From Debian package 0.2.20091117-2

Allow postfix to connect to mysql, and postfix pipe to run generic bin files.

Index: policy/modules/services/postfix.te
===================================================================
--- policy/modules/services/postfix.te.orig
+++ policy/modules/services/postfix.te
@@ -203,6 +203,8 @@
 
 optional_policy(`
 	mysql_stream_connect(postfix_master_t)
+	mysql_stream_connect(postfix_smtpd_t)
+	mysql_stream_connect(postfix_cleanup_t)
 ')
 
 optional_policy(`
@@ -235,7 +237,8 @@
 
 # for milters - may be a bug in postfix
 allow postfix_cleanup_t postfix_smtpd_t:fd use;
-allow postfix_cleanup_t postfix_smtpd_t:unix_stream_socket { getattr read write };
+allow postfix_cleanup_t postfix_smtpd_t:unix_stream_socket { getattr read write shutdown };
+allow postfix_cleanup_t postfix_smtpd_t:tcp_socket { read write getattr getopt };
 
 ########################################
 #
@@ -412,6 +415,8 @@
 	dovecot_domtrans_deliver(postfix_pipe_t)
 ')
 
+corecmd_exec_bin(postfix_pipe_t)
+
 optional_policy(`
 	procmail_domtrans(postfix_pipe_t)
 ')