Use default SSL context
sendmail does not define an SSL context for SSL or STARTTLS so it is using the default stdlib which does not verify the certificate. We should use the default ssl context which is a good balance for the verification. ldap3 also by default does not verify neither the certificate for SSL connection by default. We should force the validation also by loading the default certs.