From Debian package 0.2.20100524-5

  * Allow spamc_t to be in system_r and allow it access to netlink_route_socket

Index: policy/modules/services/spamassassin.te
===================================================================
--- policy/modules/services/spamassassin.te.orig
+++ policy/modules/services/spamassassin.te
@@ -43,6 +43,7 @@
 typealias spamc_t alias { auditadm_spamc_t secadm_spamc_t };
 application_domain(spamc_t, spamc_exec_t)
 ubac_constrained(spamc_t)
+role system_r types spamc_t;
 
 type spamc_tmp_t;
 typealias spamc_tmp_t alias { user_spamc_tmp_t staff_spamc_tmp_t sysadm_spamc_tmp_t };
@@ -207,6 +208,7 @@
 allow spamc_t self:unix_stream_socket connectto;
 allow spamc_t self:tcp_socket create_stream_socket_perms;
 allow spamc_t self:udp_socket create_socket_perms;
+allow spamc_t self:netlink_route_socket { read write bind create getattr nlmsg_read };
 
 manage_dirs_pattern(spamc_t, spamc_tmp_t, spamc_tmp_t)
 manage_files_pattern(spamc_t, spamc_tmp_t, spamc_tmp_t)