I have virtual private server at Godaddy and have around 40 client websites. I usually check the number of emails sent every 3 or 4 days through my Godaddy server management page and saw that around 2000 emails were sent in a single day at the beginning of April. I didn't think too much of it since i had a few clients that have 1000+ subscribers and send weekly bulk emails. But at the end of April, i saw that 3,000 emails were sent per day for 3 days straight and after that my outgoing emails from all domains hosted on my server get a rejection message like this.

Diagnostic-Code: smtp; 552 5.2.0 yCafawAbxDeCR :DED: Access to this mail system has been blocked for xx.xx.xx.xx due to spam activity. Spam was seen coming from this IP, and possibly other scripts running on it. For help resolving the issue, see http://x.co/spamclean. Once the compromise has been cleaned, please contact customer support to remove the block.

Obviously the xx.xx.xx.xx is my server's IP and as you can guess, my outgoing emails aren't even delivered. I found the user and i immediately suspended the them and after a day or two, i checked my ip on a lot of websites such as mxtoolbox and spamhaus.org and they say i'm not blacklisted. I even sent a test email to ping@tools.mxtoolbox.com and got the above rejection email.

So here are some of my questions.

1. Where is my IP blacklisted
2. What is the next step to get my IP off the blacklist
3. Do the spamhaus.org and mxtoolbox.com tests actually work
4. Should i rent a new server and move all my websites to that one. Would that even help?
5. For the future, is there a way of getting a notification when the number of outgoing emails from my server reaches a certain number.
6. Is there a way to check which file actually sent the emails. I know there is a way to do that for emails that are currently on queue. Get the message ID and using that ID exim can tell you the actual script that's sending emails. But what about emails that have already been sent and aren't on the mail queue.

Thanks