>Otherwise, the script can just send mail directly As far as my experience goes, abusive scripts depend on the local MTA to relay abusive mail. They would need to crack two hosts instead of a single one to route bad mail.
Maybe I should ask another question: is sendmail the ONLY way for a local script (be it any kind of script: PHP or otherwise) to queue a mail for delivery? Since my days of C are long gone, and if sendmail is the single gateway to the Postfix queue for local scripts, creating a robust shim could make sense.
