Found the following at http://daemons.net/~matty/blog/?p=456:
SARC case 2004/368 : Secure By Default BUG/RFE:4875624 *syslogd* turn off UDP listener by default BUG/RFE:5004374 Ship with remote services disabled by default BUG/RFE:5016956 By default rpcbind should not listen for remote requests BUG/RFE:5016975 By default snmpd/dx should not be enabled. BUG/RFE:5016998 By default inetd should not listen for remote
connections.
BUG/RFE:5017041 By default sendmail should not listen for remote
connections
BUG/RFE:5046450 Create a greenline profile for Secure by Default
installation
BUG/RFE:6267741 RFE: One-touch knob for outbound-only sendmail BUG/RFE:6414308 syslogd could use some lint soap
Oddly enough, I was just complaining about this myself. :)