[Owasp-board] Possible hosted Mailman solution - response requested
matt.tesauro at owasp.org
Sun Jun 3 20:55:17 UTC 2012
Re-sending as the @owasp me.
On Sun, Jun 3, 2012 at 3:46 PM, Matt Tesauro <mtesauro at gmail.com> wrote:
> With OSL, there is are two options:
> (1) The normal option where I'd tarball up our archives and they would add
> our lists to their existing shared Mailman infrastructure. We _may_ have
> to rename some lists due to the shared hosting situation.
> (2) I'd like to see if they will either run a separate host for us (to get
> off the shared infrastructure) or possibly run the server we have already
> at Rackspace's managed cloud.
> We've already started the process of moving hosts from public cloud to
> managed cloud at Rackspace. I suspect OCMS will fully migrate this week,
> next will be the Apache box for conference site archives++, followed by the
> wiki.  The remaining one is lists.owasp.org.
> We can either run it ourselves and use the migration to setup Mailman
> properly or had over Mailman to OSL. My preference it to let OSL run it as
> they do this already for many others. The real question is whether OSL
> will run it on our (Rackspace really) "iron" or theirs. Plus the question
> of shared infrastructure or not install of Mailman.
> I'll restart the conversation with OSL tomorrow and see what options they
> are willing to entertain.
>  After the OWASP wiki is moved to managed, we can put in a ticket to
> get Akamai integration done by Rackspace. (Whoop!)
> -- Matt Tesauro
> OWASP International Foundation Board Member and Treasurer
> OWASP WTE Project Lead
> http://AppSecLive.org - Community and Download site
> On Fri, Jun 1, 2012 at 12:13 PM, Michael Coates <michael.coates at owasp.org>wrote:
>> Does this mean they will just host or also configure/setup? It seems
>> like the configuration is the root of our problems and I'm wondering if
>> this idea would address that.
>> Michael Coates | OWASP
>> michael.coates at owasp.org | @_mwc
>> On Jun 1, 2012, at 7:52 AM, Seba wrote:
>> On Thu, May 31, 2012 at 8:03 PM, Matt Tesauro <matt.tesauro at owasp.org>wrote:
>>> I found out that OSL (Open Source Labs) does hosting of many open source
>>> project's Mailman lists as a service offering.  
>>> I reached out to them to see if they could host lists.owasp.org. I've
>>> heard back and they are willing and able to host our Mailman lists. The
>>> high-leve stuff is:
>>> (1) They use a shared platform for all their Mailman lists so we _may_
>>> need to rename some lists during the migration.
>>> (2) I do not have a cost for this yet. OSL generally works on a cost
>>> recovery basis. I'd guest-imate ~$180/month or ~$2,200/year.
>>> (3) I am tempted to ask if its possible to get a individual host for
>>> this and pay extra so that we have an isolated Mailman instance. This
>>> would avoid the multi-tenant instance of Mailman and some of the wrinkles
>>> around hosting multiple domains with Mailman. Alternately, I could see if
>>> they'd manage a host running at Rackspace.
>>> Please provide your feedback on the items above ASAP. I am planning on
>>> responding to OSL this evening / tomorrow AM to get more details and see
>>> about possible migration dates.
>>> Here's the thread between OSL and myself:
>>> ---------- Forwarded message ----------
>>> From: Jordan Evans via RT
>>> Date: Wed, May 30, 2012 at 4:31 PM
>>> Subject: [support.osuosl.org #21040] Request for mailman hosting for
>>> To: matt.tesauro at owasp.org
>>> We can do this. What we need from you is an archive of your mailing
>>> lists. At
>>> which point you should queue up all messages sent in, and then after I
>>> have the
>>> mailing lists set up, switch the mx records over to:
>>> Additionally you can make a pointer record to
>>> In order to use the web interface.
>>> And then you can forward the queued up mail onto us, and it should all
>>> be good,
>>> assuming you can have a small down time for the mailing lists. I have an
>>> window to do this tomorrow around 2-5 PST, if that works for you. Or we
>>> can do
>>> it later as well. It should take ~1 hour or so to get everything set up
>>> on our
>>> end, including regenerating the archives into our mailman setup.
>>> One last thing of note: Mailman doesn't handle multiple virtual domains
>>> particularly well, and we run a rather large shared instance of mailman.
>>> One of
>>> the issues is that internally mailman doesn't use fully qualified list
>>> and such one can have a list name conflict across domains. E.g
>>> general at lists.osuosl.org and general at lists.owasp.org would both be
>>> referred to
>>> as 'general' internally, and both couldn't exist.
>>> As a result we name all mailing lists as $project-$list at lists.$
>>> project.org, and
>>> then use postfix rules to funnel mail to $list at lists.$project.org ->
>>> $project-$list at lists.$project.org. This works quite well, with the one
>>> effect of end-users occasionally seeing the $project-$list at lists.$
>>> address on mail sent out from our mailing list server.
>>> Assuming you have a default install of mailman, all the data we need is
>>> /var/lib/mailman, so you can just tarball that up and send it our way
>>> and we
>>> can handle the rest (aside from DNS record changes after the lists are in
>>> Let me know if you have any questions/concerns, etc.
>>> --Jordan Evans
>>> On Thu May 24 14:03:11 2012, matt.tesauro at owasp.org wrote:
>>> > Per your services page, here's what we'd like to discuss
>>> > * The type(s) of server(s) you are requesting hosting for, if
>>> > Likely a single server - see details below.
>>> > * The purpose of said server (will it be Web, development, etc?).
>>> > A mailman server currently hosting ~450+ lists with ~22K registered
>>> > Currently, that host is running on a Rackspace Cloud virtual server
>>> > running Ubuntu Linux Server 10.04 LTS with 4 GB RAM and 160 GB disk.
>>> > details are below.
>>> > * Your estimated bandwidth usage.
>>> > We are currently using a donated Barracuda cloud instance as a smart
>>> > to handle SPAM. Looking at that console, there's an average of ~55 MB
>>> > with spikes of 417.9 MB and 776.MB. I've attached a png with a
>>> > of Barracuda's web console.
>>> > * Details about your project, along with your URL, license and any
>>> > pertinent information.
>>> > The OWASP Foundation (https://www.owasp.org/index.php/About_OWASP)
>>> > like to host some of our online resources with OSL as outlined below.
>>> > are an international not-profit initially consisting of a US 501(c)(3)
>>> > a recently added European non-profit which focuses on application
>>> > and releases its projects under OSI approved licences - both code
>>> > and documentation. Licensing information is available here:
>>> > https://www.owasp.org/index.php/OWASP_Licenses
>>> > * Contributions that you may be able to make to cover costs.
>>> > We have some funds to pay for this but have no idea how to cost it
>>> > reasonably. The current hosts we have with Rackspace are donated so its
>>> > hard to estimate this number. We'd be interested in what this would
>>> > in a cost-recovery basis.
>>> > More server details:
>>> > root at owasp-3:~# cat /etc/lsb-release
>>> > DISTRIB_ID=Ubuntu
>>> > DISTRIB_RELEASE=10.04
>>> > DISTRIB_CODENAME=lucid
>>> > DISTRIB_DESCRIPTION="Ubuntu 10.04.4 LTS"
>>> > root at owasp-3:~# free -m
>>> > total used free shared buffers cached
>>> > Mem: 4011 3898 113 0 274 1922
>>> > -/+ buffers/cache: 1701 2310
>>> > Swap: 8189 23 8165
>>> > root at owasp-3:~# df -h
>>> > Filesystem Size Used Avail Use% Mounted on
>>> > /dev/sda1 150G 40G 103G 28% /
>>> > udev 10M 148K 9.9M 2% /dev
>>> > none 2.0G 0 2.0G 0% /dev/shm
>>> > none 2.0G 48K 2.0G 1% /var/run
>>> > none 2.0G 4.0K 2.0G 1% /var/lock
>>> > none 2.0G 0 2.0G 0% /lib/init/rw
>>> > --
>>> > -- Matt Tesauro
>>>  http://osuosl.org/services/hosting/details
>>>  http://osuosl.org/services/hosting/communities
>>> -- Matt Tesauro
>>> OWASP Board Member
>>> OWASP WTE Project Lead
>>> http://AppSecLive.org - Community and Download site
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board