Hi,
sendmail needs to start running as root, so it can bind to port 25. Unprivileged users cannot open ports bellow 1025.
After that whenever a smtp connection is done, it's processed by a child running as the user specified with the RunAsUser option. You can read
this, that explains everything
Regards