wrong there. But once Postman sent your username and password the server replied ‘nope’

So either:

• Your account does not exist on the server or
• You have entered your username or password incorrectly

You will probably need to open a ticket with the folks that run that SMTP server and find out why you can’t authenticate. Show them the SMTP transcript, privately ??

I hope that helps!

Thanks for the quick reply Jason. I changed the password…I didn’t realize it was in there. ?? I checked my server and the account exists and the password is correct.

I noticed an odd thing happening with the password in the manual config settings. I would set my password, save, and then test. But, when I came back to the manual settings area, I noticed that there were fewer “*”s in the password box. I didn’t change the password, but when I went to save the config settings, the browser popped a “remember password,” like I changed it. I’ve tried several times, but it does the same thing. Perhaps that’s why I’m getting this error.

It would be interesting to see what the encoded password above resolves to just to know if that’s what’s happening.

Jeff, sounds like you’ve run into this bug (from the changelog):

Fixed a bug in Sanitizer for cases where WordPress calls sanitize twice in a row – known WP bug

Please make sure you are on v1.5.4 of the plugin, and if you are, please delete the plugin and re-install. The bug above was (incorrectly) encoding the password twice, in certain situations, before saving.

You want to see what the encoded string above was? Easy:

1. Go to https://i-tools.org/base64
2. In data to process, choose Direct Input
3. Enter the string AGluZm9Ad2FibHVlcy5vcmcAcnhNRWQ= and click Decode

Hi Jason, I had the latest version of Postman, so I deactivated and deleted, then reinstalled. However, I’m still running into the issue. Since the bug seems to trim the password to 5 characters, I made the password that long and it works. Hopefully the next version of WP will fix the Sanitizer bug and I can go back to having a strong password.

I wouldn’t count on it. That bug is two years old.

Jeff, I may have been wrong about you running into that bug then. I’ve tried it here with short passwords and long passwords and they all seem okay.

There are a couple of ways to confirm what password is stored.

On line 600 of PostmanAdminController, you can change the “type” of the input field from “password” to “text” – this will show the exact password in the browser without the ******:

public function basic_auth_password_callback() {
	printf ( '<input type="password" autocomplete="off" ....

Or, without changing the source code you can inspect the generated HTML…. from your browser choose View Source. you will see something like:

<input type="password" autocomplete="off" id="input_basic_auth_password" name="postman_options[basic_auth_password]" value="ThisIsATest" class="required">

.. the password is in ‘value’

Postman does trim leading and trailing whitespace from the password you enter before saving… not that anyone would ever do that?

If you find that the password you entered is NOT the password that you type in, please let me know and I will track down the issue. You should always use strong passwords.

Let’s confirm that you’re actually on v1.5.4. When you go to the WordPress Dashboard, you should see a new widget for Postman, somewhere on the Dashboard. [screenshot]

You know what? There’s a week of changes to go out. I’ll just release v1.5.5. The password fix is definitely in there.