I would need to see the ehaders, but I send email from a postfix relay with a valid return on my Office 365 server to other Office 365 users all the time and nothing is junked.
The only thing I did was to add the WAN IP of the location with the Postfix server as a new connector trusted by IP.
Very similar to what you mention here, I think this is it - https://support.e2ma.net/Resource_Center/Account_how-to/how-to-whitelist-emma.
Not exactly. That is whitelisting entire IP blocks.