Slide 17 of 21
Notes:
Many hacks in the past have relied upon weaknesses of sendmail, that allowed powerful shell commands to be exploited. the sendmail restricted shell, smrsh, was devised to limit the potential for damage.
The relevant page at CERT still seems to advocate the use of smrsh. However, other informants have suggested that the latest versions of sendmail are no longer fundamentally vulnerable, and that smrsh is no longer needed. I am unsure of the rights and wrongs of this at present.