That has been fixed in Debian quite a while back
https://www.debian.org/security/2018/dsa-4110
I remember updating after seeing the Bugtraq posting.
This time El Reg is a bit late to the party, everyone has gone home already to sober up.
Additionally, the article is incorrect. Reading the POC exploit you need to have AUTH enabled. While you do not need to AUTH successfully, the server in question should be set to authenticate users. That somewhat limits the scope as "pure" mail relays would not be affected.