Are you sure sendmail is not running?
Code:
ps -ef | grep sendmail
the user is for sendmail
Code:
grep smmsp /etc/passwd
check the sendmail file in cron.d to see what time it runs, and match it with the log file you posted earlier.
Look in the php5 file and do the same thing, match up the time it runs with your auth.log file.
Look in /etc/pam.d to see if anything there looks unusual.
If you can't find a legitimate program/user running from cron.d then I would run a system scan for a root kit.
http://www.chkrootkit.org/
Check that your firewall is well secured. I've seen root kits that use cron to send home information.