There are a lot of security vendors out there touting all kinds of security products from encrypting hard drives and emails to virus checking and spyware scanning, secure email products, and compliance auditing for those who have access to the systems directly.
However as far as I know, there is no good solution for monitoring and quickly pinpointing a man-in-the-middle attack.
This type of thing seems like it would require cooperation on both ends of a network. It may involve traces through networks and honeypots and traps to catch such attacks.
The more I think about it the more I think that is what is going on with our email service. But I cannot prove or disprove that fact because our email vendor, USA.net, will not help us resolve the problems.