I am trying to debug and find the issue for quite some time now. Long story short, a fresh install of PowerMTA 5 on Ubuntu, with OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022).
Trying to use the http-webhook-url to post accounting logs to my endpoint, but PowerMTA just does not want to connect over HTTPS.
My configuration is as:
<acct-file /var/log/pmta/webhook1.json>
records b, d
http-webhook-url https://<redacted>/
http-webhook-certificate /etc/pmta/webhook1-client-cert.pem
http-webhook-ca-file /etc/pmta/webhook1-server-ca-certs.pem
http-webhook-max-interval 1m
http-webhook-transfer-encoding gzip
http-webhook-log-verbose true
http-webhook-connect-timeout 1m
http-webhook-io-timeout 1m
</acct-file>
With the above configuration, using mutual TLS the error from /var/log/pmta/pmta.log is:
2024-01-12 16:35:01 Acct webhook (webhook1.json): Error transferring /var/log/pmta/webhook1-0000000000000001.json : SSL error: connect failed :140443675584064:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1915:;
Commenting out http-webhook-certificate and http-webhook-ca-file the error becomes:
2024-01-12 16:38:01 Acct webhook (webhook1.json): Error transferring /var/log/pmta/webhook1-0000000000000001.json : SSL error: connect failed :140443675584064:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1544:SSL alert number 40;
I have also tried using different domains with different TLS settings inside Cloudflare, without success. And I have also tested the endpoint using openssl request, it works without issues or warnings.
I would also be very interested in hearing some feedback regarding performance when using webhook compared to piping.