diff --git a/policy/modules/services/postfix.te b/policy/modules/services/postfix.te
index ea6fa96..8dd52ce 100644
--- a/policy/modules/services/postfix.te
+++ b/policy/modules/services/postfix.te
@@ -293,6 +293,10 @@ stream_connect_pattern(postfix_local_t, postfix_public_t, postfix_public_t, post
 # for .forward - maybe we need a new type for it?
 rw_sock_files_pattern(postfix_local_t, postfix_private_t, postfix_private_t)
 
+domtrans_pattern(postfix_local_t, postfix_postdrop_exec_t, postfix_postdrop_t)
+# Might be a leak, but I need a postfix expert to explain
+allow postfix_postdrop_t postfix_local_t:unix_stream_socket { read write };
+
 allow postfix_local_t postfix_spool_t:file rw_file_perms;
 
 corecmd_exec_shell(postfix_local_t)
@@ -309,10 +313,6 @@ mta_read_config(postfix_local_t)
 # Handle vacation script
 mta_send_mail(postfix_local_t)
 
-domtrans_pattern(postfix_local_t, postfix_postdrop_exec_t, postfix_postdrop_t)
-# Might be a leak, but I need a postfix expert to explain
-allow postfix_postdrop_t postfix_local_t:unix_stream_socket { read write };
-
 userdom_read_user_home_content_files(postfix_local_t)
 
 tunable_policy(`allow_postfix_local_write_mail_spool',`