I make use of the SPF features of SA, but I've not adjusted any of the
scores.

Why, or to what end, would you want to adjust the scores?

Because if there is a DNS failure, SA triggers SPF_SOFTFAIL, which has a
very high score higher then HARD_FAIL in face!)

So, SPF_SOFTFAIL either needs to be scored LOW, or (even if the RFC's
say a DNS failure is a SOFT_FAIL) I am tired of explaining to users that
get email from AOL and their buggy, overloaded DNS servers.

(yes, I looked up the ip address and pulled a txt record from aol, and
yes, the ips are in the range, and yes, I have gotten SPF_SOFTFAIL from
domains without any spf records)

So, score SPF_HARDFAIL* high enough to be at least half your score, and
drop SPF_SOFTFAIL to only about 20% of your score.

Ie: if you are looking for a 6 to be marked 'spam', set HARD to 3, set
soft to 1.5.

Also, logically, why is spt_helo_fail a 0, and softfail 2+? And FAIL
lower then SOFTFAIL,
I know the tests seem to indicate that spammers are using spf records
:-( but logically, it doesn't make sense (especially in the light of
the rfc's that say a legitimate email, with a server with valid spf
records with a slow or overloaded dns server on their end or YOUR end
should be marked as a SPF_SOFTFAIL)

50_scores.cf:score SPF_PASS -0.001
50_scores.cf:score SPF_HELO_PASS -0.001
50_scores.cf:score SPF_FAIL 0 1.333 0 1.142
50_scores.cf:score SPF_HELO_FAIL 0
50_scores.cf:score SPF_HELO_NEUTRAL 0
50_scores.cf:score SPF_HELO_SOFTFAIL 0 2.078 0 2.432
50_scores.cf:score SPF_NEUTRAL 0 1.379 0 1.069
50_scores.cf:score SPF_SOFTFAIL 0 1.470 0 1.384

local.cf:
SPF_HELO_SOFTFAIL 1.2
SPF_FAIL 3

If your score is 5:
1 and 2.5

Or if you have slow dns servers, set soft to .5 or 0.