Globally Limit Total Number of TCP Connections with Iptables – How to Guide

can it be that you accept outgoing packets:

iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -p tcp --dport 465 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 587 -j ACCEPT

but your input policy is DROP and you dont accept packets that are responses to your queries? make sure your input chain contains [for performance benefits - as first instruction]:

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

?

when a client connect to a server, the client pickup a free tcp port it has between 1024 and 65535. On Linux/Unix, non root user can't pick up a port < 1024. Then it connect to a well known port, like 80 for http...

The report claims that it can reach destination port if the source port is specific (22 and 25 in your sample), but it can't if it use a random port (between 1024 and 65535 for example). Client normally use random port and so your rule shouldn't take into account the source port number

So one of your rule is bad, because it allows flows if the source port is specific, whereas it should only filter on the destination port, which is the only static part between the two.

I guess you miss created one of your rule by inadvertly exchanging source and destination value