diff --git a/lib/email/receiver.rb b/lib/email/receiver.rb
index c45eddd7352..084f70962d8 100644
--- a/lib/email/receiver.rb
+++ b/lib/email/receiver.rb
@@ -994,6 +994,7 @@ module Email
          end
         raise TooShortPost
       end
+
       raise InvalidPost, errors.join("\n") if result.errors.any?
 
       if result.post
diff --git a/lib/new_post_manager.rb b/lib/new_post_manager.rb
index 6fe08f93c41..a77082cdc20 100644
--- a/lib/new_post_manager.rb
+++ b/lib/new_post_manager.rb
@@ -104,14 +104,12 @@ class NewPostManager
       post = Post.new(raw: manager.args[:raw])
       post.user = manager.user
       validator.validate(post)
+
       if post.errors[:raw].present?
         result = NewPostResult.new(:created_post, false)
         result.errors[:base] << post.errors[:raw]
         return result
-      end
-
-      # Can the user create the post in the first place?
-      if manager.args[:topic_id]
+      elsif manager.args[:topic_id]
         topic = Topic.unscoped.where(id: manager.args[:topic_id]).first
 
         unless manager.user.guardian.can_create_post_on_topic?(topic)
@@ -119,6 +117,14 @@ class NewPostManager
           result.errors[:base] << I18n.t(:topic_not_found)
           return result
         end
+      elsif manager.args[:category]
+        category = Category.find_by(id: manager.args[:category])
+
+        unless manager.user.guardian.can_create_topic_on_category?(category)
+          result = NewPostResult.new(:created_post, false)
+          result.errors[:base] << I18n.t("js.errors.reasons.forbidden")
+          return result
+        end
       end
 
       result = manager.enqueue('default')
diff --git a/spec/components/email/receiver_spec.rb b/spec/components/email/receiver_spec.rb
index a3503301ff1..705791aacb7 100644
--- a/spec/components/email/receiver_spec.rb
+++ b/spec/components/email/receiver_spec.rb
@@ -825,7 +825,7 @@ describe Email::Receiver do
 
       Group.refresh_automatic_group!(:trust_level_4)
 
-      expect { process(:tl3_user) }.to_not change(Topic, :count)
+      expect { process(:tl3_user) }.to raise_error(Email::Receiver::InvalidPost)
       expect { process(:tl4_user) }.to change(Topic, :count)
     end
 
diff --git a/spec/components/new_post_manager_spec.rb b/spec/components/new_post_manager_spec.rb
index 347adbb132a..094ed175c45 100644
--- a/spec/components/new_post_manager_spec.rb
+++ b/spec/components/new_post_manager_spec.rb
@@ -104,6 +104,24 @@ describe NewPostManager do
       end
     end
 
+    context 'with a high approval post count and secure category' do
+      it 'does not create topic' do
+        SiteSetting.approve_post_count = 100
+        user = Fabricate(:user)
+        category_group = Fabricate(:category_group, permission_type: 2)
+        group_user = Fabricate(:group_user, group: category_group.group, user_id: user.id)
+
+        manager = NewPostManager.new(
+          user,
+          raw: 'this is a new topic',
+          title: "Let's start a new topic!",
+          category: category_group.category_id
+        )
+
+        expect(manager.perform.errors["base"][0]).to eq(I18n.t("js.errors.reasons.forbidden"))
+      end
+    end
+
     context 'with a high trust level setting' do
       before do
         SiteSetting.approve_unless_trust_level = 4