From Debian package 0.2.20100524-6

  * Allow system_mail_t (sendmail) to get read/write access to crond_tmp_t

Index: policy/modules/services/cron.te
===================================================================
--- policy/modules/services/cron.te.orig
+++ policy/modules/services/cron.te
@@ -223,6 +223,7 @@
 userdom_list_user_home_dirs(crond_t)
 
 mta_send_mail(crond_t)
+system_mail_file_access(crond_tmp_t)
 
 ifdef(`distro_debian',`
 	# pam_limits is used
Index: policy/modules/services/mta.if
===================================================================
--- policy/modules/services/mta.if.orig
+++ policy/modules/services/mta.if
@@ -901,3 +901,20 @@
 
 	allow $1 user_mail_domain:unix_stream_socket rw_socket_perms;
 ')
+
+########################################
+## <summary>
+##	Allow system_mail_t to access files of specified types
+## </summary>
+## <param name="private type">
+##	<summary>
+##	File type that system_mail_t can access
+##	</summary>
+## </param>
+#
+interface(`system_mail_file_access',`
+	gen_require(`
+		type system_mail_t;
+	')
+	allow system_mail_t $1:file { read write };
+')