These modifications that would affect message signatures happen in many places.
I was having a hell of a time picturing someone manually inserting malicious headers into emails via MITM attacks...
FYI, S/MIME signatures do NOT sign the email headers. For example, you can alter the "Subject" header of a valid signed message you got from somewhere else, then bounce it off to a different recipient (ie. send as if from that same person), and the recipient will see a valid signature on the message with an altered subject line. The signature is on the message body only (more specifically, it's on a mime part and everything below that, so you can forward a signed message, add your message in a new part above it, and sign the combined message with your cert while the forwarded message will retain the original and valid sig).
Here's an example of an MS Exchange bug: https://premier.microsoft.com/...
Issue Definition: Edge Transport Server mangles S/MIME encrypted payloads
That one affected their IMAP adapter. Viewing the message in MS Outlook via the Exchange protocol, the signature was valid. Viewing the same message in MS Outlook (same client) via the IMAP protocol showed an invalid signature. Their description is flawed.. it was not related to encryption, but just a message signature, which was also unrelated, as it's really just a means to detect the alteration of the message.
You won't be able to view that bug unless you have a premier account with microsoft, but if you search for it via google you'll find a little more info (mostly an email I sent to the alpine list).
This was not the only issue like this. Prior to this, similar symptoms were seen, but it was then solved by adding "SkipDigitalSignedMessageFromAttachmentFilterAgent" key to the edgetransport exchange config.
Note, these two examples don't even have anything to do with systems in transit. It's just the last hop delivery to the user, and the problem is seen via MS clients to MS servers (and also seen from other clients).
Your example of an email account that gets loads of email, especially phishing emails, and you've never seen any altered messages... how would you know? How many of those have S/MIME signatures? I've never seen a single spam/phishing email that had a valid S/MIME signature. Your example would have to be turned on its head to be valid... you'd have to be receiving a lot of legitimate and valid signed messages with no bad signature validations (or sending a LOT of signed messages, and never hearing anyone complain... but then that's quite subjective cause most people don't pay any attention to the warnings).
All it takes to ruin a cryptographic signature is adding an extra linefeed between a Text/PLAIN part and the corresponding Text/HTML part, and you'd never notice that if the message didn't have a crypto sig or you weren't checking it. IE. without a sig, you don't know that the messages you think are legit weren't tampered with (on purpose, or accidentally).