For the first one, there's not much you can do, really. Someone sends a mail to a non existant email address on your domain, and the catchall catches it and sends it to you, so what you can do is change the catchall so that it deletes everything it catches, or disable it. At any rate, you can't prevent people from sending to random names @ aiyon.
For the second one, there's the same aspect of receiving it because the catchall does its job, so see above, and the second aspect is that someone used a bogus address to send a mail in the first place, which you can't prevent either.