Except solutions provided by michev, there is another workaround for you.
Do you mean you want to set that DG can only receive messages from internal users and the application server?
If so, we can create a mail flow rule to block external messages sent to this DG, except the sender address used by your application. However, please pay attention that, if an external message sent to this DG and other internal users are added as recipients, other internal users won't receive this message as well.
You can create the rule like this:
Apply this rule if "the sender is outside the organization" and "The message To or Cc box contains DG", reject the message and include an explanation. Except the sender is the application address.
If the response is helpful, please click "Accept Answer" and upvote it.