May I know if it is the best security practise to turn on all application for inspect under the Default Global inspection, or should the "any" option be chosen in place of the "default inspection" option instead?
Yes, that is what you should do.
Come up with a new name for the acl.
access-list inside-acl permit tcp ho x.x.x.x any eq 80
access-list inside-acl permit tcp ho y.y.y.y any eq 25
access-list inside-acl permit tcp any any eq 21
Once you finish the acl then apply it on the inside interface with this command below.
access-group inside-acl in int inside
Kent was right. You do have the same access-list applied on both inside and outside interfaces.
You can remove the acl applied on the inside interface. By default traffic from higher security is allowed to talk to the lower security without any acl in the PIX/ASA platform.
steps to remove the acl applied on the inside interface.
no access-group Firewall in interface inside
You can just leave the acl applied on the outside interface.