auditing procmail?

Anybody have any good ideas on what should happen for auditing and loginuid when Sendmail invokes procmail as a delivery agent, and we're running essentially arbitrary code as the user from their .procmailrc? My gut feeling is that this *should* act just like a cron job for auditing purposes, but the sendmail/procmail interface isn't in the least PAM-ified, so we can't just toss in a 'session required pam_audit.so'...