Mailman and SuExec peaceful co-existence

Mailman doesn't play well with SuExec. There are a few problems with it: set GID bit on CGIs, different owner from the domain so the SuexecUserGroup doesn't match up, and there's probably some other problems.

Some solutions (none great):

Run a mailman for each domain. I hate this idea, as it is a huge waste of resources, but it solves a big problem with the next option, namely that every domain only sees its own domains when doing a listinfo without the list name.

Create a lists.domain.com subdomain that doesn't do SuExec and has only ScriptAlias pointing at the mailman location. Obviously, this could be a security issue in and of itself, if the user is able to modify the configuration of Apache with regard to this location. All users see all lists.

The third option is to create a "lists.serverdomain.com" where all users go for Mailman subscribe/unsubscribe/archives and whatever else. In this case it's just a special domain that has no features other than a web with ScriptAlias that allows mailman to work. This is the least ugly, IMHO, but all users see all lists and all users see the hosting server domain name. Of the three, I guess the second one is the sanest, but still confusing for users and domain owners.

In short, Mailman is just ugly as all hell for virtual hosting. If we don't allow access to the web GUI, it becomes less ugly, but it's more difficult for users to wrap their heads around. Life is hard sometimes.

Do you know of a simpler mailing list package we could support more fully, or have any ideas for how to make mailman play more nicely with others?

Status: 
Closed (fixed)