I asked a friend who has been in the business of email administration for large corporations for quite a while how to test your mail system for a man-in-the-middle attack.
His answer was another catch 22 for these problems which leaves you stranded and once again proves why they are so successful - and could be happening on your mail or web system right now.
Basically, to find a man-in-the-middle attack you have to try out the hack on the server you are trying to test. The caveat is, if your server is already hacked the test might NOT work...
And basically he summed it up saying that's why there's so many security folks out there that help people test for this kind of thing.
I still don't know exactly how to test this on a mail system...have to keep researching...