1. First thing you need to do is remove catchall email for your domain. Please create proper email accounts and forwarders only, instead of using catch-all default address and setup the Default Address to “:fail:” (without quotes). You can do this from your control panel.
Otherwise you will receive a very large number of junk, worms and virus and are open for dictionary attack on your domain. What is dictionary attack? Spammers send millions of emails to your domain by generating random usernames@yourdomain.com. By setting up catchall you are opening the door to the attack. Catchall is a bad idea these days as it opens your domain for dictionary attack. You should create email accounts or email forwarders (alias) only for the required address. Secondly computer worms/virus also use dictionary attack to propagate.
2. Activate SpamAssassin from your control panel. Also if you activate SpamBox, regularly check it and clear it.
3. You will need to customize spamassassin for your usage and this will be an ongoing struggle.