diff --git a/core/rspamd/conf/forbidden_file_extension.map b/core/rspamd/conf/forbidden_file_extension.map
new file mode 100644
index 00000000..15b12851
--- /dev/null
+++ b/core/rspamd/conf/forbidden_file_extension.map
@@ -0,0 +1,28 @@
+scr
+lnk
+exe
+msi
+msp
+mst
+msu
+jar
+com
+bat
+cmd
+ps1
+cab
+vbs
+vbe
+vbscript
+hta
+shs
+wsc
+wsf
+wsh
+iso
+img
+bin
+cpl
+jse
+ace
+arj
diff --git a/core/rspamd/conf/multimap.conf b/core/rspamd/conf/multimap.conf
index dd25c08e..7b929ef5 100644
--- a/core/rspamd/conf/multimap.conf
+++ b/core/rspamd/conf/multimap.conf
@@ -9,3 +9,16 @@ IS_LOCAL_DOMAIN_E {
   selector = "from('smtp'):domain";
   map = "http://{{ ADMIN_ADDRESS }}/internal/rspamd/local_domains";
 }
+
+FORBIDDEN_FILE_EXTENSION {
+    type = "filename";
+    filter = "extension";
+    map = [
+    "/etc/rspamd/override.d/forbidden_file_extension.map",
+    ];
+    prefilter = true;
+    action = "reject";
+    symbol = "FORBIDDEN_FILE_EXTENSION";
+    description = "List of forbidden file extensions";
+    message = "Forbidden attachment extension";
+}