How easy is it to sniff the SMTP port of webserver to capture mails

Question

I've got a very basic question that I don't know the answer for.

Our company owns a webserver that runs multiple websites and works as a mail server for these websites as well (e.g. to send contact form mails). How easy is it to sniff the SMTP port of this server and capture mails sent by these websites?

The reason I'm asking is that a visitor of one of our websites, sent a mail about a certain product through the contact page to us. 5 Days later, he received a 'reply' from a Chinese dealer, mentioning he can deliver him a product close to what our customer described in the mail sent to us.

I'm aware of Chinese salers trying to hard sell their products by mailing you with product information, related to your sector found on the internet. But this time, the product information was so close to what our customer originally described in his mail to us, that it got me thinking.

Is it a coincidence or is it possible that our server is being sniffed for outgoing mail, in order to capture these mails and commercially react on them? What can be done about it?

We use Windows Server 2003 with IIS6 to send mails, default settings.

Thanks in advance.

Answer 1

If I'm your ISP or hosting company, it's really easy. If I've compromised your ISP or hosting company, it's really easy. If I've compromised your server, I don't even have to sniff the traffic - I own you.

Your visitor could also have a virus on his machine. The chinese company could own or have compromised a search engine or ad service that lets them know this visitor is looking for your type of product.