Also issue commands:
Q NETWORKER FOR userid@node
for additional possible clues.
Have them CC: you when they attempt to post to the list. Look at all
RFC822 headers. See if they have a SENDER: address different from their
FROM: This is sometimes problematic esp. on "controlled" lists.
What does the LISTSERV log say about these attempted posts?