diff --git a/src/handle_publish.c b/src/handle_publish.c
index cbb6703e..877d1fda 100644
--- a/src/handle_publish.c
+++ b/src/handle_publish.c
@@ -357,20 +357,8 @@ process_bad_message:
 			if(context->protocol == mosq_p_mqtt5){
 				return send__pubrec(context, mid, reason_code);
 			}else{
-				db__message_store_find(context, mid, &stored);
-				if(!stored){
-					if(db__message_store(db, context, mid, NULL, qos, 0, NULL, false, &stored, 0, NULL, 0)){
-						return 1;
-					}
-					res = db__message_insert(db, context, mid, mosq_md_in, qos, false, stored, NULL);
-				}else{
-					res = 0;
-				}
-				if(!res){
-					res = send__pubrec(context, mid, 0);
-				}
+				return send__pubrec(context, mid, 0);
 			}
-			return res;
 	}
 	return 1;
 }
diff --git a/test/broker/09-plugin-auth-acl-pub.py b/test/broker/09-plugin-auth-acl-pub.py
new file mode 100755
index 00000000..1e5d07dc
--- /dev/null
+++ b/test/broker/09-plugin-auth-acl-pub.py
@@ -0,0 +1,68 @@
+#!/usr/bin/env python3
+
+# Bug specific test - if a QoS2 publish is denied, then we publish again with
+# the same mid to a topic that is allowed, does it work properly?
+
+from mosq_test_helper import *
+
+def write_config(filename, port):
+    with open(filename, 'w') as f:
+        f.write("port %d\n" % (port))
+        f.write("auth_plugin c/auth_plugin.so\n")
+        f.write("allow_anonymous false\n")
+
+port = mosq_test.get_port()
+conf_file = os.path.basename(__file__).replace('.py', '.conf')
+write_config(conf_file, port)
+
+rc = 1
+keepalive = 10
+connect1_packet = mosq_test.gen_connect("connect-uname-pwd-test", keepalive=keepalive, username="readwrite", clean_session=False)
+connack1_packet = mosq_test.gen_connack(rc=0)
+
+connect2_packet = mosq_test.gen_connect("connect-uname-pwd-test", keepalive=keepalive, username="readwrite", clean_session=False)
+connack2_packet = mosq_test.gen_connack(rc=0,flags=1)
+
+mid = 1
+subscribe_packet = mosq_test.gen_subscribe(mid, "readonly", 2)
+suback_packet = mosq_test.gen_suback(mid, 2)
+
+mid = 2
+publish1_packet = mosq_test.gen_publish("readonly", qos=2, mid=mid, payload="message")
+pubrec1_packet = mosq_test.gen_pubrec(mid)
+pubrel1_packet = mosq_test.gen_pubrel(mid)
+pubcomp1_packet = mosq_test.gen_pubcomp(mid)
+
+mid = 2
+publish2_packet = mosq_test.gen_publish("writeable", qos=1, mid=mid, payload="message")
+puback2_packet = mosq_test.gen_puback(mid)
+
+pingreq_packet = mosq_test.gen_pingreq()
+pingresp_packet = mosq_test.gen_pingresp()
+
+broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port)
+
+try:
+    sock = mosq_test.do_client_connect(connect1_packet, connack1_packet, timeout=20, port=port)
+
+    mosq_test.do_send_receive(sock, publish1_packet, pubrec1_packet, "pubrec1")
+    sock.close()
+
+    sock = mosq_test.do_client_connect(connect2_packet, connack2_packet, timeout=20, port=port)
+    mosq_test.do_send_receive(sock, publish2_packet, puback2_packet, "puback2")
+
+    mosq_test.do_send_receive(sock, pingreq_packet, pingresp_packet, "pingresp")
+
+    rc = 0
+
+    sock.close()
+finally:
+    os.remove(conf_file)
+    broker.terminate()
+    broker.wait()
+    (stdo, stde) = broker.communicate()
+    if rc:
+        print(stde.decode('utf-8'))
+
+
+exit(rc)
diff --git a/test/broker/Makefile b/test/broker/Makefile
index 1517517f..e5b3fbd4 100644
--- a/test/broker/Makefile
+++ b/test/broker/Makefile
@@ -169,6 +169,7 @@ endif
 	./09-extended-auth-multistep.py
 	./09-extended-auth-single.py
 	./09-extended-auth-unsupported.py
+	./09-plugin-auth-acl-pub.py
 	./09-plugin-auth-acl-sub-denied.py
 	./09-plugin-auth-acl-sub.py
 	./09-plugin-auth-context-params.py
diff --git a/test/broker/c/auth_plugin.c b/test/broker/c/auth_plugin.c
index 07796084..f99e8c7f 100644
--- a/test/broker/c/auth_plugin.c
+++ b/test/broker/c/auth_plugin.c
@@ -37,6 +37,15 @@ int mosquitto_auth_acl_check(void *user_data, int access, struct mosquitto *clie
 		return MOSQ_ERR_SUCCESS;
 	}else if(username && !strcmp(username, "readonly") && access == MOSQ_ACL_SUBSCRIBE &&!strchr(msg->topic, '#') && !strchr(msg->topic, '+')) {
 		return MOSQ_ERR_SUCCESS;
+	}else if(username && !strcmp(username, "readwrite")){
+		if((!strcmp(msg->topic, "readonly") && access == MOSQ_ACL_READ)
+				|| !strcmp(msg->topic, "writeable")){
+
+			return MOSQ_ERR_SUCCESS;
+		}else{
+			return MOSQ_ERR_ACL_DENIED;
+		}
+
 	}else{
 		return MOSQ_ERR_ACL_DENIED;
 	}
@@ -46,7 +55,7 @@ int mosquitto_auth_unpwd_check(void *user_data, struct mosquitto *client, const
 {
 	if(!strcmp(username, "test-username") && password && !strcmp(password, "cnwTICONIURW")){
 		return MOSQ_ERR_SUCCESS;
-	}else if(!strcmp(username, "readonly")){
+	}else if(!strcmp(username, "readonly") || !strcmp(username, "readwrite")){
 		return MOSQ_ERR_SUCCESS;
 	}else if(!strcmp(username, "test-username@v2")){
 		return MOSQ_ERR_PLUGIN_DEFER;
diff --git a/test/broker/test.py b/test/broker/test.py
index b25a2bb9..c43e50b5 100755
--- a/test/broker/test.py
+++ b/test/broker/test.py
@@ -139,6 +139,7 @@ tests = [
     (1, './09-extended-auth-multistep.py'),
     (1, './09-extended-auth-single.py'),
     (1, './09-extended-auth-unsupported.py'),
+    (1, './09-plugin-auth-acl-pub.py'),
     (1, './09-plugin-auth-acl-sub-denied.py'),
     (1, './09-plugin-auth-acl-sub.py'),
     (1, './09-plugin-auth-context-params.py'),