Does merely having the IIS software on a server increase risk?

From: Thomas Dulaney (
Date: 01/27/03

From: "Thomas Dulaney" <>
Date: Mon, 27 Jan 2003 10:54:25 -0800


I need to have SMTP services on an application server. I
don't need or want a web server on this machine, but I
have to have IIS installed to get the SMTP service as I
understand it. I have stopped the default web sites that
are created by the install. Is there hackable entry to
the server that I need to worry about even if the web
services (and everything else except SMTP) is turned off?

Are there significant danger of being hacked through the
SMTP port? This server houses a mission critical database
so we want the server as crash free (and hence hack free)
as is reasonable.

Any and all advice is appreciated!!