Ordinarily, sendmail prohibits a user from running programs from inside a ~/.forward file unless that user also has a valid login shell. This restriction is in place to prevent the typical user from running any arbitrary program on a main mail server. Some sites prefer to allow users to run arbitrary programs despite the restriction about logging into the mail server. At such sites, one can bypass this restriction by placing the following special string in the /etc/shells file:

/SENDMAIL/ANY/SHELL/

If, for some reason, you need to use a different string, you can do so by redefining WILDCARD_SHELL in sendmail/conf.c.

If you enable arbitrary programs you should also implement the sendmail restricted shell smrsh. (See Section 5.8 for a full description of smrsh.)