Title: sendmail nonroot
Subject: Don't run sendmail as root:
 chown root.mail /usr/sbin/sendmail
 chmod 2755 /usr/sbin/sendmail
 chown mail.mail /var/spool/mqueue
 chmod 770  /var/spool/mqueue
 ls -ld /usr/sbin/sendmail /var/spool/mqueue
	-rwxr-sr-x   1 root     mail       238232 Sep 20 00:29 /usr/sbin/sendmail
	drwxrwx---   2 mail     mail         1024 Nov 20 10:45 /var/spool/mqueue
 ls -l /usr/bin/procmail
	-rwsr-sr-x   1 root     mail        59385 Jan 18  1996 /usr/bin/procmail



To keep the spool from backing up from mail servers that cannot be found, one should run sendmail from cron to process the spool.
Cron job for sendmail cleanup:
#!/bin/sh PIDFILE="/var/run/$(basename $0)"
if [ -f "$PIDFILE"  ]; then
  exit 0
fi
cleanup() { rm -f $PIDFILE }
echo $$ > $PIDFILE; chmod 644 $PIDFILE
trap "cleanup" 15
cd /var/spool/mqueue && chmod --silent 600 * && chown root.root *
/usr/sbin/sendmail -q
cleanup