Why isn't mail sending to local users?

Hello,

Trying to make Postfix do as it should. :) I currently finished setting up Postfix to send through Amazon Simple Email Service. Now I have the following questions.

1. Am I using all the correct parameters to ensure mail delivery is always successful? Is there any parameters I should remove? Specifically focusing on the default SSL parems. Not sure if all are required, if I need to add some, or remove some.
2. Whenever a user sends mail, it now sends through the domain. For example user1@domain.com. This fails because it should be sending internally to the server. I have a unique host name, so it should be user1@app1. How should I adjust my config file to make this work or is there another file I should use?
3. I have parameters set such as mydomain, myorigin, etc. Are these all set correctly for sending outbound from @domain.com? I want some users to be able to send to an external email address through SES and other users to send mail internally to /var/mail/username.

Here is the main.conf file.

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
myorigin = domain.com

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = domain.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = domain.com
mydestination = $myhostname localhost.$mydomain localhost
relayhost = 127.0.0.1:2525
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = may
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
home_mailbox = Maildir/
virtual_alias_maps = hash:/etc/postfix/virtual
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

If it helps, this is the article I used to set up the SES integration. http://docs.aws.amazon.com/ses/latest/DeveloperGuide/postfix.html

Running Ubuntu 16.04 on Nginx.

Thanks for any help.