- A: running an OpenBSD machine with a httpd and a smtp server?
vs.
- B: running an OpenBSD machine as virtualization host with QEMU having two guest OpenBSD system: one for smtp and one for httpd.
Q: Which solution provides more security? For first look, I could think that Virtualization is another layer of security so it's better.. then in another thoughts... could it be that virtualization add just another layer of complexity so another layer of security bugs?
UPDATE to "B": no, the smtp and the httpd guest cannot talk to each other via layer3. QEMU.
Possible attacks: from script kiddie to security researcher that spends several months to get into the server. Only static html pages are used, no cgi/php and the smtpd server is OpenSMTPD. No unneeded ports are used, even SSHD is listening on a non-internet-faced interface.