You can disable SSLv2 in Courier by adding the following line to both /etc/courier-imap/imapd-ssl and /etc/courier-imap/pop3d-ssl:
TLS_CIPHER_LIST="HIGH:MEDIUM:!SSLv2:!LOW:!EXP:!aNULL:@STRENGTH"
After restarting Courier you should test with openssl to verify SSLv2 has been disabled properly:
openssl s_client -connect localhost:995 -ssl2
You can test that weak ciphers have been disabled with the following:
openssl s_client -connect localhost:995 -cipher EXP:LOW
