Fix Net::SMTPAuthenticationError: 535 5.7.8 Authentication credentials invalid in Rails
This error means Rails cannot authenticate with your SMTP server using the provided credentials. The username or password is incorrect, or the SMTP server requires an app-specific password or OAuth2 token. Verify your SMTP settings in config/environments and use Rails credentials to store sensitive values securely.
Reading the Stack Trace
Here's what each line means:
- net/smtp.rb:995:in `check_auth_response': Ruby's Net::SMTP library received a 535 authentication failure from the mail server.
- mail (2.8.1) lib/mail/network/delivery_methods/smtp.rb:112:in `deliver!': The Mail gem is attempting to deliver the email via SMTP when authentication fails.
- app/controllers/users_controller.rb:22:in `create': The user creation action triggers a welcome email that fails to send.
Common Causes
1. Wrong SMTP credentials
The email password in the configuration is incorrect or has been changed.
# config/environments/production.rb
config.action_mailer.smtp_settings = {
address: 'smtp.gmail.com',
port: 587,
user_name: 'myapp@gmail.com',
password: 'old_password', # Expired or wrong password
authentication: 'plain'
}2. Missing app-specific password
Gmail requires app-specific passwords when 2FA is enabled, but a regular password is used.
config.action_mailer.smtp_settings = {
address: 'smtp.gmail.com',
port: 587,
user_name: 'myapp@gmail.com',
password: 'regular_gmail_password', # Need app password with 2FA
authentication: 'plain'
}3. Credentials hardcoded instead of using Rails credentials
SMTP credentials are stored in plain text in environment config files.
# config/environments/production.rb
config.action_mailer.smtp_settings = {
password: 'plaintext_password' # Insecure and prone to rotation issues
}The Fix
Store SMTP credentials in Rails encrypted credentials instead of hardcoding them. Use rails credentials:edit to set smtp.user_name and smtp.password. Generate an app-specific password if using Gmail with 2FA.
config.action_mailer.smtp_settings = {
address: 'smtp.gmail.com',
port: 587,
user_name: 'myapp@gmail.com',
password: 'old_password',
authentication: 'plain'
}config.action_mailer.smtp_settings = {
address: 'smtp.gmail.com',
port: 587,
user_name: Rails.application.credentials.dig(:smtp, :user_name),
password: Rails.application.credentials.dig(:smtp, :password),
authentication: 'plain',
enable_starttls_auto: true
}Testing the Fix
require 'rails_helper'
RSpec.describe UserMailer, type: :mailer do
describe '#welcome_email' do
let(:user) { create(:user, email: 'test@example.com') }
let(:mail) { UserMailer.welcome_email(user) }
it 'renders the headers' do
expect(mail.subject).to eq('Welcome to MyApp')
expect(mail.to).to eq(['test@example.com'])
end
it 'renders the body' do
expect(mail.body.encoded).to include('Welcome')
end
it 'enqueues the email' do
expect { mail.deliver_later }.to have_enqueued_job(ActionMailer::MailDeliveryJob)
end
end
endRun your tests:
bundle exec rspec spec/mailers/user_mailer_spec.rbPushing Through CI/CD
git checkout -b fix/rails-mailer-smtp-auth,git add config/environments/production.rb,git commit -m "fix: use Rails credentials for SMTP authentication",git push origin fix/rails-mailer-smtp-authYour CI config should look something like this:
name: CI
on:
pull_request:
branches: [main]
jobs:
test:
runs-on: ubuntu-latest
services:
postgres:
image: postgres:16
env:
POSTGRES_PASSWORD: postgres
ports: ['5432:5432']
steps:
- uses: actions/checkout@v4
- uses: ruby/setup-ruby@v1
with:
ruby-version: '3.3'
bundler-cache: true
- run: bin/rails db:setup
- run: bundle exec rspecThe Full Manual Process: 18 Steps
Here's every step you just went through to fix this one bug:
- Notice the error alert or see it in your monitoring tool
- Open the error dashboard and read the stack trace
- Identify the file and line number from the stack trace
- Open your IDE and navigate to the file
- Read the surrounding code to understand context
- Reproduce the error locally
- Identify the root cause
- Write the fix
- Run the test suite locally
- Fix any failing tests
- Write new tests covering the edge case
- Run the full test suite again
- Create a new git branch
- Commit and push your changes
- Open a pull request
- Wait for code review
- Merge and deploy to production
- Monitor production to confirm the error is resolved
Total time: 30-60 minutes. For one bug.
Or Let bugstack Fix It in Under 2 minutes
Every step above? bugstack does it automatically.
Step 1: Install the SDK
gem install bugstackStep 2: Initialize
require 'bugstack'
Bugstack.init(api_key: ENV['BUGSTACK_API_KEY'])Step 3: There is no step 3.
bugstack handles everything from here:
- Captures the stack trace and request context
- Pulls the relevant source files from your GitHub repo
- Analyzes the error and understands the code context
- Generates a minimal, verified fix
- Runs your existing test suite
- Pushes through your CI/CD pipeline
- Deploys to production (or opens a PR for review)
Time from error to fix deployed: Under 2 minutes.
Human involvement: zero.
Try bugstack Free →No credit card. 5-minute setup. Cancel anytime.
Deploying the Fix (Manual Path)
- Update SMTP credentials in Rails encrypted credentials.
- Verify credentials with rails runner to test SMTP connection.
- Run mailer specs.
- Open a pull request.
- Merge and verify emails send correctly from staging.
Frequently Asked Questions
BugStack runs the fix through your existing test suite, generates additional edge-case tests, and validates that no other components are affected before marking it safe to deploy.
BugStack never pushes directly to production. Every fix goes through a pull request with full CI checks, so your team can review it before merging.
Use deliver_later in production to send emails asynchronously via ActiveJob. This prevents slow SMTP connections from blocking your web requests.
Use the :letter_opener gem or set delivery_method to :test. In test mode, emails are stored in ActionMailer::Base.deliveries for inspection.