[Owasp-board] Possible hosted Mailman solution - response requested

Matt Tesauro matt.tesauro at owasp.org
Thu May 31 18:03:53 UTC 2012

I found out that OSL (Open Source Labs) does hosting of many open source
project's Mailman lists as a service offering. [1]  [2]

I reached out to them to see if they could host lists.owasp.org.  I've
heard back and they are willing and able to host our Mailman lists.  The
high-leve stuff is:

(1) They use a shared platform for all their Mailman lists so we _may_ need
to rename some lists during the migration.

(2) I do not have a cost for this yet.  OSL generally works on a cost
recovery basis. I'd guest-imate ~$180/month or ~$2,200/year.

(3) I am tempted to ask if its possible to get a individual host for this
and pay extra so that we have an isolated Mailman instance.  This would
avoid the multi-tenant instance of Mailman and some of the wrinkles around
hosting multiple domains with Mailman.  Alternately, I could see if they'd
manage a host running at Rackspace.

Please provide your feedback on the items above ASAP.  I am planning on
responding to OSL this evening / tomorrow AM to get more details and see
about possible migration dates.

Here's the thread between OSL and myself:
---------- Forwarded message ----------
From: Jordan Evans via RT
Date: Wed, May 30, 2012 at 4:31 PM
Subject: [support.osuosl.org #21040] Request for mailman hosting for OWASP
To: matt.tesauro at owasp.org

We can do this. What we need from you is an archive of your mailing lists.
which point you should queue up all messages sent in, and then after I have
mailing lists set up, switch the mx records over to:


Additionally you can make a pointer record to

In order to use the web interface.

And then you can forward the queued up mail onto us, and it should all be
assuming you can have a small down time for the mailing lists. I have an
window to do this tomorrow around 2-5 PST, if that works for you. Or we can
it later as well. It should take ~1 hour or so to get everything set up on
end, including regenerating the archives into our mailman setup.

One last thing of note: Mailman doesn't handle multiple virtual domains
particularly well, and we run a rather large shared instance of mailman.
One of
the issues is that internally mailman doesn't use fully qualified list
and such one can have a list name conflict across domains. E.g
general at lists.osuosl.org and general at lists.owasp.org would both be referred
as 'general' internally, and both couldn't exist.

As a result we name all mailing lists as $project-$list at lists.$project.org,
then use postfix rules to funnel mail to $list at lists.$project.org ->
$project-$list at lists.$project.org. This works quite well, with the one side
effect of end-users occasionally seeing the $project-$list at lists.$
address on mail sent out from our mailing list server.

Assuming you have a default install of mailman, all the data we need is in
/var/lib/mailman, so you can just tarball that up and send it our way and we
can handle the rest (aside from DNS record changes after the lists are in

Let me know if you have any questions/concerns, etc.

--Jordan Evans

On Thu May 24 14:03:11 2012, matt.tesauro at owasp.org wrote:
> Per your services page, here's what we'd like to discuss
> * The type(s) of server(s) you are requesting hosting for, if applicable.
> Likely a single server - see details below.
> * The purpose of said server (will it be Web, development, etc?).
> A mailman server currently hosting ~450+ lists with ~22K registered users.
> Currently, that host is running on a Rackspace Cloud virtual server
> running Ubuntu Linux Server 10.04 LTS with 4 GB RAM and 160 GB disk. More
> details are below.
> * Your estimated bandwidth usage.
> We are currently using a donated Barracuda cloud instance as a smart relay
> to handle SPAM. Looking at that console, there's an average of ~55 MB /day
> with spikes of 417.9 MB and 776.MB. I've attached a png with a screenshot
> of Barracuda's web console.
> * Details about your project, along with your URL, license and any other
> pertinent information.
> The OWASP Foundation (https://www.owasp.org/index.php/About_OWASP) would
> like to host some of our online resources with OSL as outlined below. We
> are an international not-profit initially consisting of a US 501(c)(3) and
> a recently added European non-profit which focuses on application security
> and releases its projects under OSI approved licences - both code projects
> and documentation. Licensing information is available here:
> https://www.owasp.org/index.php/OWASP_Licenses
> * Contributions that you may be able to make to cover costs.
> We have some funds to pay for this but have no idea how to cost it
> reasonably. The current hosts we have with Rackspace are donated so its
> hard to estimate this number. We'd be interested in what this would cost
> in a cost-recovery basis.
> More server details:
> root at owasp-3:~# cat /etc/lsb-release
> root at owasp-3:~# free -m
> total used free shared buffers cached
> Mem: 4011 3898 113 0 274 1922
> -/+ buffers/cache: 1701 2310
> Swap: 8189 23 8165
> root at owasp-3:~# df -h
> Filesystem Size Used Avail Use% Mounted on
> /dev/sda1 150G 40G 103G 28% /
> udev 10M 148K 9.9M 2% /dev
> none 2.0G 0 2.0G 0% /dev/shm
> none 2.0G 48K 2.0G 1% /var/run
> none 2.0G 4.0K 2.0G 1% /var/lock
> none 2.0G 0 2.0G 0% /lib/init/rw
> --
> -- Matt Tesauro

[1] http://osuosl.org/services/hosting/details

[2] http://osuosl.org/services/hosting/communities

-- Matt Tesauro
OWASP Board Member
OWASP WTE Project Lead
http://AppSecLive.org - Community and Download site
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20120531/a0c115c1/attachment-0002.html>

More information about the Owasp-board mailing list