email: the SMTP recipient server offers 5.0.0 service not available for some messages but not for others

I run a SMTP server Centmail 7 sendmail. For some addresses (a@myclient.com), a virtusertable entry causes my server to forward the messages addressed to that address to the client's ISP (charter.net) or gmail. This works for 80-90% of messages; but for other messages, charter.net or gmail reject the message with DSN 5.0.0 Service unavailable. Note that the DSN code is not 4.X.X, deferred, but 5.X.X, rejected. I suspect that this happens when the receiving server thinks that the message is spam, but sometimes it happens in legitimate emails from, for example, the client's counter. It seems more likely to happen when there is a file attached to the email.

Does anyone know for sure why this happens? What can I do to reduce the likelihood of a legitimate email being rejected? Could you help set up the SPF / DKIM / DMARC records for myclient.com? For the canonical name of my server (which sends in the EHLO records)? Can a server add a DKIM signature to the email that only forwards?

Thanks for your attention,
Move