I'd like to run a second GWIA on my server to only service IMAP and SMTP over SSL and on a secondary IP address (so that I can force my users to use SSL connections with their IMAP clients and not risk plain text passwords).

(My primary SMTP GWIA is not visible from the Internet and I relay all mail to and from through a Spam appliance)

Is this possible?

Is this the best practice or is there a better way to do this?