ISP has man in the middle STARTTLS SMTP monitoring and blocks 2465 2587 ports to amazon. Any other options?

We're looking to use Amazon SES for our outbound mail since our current datacenter has implemented SMTP traffic inspection (man-in-the-middle) breaking confidentiality on all SMTP connectivity originating from our servers. This shows as a nasty "red padlock" on Gmail.com for example.

Our servers are Linux EXIM (cPanel) and I am following these instructions:

• https://docs.aws.amazon.com/ses/latest/dg/smtp-connect.html

Telnet tests from datacenter to email-smtp.us-east-2.amazonaws.com fail on port 465, 2465, 2587.

While port 25 and 587 do succeed, I am aware of how STARTLS works and so its highly likely the datacenter will continue to break TLS encryption to monitor outbound mails.

Does Amazon SES offer any alternatives to avoid this issue; such as an unpublished port that is not found in the documentation that can alternative be used? or perhaps a way to connect to an VPN tunnel only for SMTP traffic connections that are always encrypted? (TLS wrapper was supposed to do this but datacenter seems to block it)