He’s full of beans! You are right about the backdoor, but that most likely wouldn’t do him any good anyways. While all web servers keep track of the originating IP address for GETs/POSTs/whatever, this isn’t usually publicly available and he would have to know exactly where you posted and the exact time. Message Boards are static - you post, read, post, move on. You are not broadcasting an IP address while browsing - only during certain actions - like your browser will say “Hey, 10.10.1.1 here, I want this new web page” and the server will make sure you can get it and send it back to you. But you as Joe/Jane browser aren’t holding out a sign saying I’m such and such an IP address.
Another problem is that all Dial up and most all broadband services give out Dynamically assigned IP addresses (DHCP.) Your IP address today is different tomorrow, or the next time you dial up - so if he had your IP today, wouldn’t do him much good tomorrow. Business accounts are different, though. They need static IP addresses to host web pages, mail servers, etc.
And finally, even with your IP address - what is he going to do? Launch a Denial of service against you? Sniff on that port/scan it for vulnerabilities? Sure he could do that, but if he could do that, he’d be pretty stupid to tell you before hand.