You have a newly configured setup for DLP Cloud Service for Email, which is integrated with O365, in Reflecting mode:

Email Client => O365 => DLP Cloud Service for Email => O365

However, emails are being rejected with 550 "Relay Access Denied" errors, and the errors seem to come from DLP.

The error may state one of the following:

"550 5.7.64 TenantAttribution; Relay Access Denied"

It's possibly due to the configuration of the Connectors.

Check the configuration of both the "Outbound to DLP" and "Inbound from DLP" Connectors in O365 Admin Portal.

The DLP documentation for the Cloud Service for Email implementation suggests that these connectors should be configured as the following types in O365:

Note that the Inbound Connector should NOT be "Partner" but the Outbound one should be.

If the Inbound Connector is not set as "Your organization's email service" but was configured as a "Partner" instead this could be the problem.

Set the Inbound Connector to "Your organization's email service" and wait for the changes to cascade throughout the hosted email services (~30 minutes), then retest.

For the latest information on this topic please refer to the product documentation: 

16.0.1 - Symantec Cloud Service for Email Implementation overview

16.0.0 - Symantec Cloud Service for Email Implementation overview

15.8 - Symantec Cloud Service for Email Implementation overview

Data Loss Prevention Cloud Service for Email Implementation Guide

For more information about the settings in the last column of the table above, see this Microsoft doc defining the configuration parameters for Connectors in Exchange Online: New-OutboundConnector (ExchangePowerShell) | Microsoft Docs