Hey Rob,
I am generally interested in this, but I do not follow entirely where this is going wrong.
So you want IPFire to not forward those TCP connections just yet, but rather have it establish it first and then forward it to the internal mail server. Makes sense.
Did you run these commands exactly like this? IPFire has many things in those INPUT/PREROUTING chains which should always be processed first.
The last command is just a port forwarding rule (or half of it).