I have not done this myself, but here are some thoughts.
You will either need to whitelist the ip address and use a username/password approach, or use a certificate. I’m not sure which of these would explain intermittent delivery, but if your passbolt host is not on a fixed ip address and it’s ip address changes and then does not qualify under the whitelisting, maybe this is why.
The use of a certificate is more difficult as I believe passbolt does not have this option documented for use (and it will likely require some modification of your config files), but you would maybe be looking to do something like this (stackoverflow) which addresses the connection itself, versus the encryption of the message content.
'ssl' => [
'verify_peer' => true,
'local_cert' => '/path/to/client_cert_and_key.pem'
The certificate is created on the M365 side of things, and installed for use on the passbolt host. Again, just thoughts based on your details provided. This would go under
'EmailTransport' => [
'default' => [