We have a hosted exchange platform running exchange 2010 and 2013 and need to solve a security flaw with emails delivering locally for domains locally hosted.
We have resellers who have web access to a Citrix portal to provision their clients domain, users, distribution groups, forwarding and including the ability to switch the domain between 1. Authoritative, 2. Internal Relay, 3. External Relay.
This opens up the system for abuse as a reseller could easily create a verywellknowndomain.com as Authoritative and intercept mail being sent from other users on the same platform. Ideally we need the Exchange to use MX records to find the delivery route or have the ability to force all internal mail through a smarthost and bypass the local delivery system in Excahnge.
Does anyone know if there is a transport rule that can be changed or even if there is a 3rd party application that can run alongside exchange?