On Wed, 2020-04-08 at 13:55 -0400, Allan Streib wrote: > My (default) smtpd.conf says: > > listen on lo0 > > So how might that be remotely exploitable?
I can disable all network connections on an unpatched Windows 95 laptop - oh, this would make it soooo secure ... Hint: a server, which provides no services to the outside, is very secure and at the same time completely useless! I personally welcome OpenBSD's decision to turn off most services per default, but that's not the point here. Even as a client you are exposed, since most browsers are bug fests of their own. The same is true of office productivity software and just about anything else. My point was, that security is an ongoing effort. Flaws and new exploit venues are discovered. There will be different numbers of flaws for different operating systems, but none remains unscathed for years. As soon as your server does anything useful, it will present an attack vector to the outside world, and one needs to be aware of it.
