Resolving Microsoft 365 Email Sending Errors: 535 5.7.3 and 5.7.57

Encountering errors 535 5.7.3 "Authentication unsuccessful" or 5.7.57 "Client not authenticated to send mail" when sending emails through Microsoft 365 indicates a problem with the authentication process. This guide outlines common causes and provides steps to resolve these issues.

Common Causes and Solutions:

1. Incorrect SMTP Configuration:

Verify that your Simple Mail Transfer Protocol (SMTP) settings are accurately configured in your email client or application. The standard settings for Microsoft 365 are:

  • SMTP Server: smtp.office365.com
  • Port: 587 (recommended for TLS) or 25
  • Encryption Method: STARTTLS

2. Invalid Credentials:

Ensure the email address and password you are using for authentication are correct. Double-check for any typographical errors and confirm that the mailbox is active and not blocked.

3. SMTP AUTH Disabled for the Mailbox:

SMTP client submission (SMTP AUTH) might be disabled for the specific mailbox you are trying to send from.

  • Using Microsoft 365 Admin Center:
    1. Sign in to the Microsoft 365 admin center.
    2. Navigate to Users > Active users.
    3. Select the affected user.
    4. Click on the Mail tab.
    5. Under Email apps, ensure that the option Authenticated SMTP is enabled.
  • Using Exchange Online PowerShell:
    1. Connect to Exchange Online PowerShell.
    2. Run the following command to check the status of SMTP AUTH for a mailbox, replacing <EmailAddress> with the user's email address:
      Get-CASMailbox -Identity <EmailAddress> | Format-List SmtpClientAuthenticationDisabled
    3. If the output shows SmtpClientAuthenticationDisabled : True, run the following command to enable it:
      Set-CASMailbox -Identity <EmailAddress> -SmtpClientAuthenticationDisabled $false

4. Multi-Factor Authentication (MFA) Enabled:

If Multi-Factor Authentication is enabled on the account, it can interfere with applications attempting to authenticate using basic authentication. Consider using an app password specifically for the application or, if appropriate and aligned with your security policies, temporarily disabling MFA for the mailbox for testing.

  • Disabling MFA (Use with Caution):
    1. In the Microsoft 365 admin center, go to Users > Active users.
    2. On the Active users page, click on Multi-Factor Authentication at the top.
    3. On the multi-factor authentication status page, select the user and choose to disable their Multi-Factor Authentication status.

5. Azure Security Defaults Enabled:

Azure Security Defaults can block legacy authentication methods, which might include the method your application uses for SMTP.

  • Disabling Security Defaults (Use with Caution):
    1. Sign in to the Azure portal with a Security administrator, Conditional Access administrator, or Global administrator account.
    2. Browse to Microsoft Entra ID > Properties.
    3. Select Manage security defaults.
    4. Set the Enable security defaults toggle to No.
    5. Click Save.

6. Conditional Access Policy Blocking Legacy Authentication:

A Conditional Access policy in Azure AD might be configured to block legacy authentication for your users, impacting SMTP.

  • Excluding a User from a Conditional Access Policy:
    1. Sign in to the Azure portal with a Security administrator, Conditional Access administrator, or Global administrator account.
    2. Browse to Microsoft Entra ID > Security > Conditional Access.
    3. Identify the policy that is blocking legacy authentication.
    4. Under Assignments, go to Users and groups > Exclude.
    5. Add the affected user to the exclusion list.
    6. Click Save.

Creating a Conditional Access Policy to Block Legacy Authentication (for secure environments):

If you need to block legacy authentication for most users but allow it for specific service accounts or applications, you can create a targeted Conditional Access policy.

  1. Sign in to the Microsoft Entra admin center as a Conditional Access Administrator.
  2. Navigate to Protection > Conditional Access > Policies.
  3. Click New policy and give it a descriptive name.
  4. Under Assignments, select Users or workload identities. In the Include tab, select All users. In the Exclude tab, select Users and groups and choose any accounts that require legacy authentication (e.g., administrative accounts for break-glass scenarios).
  5. For Target resources, under Cloud apps, select Include and choose All cloud apps.
  6. In Conditions, set Client apps to Yes. Check Exchange ActiveSync clients and Other clients, then click Done.
  7. Under Access controls, choose Grant and select Block access, then click Select.
  8. Set Enable policy to Report-only initially to test the impact without enforcing it. Click Create.
  9. After verifying the policy's impact in report-only mode, navigate to the created policy and change Enable policy from Report-only to On to activate it.

By systematically checking these common causes and applying the corresponding resolutions, you can effectively troubleshoot and resolve the 535 5.7.3 and 5.7.57 authentication errors when sending emails through Microsoft 365. Ensuring accurate credentials, correct email client configuration, and appropriate server and security settings are fundamental to resolving these authentication-related issues.

For more information: Fix issues with printers, scanners, and LOB apps that send email using Microsoft 365

Comments

Post a Comment

Popular posts from this blog

Microsoft 365 Office Update Channels: A Complete Guide

Selecting the appropriate update channel for Microsoft 365 Office applications is crucial for balancing feature availability, system stability, and organizational requirements. Microsoft offers multiple update channels, each catering to different business needs—from early access to new features to long-term stability with minimal disruptions. Microsoft 365 Office Update Channels Overview 1. Beta Channel (Code: BetaChannel) Description:  Offers the earliest access to upcoming features, updates, and bug fixes. Best For:  Users who want to preview and test the latest innovations and provide feedback to Microsoft. Formerly Known As:  Insider, Insider Fast, Monthly. 2. Current Channel (Preview) (Code: CurrentPreview) Description:  Receives feature updates about a month before they reach the Current Channel, with reduced risk compared to the Beta Channel. Best For:  Organizations that want early access to updates...
Read more

Unveiling Primary Mailbox Statistics

Keep your Microsoft Exchange environment running smoothly with these simple PowerShell commands. Primary Mailbox Insights Want to know how much space primary mailboxes are using? This single command gives you a clear picture of storage status, item count, and total size: PowerShell Command Get-Mailbox -ResultSize Unlimited | Get-MailboxStatistics | Select DisplayName, StorageLimitStatus , @{ Name = " TotalItemSize (MB) "; Expression = { [math]::Round(($_.TotalItemSize.ToString().Split("(")[1].Split(" ")[0].Replace(",", "") / 1MB), 2) }}, ItemCount | Sort " TotalItemSize (MB) " -Descending | Export-CSV " C:\temp\All Mailboxes.csv " -NoTypeInformation This command does all the heavy lifting: It fetches all user mailboxes fast. It gathers essential stats like size and item count. It converts sizes to MB for easy reading. It sorts mailboxes from largest to sma...
Read more

Manage DL Members in OWA Without Allowing DL Creation – A Practical Solution

Today, I'd like to share a real-world workaround that solves a common issue in Microsoft 365: giving users the ability to manage Distribution List (DL) members through Outlook on the Web (OWA) without giving them permission to create or delete DLs. This is a frequent request for organizations focused on strict governance and efficient delegation. The Challenge A client recently encountered a problem where a user was unable to manage Distribution Group (DG) members via OWA. After some investigation, we discovered that the MyDistributionGroups role was not included in their role assignment policy. While enabling this role would solve the immediate issue, it comes with a significant drawback: it also grants the user the ability to create and delete DLs. For organizations with strict governance policies or those that prefer centralized DL creation, this isn't an ideal scenario. The Goal Our objective was clear: Allow users to manage existing Dist...
Read more