Kernel w/o loadable mods, for security?

[foodog]

I'm putting the finishing touches on a mail server.  Once it's done,
I'll never get to touch it again unless the hardware catches fire (it
may get a day or two off next June).

It's looking like a good idea to build a newer kernel to get really
happy reiserfs.  I'm considering leaving out support for loadable
modules to make things inconvenient for the hypothetical cracker who may
try to homestead on it.  Kmod rootkits are high on my nightmare list.

Can someone suggest a good way to determine what to include in a
monolithic kernel?  Any thoughts about no loadable modules as a security
measure?  

Steve