First, there is a difference between forwarding and relaying. True auto-forwarding occurs within the Exchange server. A client could also do forwarding -- which of course happens all the time when Outlook users click the 'Forward' button, and maybe Outlook rules can do it too -- but that's happening via MAPI, not SMTP. Relaying occurs (or is blocked) for data that comes in on an SMTP connection made by an external client or server. So I don't believe for one minute that enabling relays on Exchange has anything to do with enabling auto-forwarding.
Secondly, I'm not an Exchange admin, but I also don't believe it's true that relaying is an all or nothing situation on any version of Exchange that's less than a decade old. This article (http://exchangepedia.com/2007/01/exchange-server-2007-how-to-allow-relaying.html) certainly says otherwise. Right up near the top it shows that anonymous relay permission on Exchange 2003 can be granted to an individual IP address. Reading farther down, it appears that Exchange 2007 and 2010 can do the same (and more) through configuration of custom 'RelayConnector' for a specific IP address. So despite my lack of Exchange credentials, it seems to me that Exchange clearly supports the ability to do exactly what you need, and quite safely. I.e., if done correctly, no user (or intruder) on your network will have any right to do an anonymous relay unless they set themselves up with the same IP address as your Domino server -- and your network's firewalls and intrusion detection mechanisms ought to be able to deal with that. (And BTW: if that's not sufficient to convince your Exchange admins, remind them that the threat is no different than someone coming in and setting up a device with the same IP address as their Exchange servers!)
Now, of course the leap of faith that your Exchange administrator might not be willing to make is that your Domino server itself is secured against abuse by external and internal users, but (assuming some level of rationality on their part) that's a clearly winnable argument.
Domino to Exchange to Internet not ... (Doug Finner 30.Mar.12)
Feedback response number WEBB8SYTSU created by Rich Schwartz on 04/02/2012
. . Domino supports STARTTLS (Rich Schwartz 30.Mar.12)
. . . . And The Schwartz scores again! (Doug Finner 2.Apr.12)
. . . . Follow up (Doug Finner 2.Apr.12)
. . . . . . A few points (Rich Schwartz 2.Apr.12)
. . . . . . . . Awesome response (Doug Finner 3.Apr.12)