policy_module(dovecot_additional, 0.0.9)

require {
  type dovecot_deliver_exec_t;
  type dovecot_deliver_t;
  type dovecot_t;
  type mail_spool_t;
  type postfix_master_t;
  type sendmail_exec_t;
}

#optional_policy(`
#	mta_sendmail_domtrans(dovecot_deliver_t)
#')

allow dovecot_deliver_t self:process setrlimit;

mta_manage_spool(dovecot_deliver_t)
mta_sendmail_exec(dovecot_deliver_t)
allow dovecot_t mail_spool_t:file map;
allow dovecot_deliver_t mail_spool_t:file map;

allow dovecot_deliver_t postfix_master_t:unix_stream_socket connectto;

postfix_domtrans_postdrop(dovecot_deliver_t)
postfix_search_spool(dovecot_deliver_t)
postfix_read_config(dovecot_deliver_t)

allow dovecot_t mail_spool_t:dir watch;
allow dovecot_t mail_spool_t:file watch;