This Metasploit module exploits a command injection vulnerability against Dovecot with Exim using the "use_shell" option. It uses the sender's address to inject arbitrary commands since this is one of the user-controlled variables, which has been successfully tested on Debian Squeeze using the default Exim4 with dovecot-common packages.
d72b6de0ba7eaf73295bab2780dde4862dd95a6711d35c8ea50c93c6aad58c90