jim.manico at owasp.org
Tue Feb 25 00:09:24 UTC 2014
Our community is not portal friendly, just warning you all. I still back
this new list regardless of this portal. The staff does not need to be a
part of it, the list managers can keep them posted.
My 2 cents,
On Feb 24, 2014, at 4:05 PM, Matt Tesauro <matt.tesauro at owasp.org> wrote:
Tobias & Jim,
I suspect the current server can handle the load (outbound is especially
problematic) for this new list. I agree with Tobias that the best way to
find out is to just try it and see what happens. 
*HOWEVER*, I know the full time staff are working on the communities site
which is hooked into Salesforce. I've not worked directly on this (I think
its been primarily Kate but check with Sarah for 100% accuracy) and from
what I understand, that site (and the features it will bring) will be a
much better home for this type of list/communication mechanism.
Sarah ping'ed me off this thread to ask me to hold off on this. From what
she told me, she mentioned getting back to the board on Monday with a
proposed solution for your request/suggestion.
So, I'm putting this on hold until Monday - I've been busy upgrading the
MediaWiki source code to get us up to the latest stable version. Look for
a leaders-list announcement shortly.
 TLDR: Mailman may be working OK currently, but its still full of cruft
and requires a lot more work to be optimally setup.
Just a note for the record, during the Christmas break of 2011, Mailman was
migrated to Rackspace's public cloud hosting by the previous OWASP IT
person. By February 2012, that Mallman server was becoming useless due to
being buried in SPAM. I was on the board at the time and negotiated a
donation of SPAM filtering service from Barracuda and got access to the
Mailman install. The install was less then optimal with basic things like
MX and PTR records missing. I'm actually surprised that it worked as well
as it did. After getting the SPAM under control, Achim and I worked on
getting a much better mail setup. With Achim's help (he knows Sendmail much
better then me) we got a much more stable and working Mailman install setup.
When the OWASP Connector started being sent is when we noticed the service
dying and a mail storm of bounced bad email addresses was taking down
Sendmail due to maxing out our connections. Moving the OWASP Connector off
to the third-party service helped alleviate this problem.
All that said, there's still many "kustomizations" of Mallman that are
undocumented and deviate wildly from the methods suggested by the Mailman
admin manual. I've found a bunch of shell scripts and other kustomizations
in my Mailman archaeology explorations on that server but I continue to
find unique and atypical settings. I suspect there's something broken in
how Mailman handles bounces (and pruning address that perpetually bounce)
but I've not found where those customizations were made.
I've focused my work on keeping the service up and working for the
community over getting all those edge cases worked out. I also prioritized
getting the wiki fully updated over a clean install of Mailman, though that
is my next large project for OWASP IT.
So, if I'm uncertain about the capacity of that server it is because it has
a far from optimal setup with undocumented diversions from the norm as well
as unique customizations. Once I get a fresh install of Mailman setup and
the lists migrated, then I'll be confident in its capacity.
-- Matt Tesauro
OWASP WTE Project Lead
http://AppSecLive.org - Community and Download site
OWASP OpenStack Security Project Lead
On Mon, Feb 24, 2014 at 5:05 PM, Tobias <tobias.gondrom at owasp.org> wrote:
> Hi Jim,
> I think we can just try it and see how we can cope with the volume. And
> if things don't perform enough, we can still either improve the server
> or change the system.
> I know from other cases that mailman can handle a large number of users
> in a reasonably high volume.
> A good example of such a large list is the global IETF mailing-list:
> If we run into performance problems, I could probably connect Matt with
> their Admin to see how they do it.
> Cheers, Tobias
> On 24/02/14 16:25, Jim Manico wrote:
> > Matt,
> > We want to start a new email list that anyone (following our code of
> > ethics) can join called owasp-community.
> > Can mailman handle a large number of users in a high volume list?
> > Aloha,
> > Jim
> > _______________________________________________
> > Owasp-board mailing list
> > Owasp-board at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-board
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board