I have came across this issue quite a lot recently , where an external user is unable to send a mail to a specific users mailbox inside your exchange environment.
The first thing i did was check the anti-spam agents on the Edge Server and there was nothing denying a specific external user in any of the filters and as it was only one specific user inside the whole internal organisation who couldn’t receive mail from the external sender i turned my intentions elsewhere.
I then explored the avenue of Safelist aggregation. Safelist aggregation basically gets information out of a users Mailbox of the Safe Recipients Lists, Safe Senders Lists, Blocked Senders Lists and contact data and passes this information onto the anti-spam agents on the edge server.
The user then checked there blocked senders in outlook to find the external users email address stored in there, so they just took this out and the “554 5.1.0 Sender denied” NDR for the external user disappeared and the user received the mail