For whatever reason, `;for #{rand_text_alpha(1)} in #{iter};do read;done;sh;exit 0;` causes an issue with the payload triggering.
Editing `do read` to `do read r`, as taken from the PoC script at https://www.exploit-db.com/exploits/48051, causes the `MAIL_FROM` field to exceed 64 characters.
However, this seems to make 0 difference to the payload, so I commented out the length check.
Reliably working on OpenSMTPd 6.6.0 on an Ubuntu 20.04 host.
zomfg-zombie
364591069c