diff --git a/refpolicy/policy/modules/services/mta.te b/refpolicy/policy/modules/services/mta.te
index d037b76..9e82279 100644
--- a/refpolicy/policy/modules/services/mta.te
+++ b/refpolicy/policy/modules/services/mta.te
@@ -50,6 +50,8 @@ allow system_mail_t self:capability { setuid setgid chown };
 allow system_mail_t self:process { signal_perms setrlimit };
 allow system_mail_t self:tcp_socket create_socket_perms;
 
+allow system_mail_t etc_mail_t:file r_file_perms;
+
 # re-exec itself
 can_exec(system_mail_t, sendmail_exec_t)
 allow system_mail_t sendmail_exec_t:lnk_file r_file_perms;
@@ -64,6 +66,7 @@ corenet_tcp_sendrecv_all_nodes(system_mail_t)
 corenet_raw_sendrecv_all_nodes(system_mail_t)
 corenet_tcp_sendrecv_all_ports(system_mail_t)
 corenet_tcp_bind_all_nodes(system_mail_t)
+corenet_tcp_connect_smtp_port(system_mail_t)
 
 dev_read_rand(system_mail_t)
 dev_read_urand(system_mail_t)
@@ -96,8 +99,6 @@ userdom_use_sysadm_terms(system_mail_t)
 ifdef(`targeted_policy',`
 	typealias system_mail_t alias sysadm_mail_t;
 
-	allow system_mail_t etc_mail_t:file r_file_perms;
-
 	allow system_mail_t mail_spool_t:dir create_dir_perms;
 	allow system_mail_t mail_spool_t:file create_file_perms;
 	allow system_mail_t mail_spool_t:lnk_file create_lnk_perms;
@@ -144,6 +145,10 @@ optional_policy(`apache.te',`
 	apache_dontaudit_rw_sys_script_stream_socket(system_mail_t)
 ')
 
+optional_policy(`arpwatch.te',`
+	arpwatch_rw_tmp_files(system_mail_t)
+')
+
 optional_policy(`cron.te',`
 	cron_read_system_job_tmp_files(system_mail_t)
 ')