Hey im not good at this either but i'll give it a try....

destination port is 1024:65535 and source port is 25, Accept.
Doesn't that mean that they can access through any port between 1024 and 65535 as long as the request come from port 25 ... doesnt that still expose yo to risk, since they can exploit port 25 and you give them access to every port 1024:65535...?

If someone can explain this better, im curious to ! Shouldnt you just allow port 25 to make connections if it is a mail server ?