Insert initial headers like Authentication-Results before the MTA’s Received header

[glts]

The proposed change moves the generated Authentication-Results (et al.) header before the MTA’s Received header. This is achieved by calling the milter library’s smfi_insheader function with index 0 instead of 1, patch provided by @fanto666. This fixes #24.

The Authentication-Results header is specified in RFC 8601. It is a trace header field and therefore expected to come before the Received header. See the explicit requirements on this in sections 4 and 7.1 of RFC 8601, and also the numerous examples in appendix B:

For MTAs that add this header field, adding header fields in order (at the top), per Section 3.6 of [MAIL], is particularly important. Moreover, this header field SHOULD be inserted above any other trace header fields such MTAs might prepend. This placement allows easy detection of header fields that can be trusted.

5. On the presumption that internal MTAs are fully compliant with Section 3.6 of [MAIL] and the compliant internal MTAs are using their own hostnames or the ADMD's DNS domain name as the authserv-id token, this header field should always appear above a Received header added by a trusted MTA. This can be used as a test for header field validity.

Other software such as SpamAssassin also assumes that trusted Authentication-Results headers come before the trusted Received header.

[futatuki]

With this change, with old postfix (2.10) and old libmilter (8.14.7), opendmarc milter cannot get AR headers added by opendkim.

However after rebuilding opendkim and opendmarc with libmilter 8.18.1, even appy this PR patch, opendmarc can get AR headers.

I guess this is related to the change on sendmail 8.17.2. From RELEASE_NOTE in sendmail-8.18.1:

8.17.2/8.17.2   2023/06/03
...
        LIBMILTER: The macros for the EOH and EOM callbacks are
                sent in reverse order which means accessing macros
                in the EOM callback got the macro for the EOH
                callback. Store those macros in the expected order
                in libmilter. Note: this does not affect sendmail
                because the macros for both callbacks are the same
                because the message is sent to libmilter after it
                is completely read by sendmail.  Fix and problem
                report from David Buergin.
...

[futatuki]

However after rebuilding opendkim and opendmarc with libmilter 8.18.1, even appy this PR patch, opendmarc can get AR headers.

This was incorrect, even with libmilter bundled in sendmail-8.18.1, our CentOS 7 environment, postfix 2.10, sendmail-milter 8.18.1, opendkim including this change, opendmarc milter after opendkim milter cannot get Authentication-Results: header generated by opendkim milter. (The result in my previous comment was caused by my mistake, when I rebuilt opendkim with newer libmilter, I applyed a patch reverting this change. I'm very sorry.)

Other environment, with Postfix 3.9.0, and with sendmail 8.18.1 on FreeBSD, opendmarc can get AR header from preceding opendkim.