ERPNext v16 SMTP with Brevo returns 502 Please authenticate first

AHBT · April 19, 2026, 8:01pm

Hi,

This does not seem to be a simple configuration issue. The SMTP host, port, TLS settings, domain verification, SPF, and DKIM are all correctly configured.

We were also able to connect to the Brevo SMTP server manually from inside the Docker container and successfully send an email from the terminal. This confirms that the SMTP server, credentials, and network connectivity are working as expected.

Because of that, the issue seems to be related to how Frappe handles SMTP authentication with Brevo, rather than a basic SMTP or DNS configuration problem.

Has anyone successfully configured Brevo SMTP with ERPNext / Frappe v16?

Thanks.

AHBT · May 5, 2026, 9:00am

Hi, any update on this issue?

We’ve done additional debugging and can confirm the problem is still reproducible on the latest versions:

Frappe: 16.17.2

ERPNext: 16.16.0

Current Findings

SMTP credentials are correct

TLS connection is established successfully

Authentication appears successful from the client perspective

However, Brevo rejects the MAIL FROM command with:
502 5.7.0 Please authenticate first
Key Observation

When using Python smtplib manually:

Default server.login() → FAIL (same issue as Frappe)

Forcing AUTH LOGIN explicitly → WORKS
server.auth("LOGIN", server.auth_login)
This confirms that:

Brevo requires explicit AUTH LOGIN negotiation, and automatic method selection (e.g. CRAM-MD5) is not compatible in this case.

Conclusion

Frappe’s SMTP wrapper does not allow enforcing the authentication mechanism, which leads to incompatibility with providers like Brevo.

Request

Is there any way to force AUTH LOGIN in Frappe’s SMTP client?

Or is there any planned fix / workaround for this?

This issue affects transactional email delivery and is critical for production use.

Thanks.

corentin · May 5, 2026, 12:46pm

You should add smtp_no_ehlo_after_auth: true to your Site Config.

github.com/frappe/frappe

fix(SMTP): config to disable EHLO after AUTH

develop ← s-aga-r:fix-66079

opened 06:02AM - 23 Apr 26 UTC

s-aga-r

+2 -1

EHLO before AUTH: ```py { "smtputf8": "", "size": "104857600", … "requiretls": "", "pipelining": "", "no-soliciting": "", "enhancedstatuscodes": "", "chunking": "", "binarymime": "", "auth": " PLAIN LOGIN XOAUTH2 OAUTHBEARER", "8bitmime": "", } ``` EHLO after AUTH: ```py { "vrfy": "", "expn": "", "smtputf8": "", "size": "104857600", "requiretls": "", "pipelining": "", "no-soliciting": "", "mt-priority": "MIXER", "futurerelease": "604800 1777527456", "enhancedstatuscodes": "", "dsn": "", "deliverby": "1296000", "chunking": "", "binarymime": "", "8bitmime": "", } ``` ESMTP capabilities can differ before and after AUTH. Some servers reset the session when EHLO is reissued, and there’s no reliable way to predict this behaviour. Additionally, certain providers (e.g., Brevo) do not allow re-AUTH after EHLO at all. Since major providers like Gmail, Outlook, and Yahoo support reissuing EHLO, removing it entirely isn’t a viable option. However, we can make this behaviour configurable (`smtp_no_ehlo_after_auth` = 1, defaults to 0). related: https://github.com/frappe/frappe/pull/36988

AHBT · May 5, 2026, 1:00pm

Foruma şunu yaz:

We had the same issue with Brevo SMTP on Frappe 16.17.2 (Docker deployment).

Solution: The fix is already included in v16.17.0+ but the setting is not available in the UI. You need to apply it via CLI:

bash

bench --site your-site.com set-config smtp_no_ehlo_after_auth 1
bench --site your-site.com clear-cache

For Docker deployments:

bash

docker exec -u frappe your-backend-container bench --site your-site.com set-config smtp_no_ehlo_after_auth 1
docker exec -u frappe your-backend-container bench --site your-site.com clear-cache

After this, Brevo SMTP works perfectly. No need to patch any source code.

Note: This setting is not exposed in System Settings or Email Account UI — it only exists in site_config.json. It would be helpful if it was added to the Email Account form.