In our data center we have a requirement to enforce SMTP authentication for all outbound mail traffic.  When a client has their mail hosted at an outside service such as Google, we find it difficult to authenticate against them.  So we established a strategy as follows:

Initial assumptions:
 - Let's say we are talking about a site called mypcstore.com
 - Mail services for mypcstore.com are turned off locally (via the hosting control panel) since mail is hosted elsewhere.
 - DNS entries point correctly to wherever the mail is
 - mail for order confirmations is to be sent to orders@mypcstore.com 

So we do this:

 - create confirmations.mypcstore.com subdomain, activating mail services for that subdomain
 - create a locally hosted mail account mailto:orders@confirmations.mypcstore.com" rel="nofollow - orders@confirmations.mypcstore.com
 - configure mailto:orders@confirmations.mypcstore.com" rel="nofollow - orders@confirmations.mypcstore.com  to forward (and then delete from the local inbox) any mail that is received to that address.  The mail is forwarded to  mailto:orders@mypcstore.com" rel="nofollow - orders@mypcstore.com .
 - configure the store to use mailto:orders@confirmations.mypcstore.com" rel="nofollow - orders@confirmations.mypcstore.com  as the SMTP authentication

You could use a similar strategy.  Have the store send from the local server using such a strategy, while all other mail comes and goes via your exchange account.