The article An introduction to the Aegir Hosting system mentions in the roadmap: "Third-party application hook-ins, i.e DNS, LDAP, Mail, Jabber... with the idea of a control panel done right".
That is, even when Aegir surely would conflict with other control panels such as ISPConfig, Virtualmin... doing similar tasks on the same server (site configuration in Apache, etc.), probably it could be compatible with complementary software for the tasks that the current Aegir versions don't yet manage: email, firewall...
For email, since the automatic installation of Aegir on Debian includes Postfix, and complex solutions like Zimbra can be resource intensive, in my case I'm considering just a GUI for Postfix. The most popular one seems to be Postfix Admin, which only requires PHP and a database like MySQL.
Given that a mail server needs a lot of maintenance work, probably I will use Postfix Admin only to send mail from the server, and Google Apps -which can deal well with spam, etc.- to receive mail.
I think Debian doesn't include a firewall by default. However, testing Aegir on a clean Linode VPS with a fresh Debian 6 Squeeze installation, it does not seem to need a firewall much. According to an external port scan, the ports 22 (ssh), 25 (smtp), 80 (http) y 443 (https) are open, but 3306 (mysql) and many others are closed. With "netstat -lnptu" (command line, from inside the server), the open ports are 22, 25, 80, 123, 443, 3306. The explanation for the difference about 3306 is in the file /etc/mysql/my.cnf:
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = 127.0.0.1
Therefore, with only a few mostly necessary ports open, probably a full firewall like Shorewall, etc. is for special cases, and installing just fail2ban would be usually enough. On Debian:
apt-get install fail2ban
(the log file is /var/log/fail2ban.log)
I would like to know the experiences of others running apps for email, security, etc., to complement Aegir on a VPS or server.