Author: Pinky

CCTV @ Sainsbury’s filling station

I just want to commit to pixels exactly how disgusted I am at the state of so-called security at the local Sainsbury’s filling station. On the 7th of March 2007 at 21:00 I went to the filling station at the Kirkcaldy Sainsbury’s store, to buy some milk. This is now likely to be the most expensive bottle of milk I have ever come across. As I left the position in which I had parked (perfectly legally, I must add, following the blatant insinuation from the staff), I had to drive across the front of the shop/kiosk building. As I did so, the customer who had filled his car at pump number 5 started moving towards me. I assumed that he was going to stop, as his only route out from that position was through my car. As it turned out, that is exactly where he went, leaving me with a damaged rear wheel, rear door and driver’s door. For reasons best known only to him, he decided that stopping just long enough for me to open my door, then flooring it, was a suitable way of dealing with the situation.

I spoke to as many people on the forecourt as I could, but no-one had managed to get his number plate, but I was assured by staff that his details, and possibly the incident, would definitely have been captured on the CCTV system, the tapes of which would be available for the police the next day. Thus reassured, I went home, and contacted the police, who were not able to make it out to take a statement at the time, but were able to take one the next day. Whilst I drove into work on the Thursday, SWMBO contacted the store to ensure that the tapes were secured, and ready for collection by the police. After speaking to the store manager, she was eventually informed that the CCTV system was not actually switched on at the time of the incident.

That’s right, the highly visible, and well publicised security system installed at the Sainsbury’s filling station is not switched on! Some that I have spoken to have voiced the opinion that it may simply be a case of Sainsbury’s policy being to not get involved. If that is the case, they are in for a rude awakening, as the incident has been declared a crime by the police, which means that refusing to hand over any tapes will be a very serious criminal offence. Of course, if the system is not actually used, then the business insurance that is in place for the premises may be null and void. Nice move Sainsbury’s!

Just as an update for this going out of “private”, the police have now had to close the case, and I end up losing out.

SPF Finally implemented

Finally got round to implementing SPF (Sender Policy Framework for the uninitiated) on the mail server. This should hopefully cut down on the recent bursts of “backscatter” from spam. I am also planning on adding SPF records for the main Demon account, as that was badly hit with backscatter from MyDoom.A way back, and may well suffer again!

For information on SPF, check out this site.

Adding SPF checks to SpamAssassin was absolutely trivial – install the Mail::SPF::Query perl module! In the case of this server it was just a quick apt-get away (gotta love Debian).

Just as a quick note: I have seen many sites claiming that SPF doesn’t work as it should to prevent spam. In response to those claims, I would suggest that people actually check what it does claim. It merely helps prevent “spoofing”, nothing else, and if used correctly, does work (in my case, spoofed messages have a raised SA score, and are more likely to go into the spam-bucket). End result is no lost mail, and as I know which hosts send mail for the domain, less backscatter (if others use SPF sanely!)

Exim alias lookups

After much pulling of hair, gnashing of teeth, searching on Google, etc…
I have finally got the /etc/aliases file under control :)
As some background, all mail historically went to the one mailbox, and was separated out by the client, and all was good with the world. Then I set up a proper mail server, with more than one mailbox, and everything got silly. Due to the huge range of local usernames we have used (mainly to track who is selling the data), the aliases file was getting beyond what I think of as reasonable.
It finally hit me that we were separating the mail using regexp, and the first 2 or 3 characters was enough to identify the intended destination. Armed with this (bloody obvious) insight, I started looking at getting exim to parse regexps in /etc/aliases. First port of call was to switch from lsearch to wildlsearch, which was great, until I noticed everything was falling through to the catchall mailbox! Rolled the changes back (that’s what notes are for, after all), and left it on a back-burner for a while.
Suddenly (at about 23:00!) I recalled seeing something about “real_local” (yes, I can be somewhat dense at times). Five minutes later, I have it working exactly as planned :)
Of course, that five minutes should have happened in the first place, but at least I got there!

For the record, the settings are:
/etc/exim4/conf.d/router/400_exim4-config_system_aliases:
data = ${lookup{$local_part}lsearch{/etc/aliases}}
becomes
data = ${lookup{$local_part}wildlsearch{/etc/aliases}}

/etc/aliases:
^user.*: real-user

Powered by WordPress & Theme by Anders Norén