I would configure mailman with permanent write access to the mailbox area

That's what I with my sandbox right now