Since newrisedesigns called me a professional, I feel compelled to respond. :)

Without the -T flag, there's also the possibility that someone may try to cause a denial of service. It's fairly unlikely that anyone could exploit a buffer overflow (especially in qmail), but certain other mail servers can't handle a long subject line appropriately.

If I were really paranoid, I'd log information on who is using this -- remote host, remote IP address, and so forth. That way, you can see who's attempting to send spam through your servers. As it is, you only have your server logs to see who's hitting you repeatedly.

This may sound awfully paranoid, but you really ought to remember rule #1: spammers cheat.