What's wrong with this outgoing iptables firewall?

I have a mail server that I would like to protect, allowing only OUTBOUND connections in the different ports that it uses. The entry rules are working well, they are managed by the VM host.

I have not been able to find out much about this and, although the script below almost works, you are deleting packages, for example, here for port 993:

March 25 16:08:11 kernel lorina: [200590.714226] IPTables-Dropped: IN = OUT = ens18 SRC =[local IP here] DST =[remote IP here] LEN = 148 TOS = 0x00 PREC = 0x00 TTL = 64 ID = 37253 DF PROTO = TCP SPT = 993 DPT = 14826 WINDOW = 243 RES = 0x00 ACK PSH END URGP = 0

Here is the script. Note that ens19 is the LAN interface (which I would like to keep open) and ens18 is the WAN.

iptables -A OUTPUT -or what -p all -j ACCEPT
iptables -A OUTPUT -o ens19 -p all -j ACCEPT
iptables -A OUTPUT -p icmp -j ACCEPT
iptables -A OUTPUT -m conntrack - RELATED, ESTABLISHED state -j ACCEPT
iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -A OUTPUT -p udp -m owner --uid-owner systemd-timesync -j ACCEPT

ip6tables -A OUTPUT -or -p everything -j ACCEPT
ip6tables -A OUTPUT -p icmpv6 -j ACCEPT
ip6tables -A OUTPUT -m conntrack - related state RELATED, ESTABLISHED -j ACCEPT
ip6tables -A OUTPUT -p tcp --dport 53 -j ACCEPT
ip6tables -A OUTPUT -p udp --dport 53 -j ACCEPT
ip6tables -A OUTPUT -p udp -m owner --uid-owner systemd-timesync -j ACCEPT

while reading h; do
ip6tables -A OUTPUT -m conntrack --ctstate NEW -d $ h -j ACCEPT &> / dev / null
iptables -A OUTPUT -m conntrack --ctstate NEW -d $ h -j ACCEPT
done </usr/local/etc/hosts-to-allow.list

while reading p; do
ip6tables -A OUTPUT -m conntrack --ctstate NEW -p tcp --dport $ p -j ACCEPT
iptables -A OUTPUT -m conntrack --ctstate NEW -p tcp --dport $ p -j ACCEPT
done </usr/local/etc/ports-to-allow.list

ip6tables -A OUTPUT -or ens18 -j REGISTRATION
ip6tables -A LOGGING -m limit --limit 2 / min -j LOG --log-prefix "IPTables-Dropped:" --log-level 4
iptables -A OUTPUT -o ens18 -j REGISTRATION
iptables -A LOGGING -m limit --limit 2 / min -j LOG --log-prefix "IPTables-Dropped:" --log-level 4

iptables -A OUTPUT -o ens18 -j REJECT
ip6tables -A OUTPUT -o ens18 -j REJECT