This shouldn't be too difficult using transport rules.
Am on Exchange 2007 but process is extremely similar...
Restricting outbound internet mail for some users
Create a Distribution Group and add the recipients you want to prevent from sending internet email as members of the group.
Create a Transport Rule
1) Fire up Exchange console | Organization Configuration | Hub Transport | Transport Rules tab | click New Transport Rule
2) Enter a name for the rule – e.g. Rule-NoInternetMail
3) On the Conditions page, select “From a member of a distribution list“
4) In the rule description, click the link for distribution list (underlined)
5) Click Add | Select the distribution list “DG-NoInternetMail”
6) Under Conditions, select a second condition “Sent to users inside or outside the organization“
7) In the rule description, click Inside (underlined) | change scope to Outside
8) Click Next
9) On the Actions page, select “send bounce message to sender with enhanced status code“
10) If you want to modify the text of the bounced message (optional): In the description, click “Delivery not authorized, message refused” | enter new message text
11) Click Next | verify the rule conditions and action in the summary
12) Click New | click Finish
Restricting inbound internet mail for some users
Using the Exchange console:
Expand Recipient Configuration > select recipient > recipient Properties | Mail Flow Settings page | Message Delivery Restrictions | Properties
Select “require that senders are authenticated“
(source: http://exchangepedia.com/2007/07/how-to-prevent-a-user-from-sending-and-receiving-internet-mail.html)
Best Answer
I would take a look at: Understanding Multi-Mailbox Search