This is something that comes up all the time when clients are having PCI compliance scans done on their servers – qmail, by default, allows SSLv2 to be used.

To disable it is very easy.  Edit or create /var/qmail/control/tlsserverciphers and add the following line to it:


Now restart qmail, and you’re done!