I found that using the "blacklist_to" token works as a solution for a transition period away from a catchall account.
I have added those known aliases to the account, kept the catchall turn on, and added (over a period of time) spam addresses (those created by spammers, never created by me) to the blacklist_to.
For example, I've added a list of spam addresses to /opt/zimbra/conf/salocal.cf.in:
Code:
blacklist_to taj@example.com
blacklist_to pren@example.com
blacklist_to service@example.com
...etc...
Instructions are in the wiki.
Note: Spammers conjured up those fake addresses (where example.com is replaced with my domain). The catchall account received spam with those addresses in the TO: or CC: field. I've found thousands of spams sent to the same (so far) 52 addresses.
So, the transition solution for getting away from a catchall account might go this way:
1. Migrate mail server to Zimbra, including the catchall account. (This all came about because I had a catchall on the previous mail server.)
2. Add all known aliases to the catchall, while leaving the catchall left on.
3. Over a period of time (I'm going for a few months), continue to add other good aliases to the catchall and add annoying spam emails to the blacklist_to token.
4. Finally,
turn off the catchall and remove the blacklist_to in the /opt/zimbra/conf/salocal.cf.in.
This solution maybe helpful for those with smaller sites. Hope this is helpful for someone.
Bugzilla
Wiki
Source
blacklist_to 
Linear Mode
