Firewall - ACK, RST and Dmitry on firewalling

I’ve implemented firewall based on - Dmitry on firewalling, with few minor adaptations and changes.

http://wiki.mikrotik.com/wiki/Dmitry_on_firewalling

Customer changed mail server (web hosted) and couldn’t receive mails. POP3 protocol. I’ve found out that packed were dropped on the rule that prevents RST attacks:

add chain=sanity-check protocol=tcp tcp-flags=rst action=jump jump-target=drop comment="Drop TCP RST"

This is entry in the log:

firewall,info Drop TCP RST sanity-check: in:LAN(eth1) out:WAN(eth5), proto TCP (ACK,RST), xxxx.xxxx.xxx.xxxx:50373->xxxx.xxxx.xxxx.xxx:110, len 40

So ACK and RST flags were set in the packet and this rule in sanity check drops every packet with set RST flag.
So I changed the rule like this

add action=jump chain=sanity-check comment="Drop TCP RST" jump-target=drop \
    port=!110 protocol=tcp tcp-flags=rst

So now the rule drops packets with RST flag set, but not for packets with tcp port 110.

Is this OK or the network is now more vunerable? Should I do things differently?

OK, I edited rule a little bit and put it like this:

add chain=sanity-check protocol=tcp tcp-flags=!fin,!syn,rst,!psh,!ack,!urg action=jump jump-target=drop comment="Drop TCP RST"

This way it drops packets with only RST flag set, if it is in combination with ACK (I put the others also, to be sure, even though I think only ACK would be enough) it will not drop it.
I think this was the basic idea of this rule from Dmitry.

One other question, is ACK,RST valid combination of flags?