diff --git a/roles/base/files/postfix/zabbix-selinux.te b/roles/base/files/postfix/zabbix-selinux.te
index 0a047fe622..8531a722c0 100644
--- a/roles/base/files/postfix/zabbix-selinux.te
+++ b/roles/base/files/postfix/zabbix-selinux.te
@@ -1,14 +1,19 @@
-module zabbix_sendmail 1.6;
+module zabbix_sendmail 1.7;
 
 require {
        type sendmail_exec_t;
        type zabbix_agent_t;
        type bin_t;
        type etc_t;
+       type kernel_t;
        type postfix_etc_t;
        type postfix_postqueue_exec_t;
+       type postfix_public_t;
        class file { read open execute execute_no_trans };
        class lnk_file { read getattr };
+       class sock_file write;
+       class unix_stream_socket connectto;
+       class unix_dgram_socket create;
 }
 
 #============= zabbix_agent_t ==============
@@ -25,3 +30,8 @@ allow zabbix_agent_t etc_t:lnk_file read;
 
 # Allow it to read main.cf
 allow zabbix_agent_t postfix_etc_t:file { read open };
+
+# Allow it actually read the mail queue
+allow zabbix_agent_t kernel_t:unix_stream_socket connectto;
+allow zabbix_agent_t postfix_public_t:sock_file write;
+allow zabbix_agent_t self:unix_dgram_socket create;