As it stands, when sending email using clients like Thunderbird, my messages get signed with DKIM. However when generating emails from a web application, they do not get signed.
I've used a Rails gem called dkim to apply the key upon sending, however the location and file permissions for the private key found in /var/cpanel/domain_keys/private/[filename] are out of the scope of the user permissions of the Rails app.
My rails app currently runs under the user account 'whatever'. 'whatever' is the user account for my web host. I don't think it's wise to add the 'whatever' user to the 'mail' group just for the sake of reading the DKIM private key file contents, so what are my solutions? I've tried ACL (no errors upon executing the command sudo setfacl -m u:whatever:r /var/cpanel/domain_keys/private/[filename], but the user 'whatever' still cannot read the file).
I think the simplest solution is to symbolically link the file to a location in my app's directory upon deployment but I still need sudo permission to do it.
The solution was to also set "execute", not just "read". You will also need to do this for parent directories that the user is currently denied access to.
sudo setfacl -m u:whatever:rx /var/cpanel/domain_keys/private
and then
sudo setfacl -m u:whatever:rx /var/cpanel/domain_keys/private/[filename]