CheckIPIsAllowed "FROM" along with "Return-Path"

[matveynator]

X-Real-To: <matvey@copters.ru>
Return-Path: <admin@maqratech.com>
Received: from [127.0.0.1] (HELO localhost)
  by mail.zabiyaka.net (Zabiyaka Mailer SMTP 0.0.95)
  with ESMTPS id 1844434 for matvey@copters.ru; Fri, 21 Feb 2020 08:32:21 +0300
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=copters.ru;
     s=x; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date:
    Subject:To:From:Reply-To:Sender:Cc:Content-ID:Content-Description:Resent-Date
    :Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:
    References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:
    List-Owner:List-Archive; bh=JswTCU6GKgpPZfxZHWIqd8AehIgR71Xa+TbaHJ9uV9g=; b=O
    MZqNh+7znjK4TcGNAGqo0w992IPOMlw4zBZ6NgNsYO6P1Y4DR4lzNRx1v598UCsOZjEVXbQjSZkxp
    +xY3mc9EELoBF7lq+oveW62gxSBwtGajdmqpS14+NBKm9aHyCwD+JvozImn135VdZOb5flekX1HPf
    42I32y+XBYUGhp74=;
Received: from 141.22.96.58.static.exetel.com.au ([58.96.22.141] helo=maqratech.com)
    by host.maqratech.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
    (Exim 4.92.3)
    (envelope-from <admin@maqratech.com>)
    id 1j4q5y-0003Mx-B3
    for matvey@copters.ru; Fri, 21 Feb 2020 00:58:42 +0700
Reply-To: matvey@copters.ru
From: matvey@copters.ru
To: matvey@copters.ru
Subject: Your devices have been hacked! including this account: matvey@copters.ru
Date: 21 Feb 2020 05:16:12 +1100
Message-ID: <20200221051611.A7463D1F637BA6D0@copters.ru>
MIME-Version: 1.0
Content-Type: text/plain;
    charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hi, stranger!

I hacked your device, because I sent you this message from your account.
If you have already changed your password, my malware will be intercepts it=
 every time.

You may not know me, and you are most likely wondering why you are receivin=
g this email, right?
In fact, I posted a malicious program on adults (pornography) of some websi=
tes, and you know that you visited these websites to enjoy
(you know what I mean).

While you were watching video clips,
my trojan started working as a RDP (remote desktop) with a keylogger that g=
ave me access to your screen as well as a webcam.

Immediately after this, my program gathered all your contacts from messenge=
r, social networks, and also by e-mail.

What I've done?
I made a double screen video.
The first part shows the video you watched (you have good taste, yes ... bu=
t strange for me and other normal people),
and the second part shows the recording of your webcam.

What should you do?

Well, I think $750 (USD dollars) is a fair price for our little secret.
You will make a bitcoin payment (if you don't know, look for "how to buy bi=
tcoins" on Google).

BTC Address: 1DxHp8B96ZC6o48UByifrZVEeSnFBZJPH7
(This is CASE sensitive, please copy and paste it)

Remarks:
You have 2 days (48 hours) to pay. (I have a special code, and at the momen=
t I know that you have read this email).

If I don't get bitcoins, I will send your video to all your contacts, inclu=
ding family members, colleagues, etc.
However, if I am paid, I will immediately destroy the video, and my trojan =
will be destruct someself.

If you want to get proof, answer "Yes!" and resend this letter to youself.
And I will definitely send your video to your any 19 contacts.

This is a non-negotiable offer, so please do not waste my personal and othe=
r people's time by replying to this email.

Bye!

[matveynator]

Fixed

[matveynator]

fixed this "hacker" feature