Concerning your NAT/PAT questions, you have two options. One is a full NAT translation which you already have configured. When you do that, you need an ACL to permit what you want and deny everything else. You can also do a port translation. For example,
static (dmz,outside) tcp 35.215.2.16 80192.168.0.1 80 netmask 255.255.255.255
That will translate port 80 only. You still should create an ACL to restrict traffic to 80, but since there are no translations for the other ports, they will fail. Your ACL for 80 and 5067 looks OK. Also your outbound (80 & 25) looks good.
Hope that helps.