How can we improve WHMCS?

Share, discuss and vote for what you would like to see added to WHMCS

Need better control for bounce message in ticket system

Most of the WHMCS users allow submitting ticket to "Registered" clients only and rest of the emails are bounced. Also, when users submit a ticket, he/she receives automatic email for the ticket. But when not-register user or spammers submit a ticket from non-existence email address, it generates continuous loop between our server and recipient server stating that "support ticket not opened" and this creates huge logs in "Ticket Mail import logs"

As of WHMCS 5.2, I could see that outgoing tickets are also logged in "Activity logs" and this make WHMCS database larger.

If you can add a system which can block such thing it would be great.



Login to post a comment.

Hello, please allow to customize the Return-Path header.
I would recommend you to use for email validation. They are the most secure email validation system you can find.

Here is the link where you can find them
WHMCS automatically blocks email loops such as these when 10 emails are received from the same address within a 15 minute period. You can reduce this tolerance further under Setup > General Settings > Support tab > Ticket Reply Email Limit:
Do let me know whether that does the trick for you.
Yes, sometimes we found hundreds of emails generated because of only one spam message which comes to our support department email.
Even if we can send bounces elsewhere so they're not captured by WHMCS ticketing, that would be a great first step. This could be done *very* easily by WHMCS by allowing us to set the return-path header from within WHMCS.

If you're using the PHP mail() function to send you should be able to set this from the following file:


Just look for the line public $ReturnPath = ''; and set it to the email address of your choice.

But if you're using SMTP instead, then you can't set it! The class.smtp.php file does not have such an option probably since the class itself doesn't build the email when sending mail this way.
There is a system I found online that allows you to insert an email address and check if it is valid or not.

Basically it connects to the email server and asks if the email is valid. The server responds with a code and message stating whether it exists or not.

Perhaps this method could be implemented into WHMCS, or the API option could be added, so we can help block this spam.
I have the same issue.

In the past I had used spam ticket controls to block messages from mailer-daemon and other similar bounce addresses / subjects. The problem with doing this is that we don't know when a bounce has occurred and thusly we can't tell if a recipient has actually received the message or not.

The best solution to this would be to capture the bounce message, match it to a ticket (hopefully by headers or message content) and display a notification either on the ticket or the particular ticket response that bounced which indicates there was a problem with delivery of the message. Include a link to the actual bounce error / message text for troubleshooting purposes and we'd be all set.

Yes, I found this thread looking for a solution to the same problem with spam and bounce messages.
This needs to address as soon as possible. We have now 2.2 Million records in "Activity logs" due to this.

Spammer sends an email to our system from fake email address -> our system sends an email to fake email address stating support ticket not ope -> Fake email address does not exist hence recipient server generate bounce -> Our system tries to send an email again for that bounce email -> Again recipient server sends bounce... All those activities are recorded in "Activity logs" as well as "Ticket Mail Import logs".. This is infinite loop and this can only stop if you block the from address from which you are receiving bounce email. It is not possible to monitor activity logs contentiously.