48.2.7.3. Mail-only Users
To help prevent local user exploits on the Sendmail server, it is best for mail users to only access the Sendmail server using an email program. Shell accounts on the mail server should not be allowed and all user shells in the
/etc/passwd
file should be set to /sbin/nologin
(with the possible exception of the root user).