Just to follow up with a summary on this . . .
Followed the email HowTo on the Centos wiki by installing postfix, dovecot, postgrey, amavisd and setting up SSL/TLS.
Set selinux to permissive, targeted.
Sent many, many emails with attachments, spam, etc. to & from the box.
Removed previous selinux entries from audit.log.
The new policy was extracted with cat new_audit.log|audit2allow -m local
module local 1.0;
require { type traceroute_port_t; type amavis_t; type postfix_spool_t; type clamd_t; type amavis_var_lib_t; type sysctl_kernel_t; type var_t; type postfix_smtpd_t; type initrc_t; type proc_t; class unix_stream_socket connectto; class file { read getattr }; class sock_file write; class lnk_file { read create unlink getattr }; class udp_socket name_bind; class dir { read search }; }
#============= amavis_t ============== allow amavis_t amavis_var_lib_t:lnk_file { read create unlink getattr }; allow amavis_t traceroute_port_t:udp_socket name_bind;
#============= clamd_t ============== allow clamd_t proc_t:file { read getattr }; allow clamd_t sysctl_kernel_t:dir search; allow clamd_t sysctl_kernel_t:file read; allow clamd_t var_t:dir read; allow clamd_t var_t:file { read getattr };
#============= postfix_smtpd_t ============== allow postfix_smtpd_t initrc_t:unix_stream_socket connectto; allow postfix_smtpd_t postfix_spool_t:sock_file write;
Put the policy into effect with cat new_audit.log|audit2allow -M local semodule -i local.pp
Ran through all the same email tests.
selinux has not complained - yet.