The solution is not to remove -T, but to fix $ENV{PATH} (and possibly others) before using system, exec, etc (which the sendmail modules use to call sendmail).
From perldiag:
Insecure $ENV{%s} while running %s
(F) You can't use system(), exec(), or a piped open in a setuid or
setgid script if any of $ENV{PATH}, $ENV{IFS}, $ENV{CDPATH},
$ENV{ENV}, $ENV{BASH_ENV} or $ENV{TERM} are derived from data
supplied (or potentially supplied) by the user. The script must set
the path to a known value, using trustworthy data. See perlsec.
| [reply] [d/l] [select] |
| [reply] |
PATH={trustworthy:path} sendmail_script <ARGS>
| [reply] [d/l] |