I just set this up, and had to do some digging to get it to work, but wanted to share my results for the benefits of others.
I'm using debian stable (squeeze), and the install of wordpress and mailman from the stable repository. I set up mailman basically following this guide, if it matters. I added www-data to the 'list' group (/etc/group).
The main blocking issue for me was that after everything else seemed to be set up correctly, and I could even verify that the subscribe() command was being run with a cmd path and flags that worked when run as sudo -u www-data, users still weren't actually being subscribed. This led me to suspect that popen() might be behaving badly, so I checked its documentation, and, sure enough, found a likely culprit:
Note: When safe mode is enabled, you can only execute files within the safe_mode_exec_dir.
I opened up my vhost config and added:
I reloaded apache, and everything worked! Woo!
php_value safe_mode_exec_dir "/usr/share/wordpress/wp-content/plugins/mailman/"
My only remaining complaint is that the subscribe() function gets called immediately when the registration gets processed, not after the user confirms the registration in their email.