i'm not sure this is a complete fix, but what i did was to add setuid(getuid()) in the routine sendmail() just before it exec's delivermail. i think the problem is an interaction between /bin/mail being setuid root and delivermail not knowing that the uid it is being exec'd with came from a program that was setuid.