This is something that comes up all the time when clients are having PCI compliance scans done on their servers – qmail, by default, allows SSLv2 to be used.
To disable it is very easy. Edit or create /var/qmail/control/tlsserverciphers and add the following line to it:
ALL:!ADH:!LOW:!SSLv2:!EXP:+HIGH:+MEDIUM
Now restart qmail, and you’re done!