Here's a run down of the main mailing lists that I follow. While most of these are known in the security industry, many people who frequent this site are from various backgrounds and may find this list useful.
Bugtraq: "BugTraq is a full disclosure moderated mailing list for the *detailed* discussion and announcement of computer security vulnerabilities: what they are, how to exploit them, and how to fix them.". The largest and oldest list around. Respek.
Full Disclosure: An un-moderated free for all where anything goes (98% is noise)
Vuln-dev: "The VULN-DEV list exists to allow people to report potential or undeveloped holes. The idea is to help people who lack expertise, time, or information about how to research a hole do so."
Daily Dave: Focuses on lower level exploitation and groundbreaking research.
Pen-test: Help with penetration testing questions and tools.
Security Jobs: 1 guess at what this is for.
My personal favorites
SC-L: The secure coding mailing list focuses on how to program securely and security program development.
The Web Security Mailing List: Covers everything website, or application security. The highest traffic webappsec list around. Full disclosure, I founded this list and currently moderate it.
If you know of any other decent lists please suggest them below.
