To meet the requirements for setting up connectors between Exchange Online and my own Exchange servers I need to open port 25 in my firewall and accept connections from all IP Office 365 adresses.
See point 5 and 6 in this article:
https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/use-connectors-to-configure-mail...

That means that anyone with an Exchange Online tenant is able to setup a connector to my endpoint and deliver messages to my organization since they all come from these IP adresses. That allows them to bypass all my security methods such as antispam etc. What can I do to only accept messages coming from my tenant?