The problem with "reputation based" lists is that they often use undisclosed and rather fuzzy criteria. And because they monitor behaviour over longer timespans, it tends to take a while before you're automatically delisted.
In addition to everything mentioned above, it helps to look into the DNS configuration for your domain:
- For some email systems, your mail is less likely to be classified as spam if the reverse lookup of your IP (i.e. 184.108.40.206) resolves to somewhere in your domain. Since the mailserver hosts multiple domains, this one is not possible.
- For some email systems, your mail is less likely to be classified as spam if there is an A or MX record for the IP of your server (i.e. 220.127.116.11) in your domain.
- Almost everyone uses SPF. Make sure to add an SPF record to your domain listing the sending server (i.e. 18.104.22.168) as a valid origin for mail from your domain.
All of this will help make legitimate mail from your domain seem more credible.
Obviously, you'd do well to also prevent future abuse. Implementing rate limits, requiring authentication for SMTP connections and limiting sending of emails to just those using email addresses in your domain should help a great deal.
Qmail can't do this (well, I can't do it with qmail and the net is full of people who have tried and failed) and it's not actively maintained.
I would recommend that you look at replacing it with postfix. Not because it's perfect, but it's pretty easy to configure and does support all of the above through a simple configuration options.