According to RFC 5652 - section 6.2.1:
a recipient X.509 version 3 certificate that contains a key usage
extension MUST assert the keyEncipherment bit
Please, check the
Key Usage of your certificate. It should contain:
Key Encipherment (20)
Also, the mentioned OID
18.104.22.168.4.1.22177.300.1.1.4 does not refer to
Email protection, it refers to "Global security levels". The correct OID for
Email protection is 22.214.171.124.126.96.36.199.4 (defined by RFC 5280 - section 188.8.131.52).
Key usage check can be disabled by setting:
mail.Settings.SkipCertificateUsageCheck = true;
However, it is not suggested, because the produced message will be inconsistent with RFC and some mail readers can fail to decrypt (or validate the signature of) the message due to the wrong key usage.
Correct solution is to use valid certificate intended for this use.