diff --git a/internal/auth/smtp/provider.go b/internal/auth/smtp/provider.go
index 86c8a6da0..547403192 100644
--- a/internal/auth/smtp/provider.go
+++ b/internal/auth/smtp/provider.go
@@ -66,8 +66,9 @@ func (p *Provider) Authenticate(login, password string) (*auth.ExternalAccount,
 
 		// Check standard error format first, then fallback to the worse case.
 		tperr, ok := err.(*textproto.Error)
-		if (ok && tperr.Code == 535) ||
-			strings.Contains(err.Error(), "Username and Password not accepted") {
+		if (ok && (tperr.Code == 526 || tperr.Code == 530 || tperr.Code == 534 || tperr.Code == 535 || tperr.Code == 536)) ||
+			strings.Contains(err.Error(), "Username and Password not accepted") ||
+			strings.Contains(err.Error(), "Authentication failure") {
 			return nil, auth.ErrBadCredentials{Args: map[string]any{"login": login}}
 		}
 		return nil, err
diff --git a/internal/route/user/auth.go b/internal/route/user/auth.go
index b8a058c70..8fdeda7ae 100644
--- a/internal/route/user/auth.go
+++ b/internal/route/user/auth.go
@@ -171,9 +171,9 @@ func LoginPost(c *context.Context, f form.SignIn) {
 		case database.IsErrLoginSourceMismatch(err):
 			c.FormErr("LoginSource")
 			c.RenderWithErr(c.Tr("form.auth_source_mismatch"), LOGIN, &f)
-
 		default:
-			c.Error(err, "authenticate user")
+			c.FormErr("UserName", "Password", "LoginSource")
+			c.RenderWithErr(err.Error(), LOGIN, &f)
 		}
 		for i := range loginSources {
 			if loginSources[i].IsDefault {