When using safe_mode and open_basedir restrictions, then
src/compose.php is not allowed to move the uploaded attachement
from /tmp (standard) to the attachement dir.
The solution to add /tmp to the open_basedir is very unsave (session
files reside here too if not changed).
So a better solution is to use safe_mode and open_basedir and move
the uploded files with the function "move_uploaded_file()".
So here is my patch to squirrelmail 1.2.7 (attachement below)