diff --git a/app/fax/app_defaults.php b/app/fax/app_defaults.php
index 9efab50752..9ae498c7fa 100644
--- a/app/fax/app_defaults.php
+++ b/app/fax/app_defaults.php
@@ -5,6 +5,27 @@ if ($domains_processed == 1) {
 	//define array of settings
 		$x = 0;
 		$array[$x]['default_setting_category'] = 'fax';
+		$array[$x]['default_setting_subcategory'] = 'allowed_extension';
+		$array[$x]['default_setting_name'] = 'array';
+		$array[$x]['default_setting_value'] = '.pdf';
+		$array[$x]['default_setting_enabled'] = 'true';
+		$array[$x]['default_setting_description'] = '';
+		$x = 0;
+		$array[$x]['default_setting_category'] = 'fax';
+		$array[$x]['default_setting_subcategory'] = 'allowed_extension';
+		$array[$x]['default_setting_name'] = 'array';
+		$array[$x]['default_setting_value'] = '.tif';
+		$array[$x]['default_setting_enabled'] = 'true';
+		$array[$x]['default_setting_description'] = '';
+		$x = 0;
+		$array[$x]['default_setting_category'] = 'fax';
+		$array[$x]['default_setting_subcategory'] = 'allowed_extension';
+		$array[$x]['default_setting_name'] = 'array';
+		$array[$x]['default_setting_value'] = '.tiff';
+		$array[$x]['default_setting_enabled'] = 'true';
+		$array[$x]['default_setting_description'] = '';
+		$x++;
+		$array[$x]['default_setting_category'] = 'fax';
 		$array[$x]['default_setting_subcategory'] = 'cover_logo';
 		$array[$x]['default_setting_name'] = 'text';
 		$array[$x]['default_setting_value'] = '';
diff --git a/app/fax/fax_emails.php b/app/fax/fax_emails.php
index 4b5da37c36..42715fc662 100644
--- a/app/fax/fax_emails.php
+++ b/app/fax/fax_emails.php
@@ -40,6 +40,17 @@ $prep_statement->execute();
 $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
 unset($sql, $prep_statement);
 
+function arr_to_map(&$arr){
+	if(is_array($arr)){
+		$map = Array();
+		foreach($arr as &$val){
+			$map[$val] = true;
+		}
+		return $map;
+	}
+	return false;
+}
+
 if (sizeof($result) != 0) {
 
 	//load default settings
@@ -61,6 +72,12 @@ if (sizeof($result) != 0) {
 	}
 	$fax_cover_font_default = $_SESSION['fax']['cover_font']['text'];
 
+	$fax_allowed_extension_default = arr_to_map($_SESSION['fax']['allowed_extension']);
+	if($fax_allowed_extension_default == false){
+		$tmp = Array('.pdf', '.tiff', '.tif');
+		$fax_allowed_extension_default = arr_to_map($tmp);
+	}
+
 	foreach ($result as $row) {
 		//get fax server and account connection details
 		$fax_uuid = $row["fax_uuid"];
@@ -97,6 +114,11 @@ if (sizeof($result) != 0) {
 			$fax_cover_font = $fax_cover_font_default;
 		}
 
+		$fax_allowed_extension = arr_to_map($_SESSION['fax']['allowed_extension']);
+		if($fax_allowed_extension == false){
+			$fax_allowed_extension = $fax_allowed_extension_default;
+		}
+
 		//load event socket connection parameters
 		$_SESSION['event_socket_ip_address'] = $event_socket['ip_address'];
 		$_SESSION['event_socket_port'] = $event_socket['port'];
@@ -211,27 +233,41 @@ if (sizeof($result) != 0) {
 					$fax_dir = $_SESSION['switch']['storage']['dir'].'/fax'.(($domain_name != '') ? '/'.$domain_name : null);
 
 					//handle attachments (if any)
+					$emailed_files = Array();
 					$attachments = $message['attachments'];
 					if (sizeof($attachments) > 0) {
-						$disallowed_file_extensions = explode(',','sh,ssh,so,dll,exe,bat,vbs,zip,rar,z,tar,tbz,tgz,gz');
 						foreach ($attachments as &$attachment) {
 							$fax_file_extension = pathinfo($attachment['name'], PATHINFO_EXTENSION);
-							if (in_array($fax_file_extension, $disallowed_file_extensions) || $fax_file_extension == '') { continue; } //block unauthorized files
 
-							if($attachment['disposition'] != 'attachment'){ continue; } //support only attachments
+							//block unknown files
+								if ($fax_file_extension == '') {continue; }
+							//block unauthorized files
+								if (!$fax_allowed_extension['.' . $fax_file_extension]) { continue; } 
+							//support only attachments
+								if($attachment['disposition'] != 'attachment'){ continue; } 
 
 							//store attachment in local fax temp folder
-							$local_filepath = $fax_dir.'/'.$fax_extension.'/temp/'.$attachment['name'];
-							file_put_contents($local_filepath, $attachment['data']);
+								$local_filepath = $fax_dir.'/'.$fax_extension.'/temp/'.$attachment['name'];
+								file_put_contents($local_filepath, $attachment['data']);
 
 							//load files array with attachments
-							$emailed_files['error'][] = 0;
-							$emailed_files['size'][] = $attachment['size'];
-							$emailed_files['tmp_name'][] = $attachment['name'];
-							$emailed_files['name'][] = $attachment['name'];
+								$emailed_files['error'][] = 0;
+								$emailed_files['size'][] = $attachment['size'];
+								$emailed_files['tmp_name'][] = $attachment['name'];
+								$emailed_files['name'][] = $attachment['name'];
 						}
 					}
 
+					//Debug print
+					print('***********************' . "\n");
+					print('fax message:' . "\n");
+					print(' - length: ' . strlen($fax_message) . "\n");
+					print('fax files [' . sizeof($emailed_files['name']) . ']:' . "\n");
+					for($i = 0; $i < sizeof($emailed_files['name']);++$i){
+						print(' - ' . $emailed_files['name'][$i] . ' - ' . $emailed_files['size'][$i] . "\n");
+					}
+					print('***********************' . "\n");
+
 					//send fax
 					$cwd = getcwd();
 					$included = true;