My understanding is that Rootkit Hunter is optional but strongly recommended. Is that correct? Is there any reason not to run RKH and chrootkit on the same system? RKHunter installs Postfix, which is a bit heavy: Does anyone install another mail transport before RKHunter? Is there some reason related to ISPConfig that we might want Postfix to be the MTA there? Is there any reason why we might want to install Postfix separately in the ISPConfig Mail Server component? Or is it just as good to let rkhunter install Postfix? (The apt-get install of postfix later should be ignored but below I have questions about the configuration.) (Note that if rkhunter is installed during system installation that the Postfix-related notes in Perfect docs are not the same. Someone doing the install should recognize that.) I understand some admins use ISPProtect (for-fee). And there are many other similar applications. But are there any other packages like RKH that are very commonly used or recommended for use with ISPConfig? As an example, ClamAV is commonly used with ISPConfig and it can do file system scanning. Please: I'm not looking for open commentary/anecdotes like "I use this". I'm asking about security software that is not in the Perfect docs, but may be commonly used and/or recommended for ISPConfig. EDIT : Additional questions : Ref the most recent Perfect guide : Section 6 about installing Postfix. Should the exact same Postfix instructions be followed in any system where rkhunter is installed with postfix? And to be very specific, should the specified mail server fqdn reference the actual mail.mydomain.tld? Or, where Postfix is just being added as a MTA/relay, should that be myhost.mydomain.tld? I'm guessing this should be the live/full mail.domain.tld, otherwise, how does it know which server to use for relay? I'm looking for docs on these topics. Links are certainly welcome. Thanks!