You want to send email via a CGI script without the use of any modules, because you cannot find out what modules the server has installed. This implies you don't have permission to be hosting CGI anyway (if you did, you could just ask what modules are installed. In fact, it's easy enough to test for a module's existance anyway.) You want to be able to spoof the timestamp, forge the sender's address, and allow for attachments. I assume you want to also allow the sender to specify the recipient.

Be very careful what you wish for. Yes, what you want can be done (though it's rather difficult to completely eradicate any indication of where an email came from), but you will end up with a fully functional spam host. Anyone using your website will be able to use it to relay spam to anyone else, forge the sender's email address, and all the routing information will trace back to YOU.

Update: You can communicate directly with sendmail. It's risky, and has to be done right. The script itself needs to contain within it the logic to dictate recipient email addresses. Otherwise, you have an open spam relay. The alternative would be to force the sender to establish a verified account. At that point you can open him/her up to more priviliges (such as being able to specify recipient), because hopefully you'll know who this user is, and be able to take action against him/her if (s)he uses your system in an abusive way.

It's shocking how easily an open email webpage can be used to automate large volumes of spam. All that is needed is for the user to set up his own script that forks a few times and then uses each of the children to fill in your webmail's forms and click send. In this way, large amounts of email can be sent to large groups of recipients in a pretty short time, and eventually someone will get angry enough to blocklist your IP address.