This is something that comes up all the time when clients are having PCI compliance scans done on their servers – qmail, by default, allows SSLv2 to be used.

To disable it is very easy.  Edit or create /var/qmail/control/tlsserverciphers and add the following line to it:

ALL:!ADH:!LOW:!SSLv2:!EXP:+HIGH:+MEDIUM

Now restart qmail, and you’re done!