After looking at the date this was posted, this is old news... but the way I understand that is the port of the "first ip" will change because that is the end-users computer that is connecting to your mail server, it will use whatever port it knows is not in use to open the connection from its side, the port will not change on the destination device... looks like u are using secure login (443) and imap (143). I take it that you editted the src-mac address to read all 0's, otherwise these are fake mac-addresses, which is prolly why they are getting tagged as invalid. If they were real mac's then maybe a firmware issue was causing your slow responses... could also be a number of issues, with the computers in question.
Invalid packet is packet that does not belong to any already established connection (no entry in connection tracking) and is not syn packet that establishes new connection.
What I get from this is a packet that has no place being sent to your server in any form or fashion, I could be wrong, but I see dropping invalid connection-state packets something that could always be implemented without ill-effects... Can I get a response on this thought please...