Catchalls can be potentially dangerous for a server's reputation, particularly in the case where a user sets a catchall account that forwards mail to an external account. To the receiving servers this looks like you are the source of the spam, and has gotten our older servers blacklisted more than once. It generally does not become an issue until you have a few domains doing it [about 10 or more seems to do the trick] to a mail provider like Yahoo that maintain their own lists.
This patch allows you to select what level of administrative privileges are required in order to create a catchall account, as well as disable them entirely. Changes made to the following files: