This post is old. the information is not kept up-to-date. for the current best-practice, including how to disable sslv2, please see this post

This is something that comes up all the time when clients are having PCI compliance scans done on their servers, or when checking your score on ssl labs

Disable sslv2, sslv3

qmail, by default, allows SSLv2 to be used.