From what I've noticed, Zentyal automates backups using
duplicity commands (under the web interface).
Another thing to check, regarding your email blacklist issue, see if you are some how allowing your Zentyal server to act as an smtp smart-host for other machines on your network.
I don't know how to check this in Zentyal yet, but in IIS SMTP, it can be set as a smart host in a way where authentication is not required for a workstation (or device) to pass emails through this IIS SMTP. In this case, if an infected workstation locates this open smtp server, it can send spam through it ultimately getting your ip blacklisted.
Again, I never give my email server the same public IP as the workstations use through NAT. That way, if some virus installs a rough email server onto a workstation, the spam is sent from a different IP than the official email server. If that IP gets blacklisted it has no effect on the email server's public IP.
Additionally, in the firewall, I block port 25 outbound for all machines except the email server.
Even after all this, you still need to locate the source of the spam that has gotten your IP blacklisted, so that you may prevent that source from using resources unnecessarily.