thus Eero Volotinen spake: >> An IP stack which is part of the kernel *is* (more or less) directly >> exposed to the internet as long as there's the appropriate cable >> connected to that machine. > > Yes, I hope that IP-stack is not so buggy. Anyway, I think that is > easier to exploit systems via normal tcp connection as the kernel ip stack. You probably mean protocols on and/or above layer five. ;) > Anyway, I think that unprotected sshd is bigger risk than postfix or > sendmail. Personally I cannot trust sendmail, so I am running postfix on > most of mailiservers. > > -- > Eero Timo