Hi
Yeap, taht's what I'm doing to do, except that I would have to proxy more than just IMAP and POP - it's a one-does-it-all kind of machine accepting mail delivered from the outside, relaying outgoing mail, does webmail, does all this things very poorly... I have the choice of forcing all users to change to the new, dedicated servers doing these things, or reimplementing / porxying all of this on my new dovecot server which I so desperately want to keep neat and tidy...
In that case I would suggest perhaps that the IP is taken over by a dedicated firewall box (running the OS of your choice). The firewall could then be used to port forward the services to the individual machines responsible for each service. This would give you the benefit that you could easily move other services off/around
We are clearly off topic to dovecot...
Plenty of good firewall options. If you want small, compact and low power, then you can pickup a bunch off intel compatible boards around the low couple hundred £s mark fairly easily. Run your favourite distro and firewall on them. If you hadn't seen them before, I quite like Lanner for appliances, eg: http://www.lannerinc.com/x86_Network_Appliances/x86_Desktop_Appliances
For example if you added a small appliance running linux which runs that IP, then you could add intrusion detection, bounce the web traffic to the windows box (or even just certain URLs, other URLs could go to some hypothetical linux box, etc), port forwarding the mail to the new dovecot box, etc, etc. Incremental price would be surprisingly low, but lots of extra flexibility?
Just a thought
Good luck
Ed W