From Debian package 0.2.20100524-5
0072-Spamassassin-policy-adjustments.patch (part of)

  * Allow spamc_t to be in system_r and allow it access to netlink_route_socket

Index: policy/modules/contrib/spamassassin.te
===================================================================
--- policy/modules/contrib/spamassassin.te.orig
+++ policy/modules/contrib/spamassassin.te
@@ -40,6 +40,7 @@
 typealias spamc_t alias { user_spamc_t staff_spamc_t sysadm_spamc_t };
 typealias spamc_t alias { auditadm_spamc_t secadm_spamc_t };
 userdom_user_application_domain(spamc_t, spamc_exec_t)
+role system_r types spamc_t;
 
 type spamc_tmp_t;
 typealias spamc_tmp_t alias { user_spamc_tmp_t staff_spamc_tmp_t sysadm_spamc_tmp_t };
@@ -203,6 +204,7 @@
 allow spamc_t self:unix_stream_socket connectto;
 allow spamc_t self:tcp_socket create_stream_socket_perms;
 allow spamc_t self:udp_socket create_socket_perms;
+allow spamc_t self:netlink_route_socket { read write bind create getattr nlmsg_read };
 
 manage_dirs_pattern(spamc_t, spamc_tmp_t, spamc_tmp_t)
 manage_files_pattern(spamc_t, spamc_tmp_t, spamc_tmp_t)