> An IP stack which is part of the kernel *is* (more or less) directly > exposed to the internet as long as there's the appropriate cable > connected to that machine. Yes, I hope that IP-stack is not so buggy. Anyway, I think that is easier to exploit systems via normal tcp connection as the kernel ip stack. Anyway, I think that unprotected sshd is bigger risk than postfix or sendmail. Personally I cannot trust sendmail, so I am running postfix on most of mailiservers. -- Eero